Gisteren zijn weer een vijftal nieuwe gaten in Microsoft Windows bekend gemaakt. Virusschrijvers maken gebruik van dit soort zwakheden in de Windows software bij het ontwikkelen van nieuwe virussen. Op deze manier ontstaat een soort kat-en-muis spel tussen Microsoft en de antivirusbedrijven aan de ene kant, en de virusschrijvers aan de andere kant. Wie is er eerder, het virus of de patch?
Met de intrusion prevention oplossingen van Network Associates is die vraag niet langer relevant. De software van Network Associates kan nu al aanvallen op de gaten ontdekken en stoppen. Meer informatie hierover treft u aan in de onderstaande media advisory.
Een expert van Network Associates legt u graag het verschil tussen proactieve en meer tradiionele, reactieve beveiliging uit. Als u hierin geonteresseerd zou zijn kunt u natuurlijk altijd even contact opnemen.
Met vriendelijke groet,
Jurriaan Trommels
Account Executive
Text 100 Public Relations
Global High Tech Public Relations
Technology Marketing PR Agency of the Year 2003
Van Diemenstraat 164-166, 1013 CN Amsterdam
Tel: +31 20 530 4348
Fax: +31 20 530 4331
Email: jurriaan.trommels@text100.nl
URL: http://www.text100.com
Security Advisory: Network Associates(R) Protects Against New Microsoft Windows Vulnerabilities Disclosed Today
McAfee(R) Protection-In-Depth(TM) Strategy Provides Complete System and Network Protection to Identify and Block Attacks
SANTA CLARA, October 15 2003 -- Network Associates, Inc., (NYSE: NET), the leading provider of intrusion prevention solutions, today announced that it is providing comprehensive system and network protection for the recently discovered Microsoft vulnerabilities, MS03-041, MS03-042, MS03-043, MS03-044 and MSO3-045 with McAfee(R) Entercept(R), McAfee(R) IntruShield(R), McAfee(R) WebShield(R), McAfee(R) GroupShield(TM), McAfee(R) Desktop Firewall and Sniffer(R) Distributed, Sniffer Portable, Netasyst(TM) Network Analyzer, InfiniStream(TM) Security Forensics, Magic Solutions(R) and McAfee(R) Threatscan(TM). Network Associates(R) is recommending that users deploy these technologies to identify and block attempts to exploit the vulnerabilities disclosed by Microsoft today. These vulnerabilities carry a range of implications, including the ability for an attacker to mount a Denial of Service attack, to run arbitrary code on a targeted machine, or to take over the targeted machine altogether.
Network Associates McAfee Protection-in-Depth Strategy delivers the industry's only complete set of system and network protection solutions differentiated by intrusion prevention technology that can detect and block attempts to attack these and other vulnerabilities.
Microsoft Vulnerabilities
Microsoft today published an advisory regarding the following vulnerabilities:
- MS03-041-Vulnerability in Authenticode Verification Could Allow Remote Code Execution
- MS03-042-Buffer Overflow in Windows Troubleshooter ActiveX Control Code
- MS03-043-Buffer Overrun in Messenger Service Could Allow Code Execution
- MS03-044-Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise
- MS03-045-Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution
Scope
An attacker can exploit these vulnerabilities by using them to run arbitrary code on a targeted machine. This would allow the attacker to take over control of that machine, use it to launch a further attack, or to deny the use of that machine and its applications to legitimate users.
Network Associates McAfee(R) Protection-In-Depth(TM) strategy provides complete system and network protection for these vulnerabilities with McAfee Entercept, McAfee IntruShield, McAfee WebShield, McAfee GroupShield, McAfee Desktop Firewall and Sniffer Distributed, Sniffer Portable, Netasyst Network Analyzer, and InfiniStream Security Forensics, Magic Solutions and McAfee Threatscan.
Solution
McAfee Entercept provides patented protection against code execution for all of the buffer overflow/overrun vulnerabilities with its first and only patented buffer overflow technology, including the MS03-042, MS03-043, MS03- 044 and MS03-045 vulnerabilities. The McAfee Entercept solution provides patented protection against exploitation by code execution as a result of buffer overflows, protecting the integrity of the server. This protection functions whether or not the server has the latest security patch installed.
The McAfee Entercept solution and its patented technology safeguards servers against buffer overflows, without any signature or code updates.
McAfee IntruShield stops the MS03-043 vulnerability, enabling companies to be safe now without having to rush to patch all of their vulnerable systems.
McAfee IntruShield users with 1.5.18.1 signature set or later will receive alerts on attacks exploiting this vulnerability. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.
McAfee WebShield appliances scan SMTP, HTTP, FTP and POP3 traffic for hostile code or malicious content, and are able to block the MS03-041 and
MS03-042 vulnerability. The HTTP scanning options can be used to block Active X, Java applets and scripting languages. The SMTP scanning options in the WebShield appliance (gateway) can be set to content filter Active X attachments by the attachments extension.
McAfee GroupShield stops the MS03-041 vulnerability. GroupShield protects users from viruses and other malicious code, including Internet worms, Web attacks, Lotus Script, button bombs, infected email. McAfee GroupShield also provides comprehensive content filtering and provides proactive virus defense.
The content/attachment filtering options in GroupShield Exchange and GroupShield Domino (Mail server) can be set to filter the Active X attachments by the attachment's extension.
McAfee Desktop Firewall stops the MS03-043 vulnerability. Desktop Firewall controls application execution and network access (application and packet) on Windows hosts, which provides lockdown to reduce the risk from attack, including, malicious code. Desktop Firewall can be used to lockdown unused ports & protocols and define which applications may use to communicate through those required.
Sniffer Filters allow network managers to monitor, capture, and display particular packets of data. Filters can identify a range of network anomalies from peculiar packets of data to unusual peaks in traffic. But one of the most important functions of a filter is to alert network managers to the presence of malicious traffic. In addition, InfiniStream(TM) Security Forensics mining capabilities can accurately pin point the infected machines, and the source of infection, reducing mean time to resolution and the chances of reoccurrence.
McAfee ThreatScan proactively scans and reports on unprotected, unmanaged, virus-vulnerable and infected machines in your enterprise. McAfee ThreatScan can detect the installation of the MS03-040 patch, as advised in MS03-041 and
MS03-042 , as well as detecting the workaround conditions (Disable downloading of ActiveX controls in the Internet zone. -Restrict Web sites to only trusted Web sites) by performing a Remote Host Audit task. For MS03-043, McAfee ThreatScan can retrieve a list of all services running on a target computer.
This is done with a Resource Discovery task. By scanning for services an administrator could determine which computers have the messenger service enabled.
Magic Solutions is a remediation management that enables service desk teams to prioritize and assign the process of updating critical network servers.
Network Associates recommends that users affected by the Microsoft vulnerabilities deploy the necessary patches and adhere to Microsoft's security recommendations. Users affected by these specific vulnerabilities should update their systems with the necessary patch available on the Microsoft web site at:
http://www.microsoft.com/security/security_bulletins/20031015_windows.asp and restart the server.
Information on the Network Associates technologies to provide complete system and network protection can be found online at the Network Associates site located at http://www.networkassociates.com.
McAfee System Protection Solutions
McAfee System Protection Solutions secure all layers of desktop and server systems and applications. Best-of-breed system protection solutions in the portfolio include McAfee anti-virus, McAfee(R) ThreatScan(TM) for viral vulnerability assessment, McAfee Entercept preventing system intrusions, and McAfee(R) SpamKiller(TM) to block unsolicited e-mail. These products are all centrally managed by the company's industry leading McAfee(R) ePolicy Orchestrator(TM) (ePO) which delivers policy management and reporting of both McAfee and third-party security products.
McAfee Network Protection Solutions
McAfee Network Protection Solutions keep both large and smaller distributed networks up and protected from attacks. Best-of-breed network protection solutions in the portfolio include the Sniffer Network Protection Platform for performance management and fault identification, InfiniStream performing security forensics on network activity, Network Performance Orchestrator(TM) (nPO(TM)) for centralizing and managing network activity, and McAfee IntruShield delivering network-based intrusion prevention.
About Network Associates
With headquarters in Santa Clara, Calif., Network Associates, Inc. (NYSE:
NET) creates best-of-breed computer security solutions that prevent intrusions on networks and protect computer systems from the next generation of blended attacks and threats. Offering two families of products, McAfee System Protection Solutions, securing desktops and servers, and McAfee Network Protection Solutions, ensuring the protection and performance of the corporate network, Network Associates offers computer security to large enterprises, governments, small and medium sized businesses, and consumers. These two product portfolios incorporate Network Associates leading McAfee Security, Sniffer Technologies and Magic Solutions(R) product lines. For more information, Network Associates can be reached at 972-963-8000 or on the Internet at http://www.networkassociates.com/ .
NOTE: Network Associates, McAfee, Sniffer, Magic Solutions, ePolicy Orchestrator, ePO, Network Performance Orchestrator, nPO, IntruShield, Entercept, ThreatScan, and InfiniStream are registered trademarks or trademarks of Network Associates, Inc. and/or its affiliates in the United States and/or other countries. Sniffer(R) brand products are made only by Network Associates, Inc. All other registered and unregistered trademarks herein are the sole property of their respective owners.