Information also in The Age newspaper at: http://www.theage.com.au/articles/2004/11/12/1100227567560.html
Press Release 165
SAN JOSE,CA , Nov 10, 2004 --
Finjan Software, the leading provider of proactive secure
content management solutions for enterprises, announces
today 10 serious security vulnerabilities discovered by
Finjan's Malicious Code Research Center (MCRC) in Windows®
XP Service Pack 2 (SP2) operating system.
"The recently released Service Pack 2 of Microsoft®
Windows® XP operating system offers certain features
of security," says Shlomo Touboul, CEO and Founder
of Finjan Software. "However, it suffers because it
is still basically the same operating system and has some
major flaws which compromise end-user security. By using
Finjan's proactive security solutions, based on our patented
behavior blocking technology on top of SP2, users can enjoy
a secure environment that protects them from such vulnerabilities".
Finjan has provided Microsoft with full technical details
concerning the vulnerabilities discovered by Finjan's Malicious
Code Research Center and has been assisting Microsoft to
patch these holes. In order to prevent the creation of malicious
viruses and worms, Finjan will not release any technical
details about these vulnerabilities until they are fully
patched by Microsoft.
"Windows® XP SP2 operating system is a continuation
of the same Windows XP Operating System and Windows Kernel.
All Windows versions have been developed with requirements
for highest backward compatibility and open architecture,
with maximum productivity and ease of use. In addition,
Windows® applications typically run with administrative
permission with full and unlimited access to computer resources",
continues Shlomo Touboul.
"This, together with the emerging technology of mobile
code has created a situation in which active content travels
freely over the web and gains full control of host computers.
These fundamentals create a green field for hackers shown
by constantly increasing attacks and damage over the last
few years. A security patch of Windows® operating system
without changing the rules of the game will not be enough
to fight the recent complex malicious code attacks such
as Scob, Mydoom, and others. End users and Enterprises must
add an independent security layer that is not dependent
on the above fundamentals. Application level behavior blocking
is the leading technology designed to immunize systems from
both known and unknown vulnerabilities and exploits; viruses,
worms, Trojans, spyware, phishing and other threats",
concluded Mr. Touboul.
More details on the Vulnerabilities
By exploiting all vulnerabilities discovered in SP2 by
Finjan, attackers can silently and remotely take over an
SP2 machine when the user simply browses a web page.
The following scenarios demonstrate some of the vulnerabilities
discovered by Finjan in SP2:
* Hackers can remotely access users' local files
Windows® XP SP2 is designed to deny access to a local
file in the course of Internet browsing. Therefore, any
attempt by a remote web page to access a local file in any
way other than downloading a file, is denied. Finjan has
shown that this feature can be remotely compromised by hackers.
*Hackers can switch between Internet Explorer Security
Zones to obtain rights of local zone
Internet Explorer uses the notion of security zones to differentiate
between mobile codes by their origin. In this way, for example,
the permissions of files running from the local hard drive
are much higher than the permissions of code downloaded
from the Internet. Finjan has shown that it is possible
to elevate the privilege level of mobile code downloaded
from the Internet. By gaining additional privileges, the
remote code could read, write and execute files on the user's
hard drive.
*Hackers can bypass SP2's notification mechanism on
the download and execution of EXE files and therefore download
files without any warning or notification
One of the mechanisms that have been implemented in SP2
is the verification of the download and the execution of
content arriving from the Internet. This mechanism is implemented
by three new features - an information bar inside Internet
Explorer which filters and blocks unauthorized operations
performed by web pages, a file download dialog which requires
the user's confirmation for file save and execution operations,
and an execution verification dialog. These features are
important to prevent unauthorized silent "drive-by"
installations of malicious software.
Finjan Customers Are Proactively Protected Against All
These Threats
Finjan enterprise customers using the latest releases of
Finjan's Vital Security(tm) products, and Finjan's small
and medium sized customers using the recently released 1Box(tm)
Series are proactively protected against these vulnerabilities,
as well as against other, not yet discovered ones.
About MCRC
Malicious Code Research Center (MCRC) is the leading research
department at Finjan Software, dedicated to the research
and detection of potential Internet and e-mail attacks.
MCRC's goal is to continue to be steps ahead of hackers
attempting to exploit open platforms and technologies to
develop next generation mobile malicious code, worms, Trojans,
viruses and spyware. MCRC researchers also contribute to
the development of next generation defense tools for Finjan's
proactive secure content management solutions. These specific
vulnerabilities were discovered by Mr. Ivgi, Security Researcher,
Finjan's MCRC department.
About Finjan
Finjan Software is the leading provider of proactive, behavior-based
secure content management solutions, protecting more than
3 million users from attacks, globally. Finjan surpasses
the levels of defense typically offered by reactive anti-virus
software solutions. Finjan uses its Vital Security(tm) platform
to determine actual code behavior and blocks any action
that violates predefined security policy. This superior
technology enables Finjan to protect users proactively by
responding to existing, and more importantly, yet to be
developed attacks. Analyst firm IDC, recognizes Finjan as
the leader in the worldwide malicious mobile code security
market. For more about Finjan Software and its proactive
protection solutions against threats driven by mobile malicious
code.
Copyright ©2004 Finjan Software, Inc., and/or its
subsidiaries. All rights reserved.
Finjan, Finjan logo, Vital Security, 1Box, Internet 1Box,
SSL 1Box, and Documents 1Box are trademarks or registered
trademarks of Finjan Software, Inc., and/or its subsidiaries.
Microsoft, Windows, Windows XP are either registered trademarks
or trademarks of Microsoft Corporation. All other registered
and unregistered trademarks in this document are the sole
property of their respective owners. The Finjan Software
products described in this document are protected by one
or more of the following U.S. Patents: 6092194, 6167520,
6480962, 6209103, 6298446, and 6353892 and may be protected
by other U.S. Patents, foreign patents, or pending applications.
