Farnborough, United Kingdom – July 2009 (Eskenzi PR) - Cybercriminals are targeting yet another vulnerability in Microsoft product - the Microsoft Video ActiveX Control. The zero-day vulnerability that was found can be exploited via a malformed Web page.
The attack, that was already spotted in the wild, enables remote code execution (RCE) on the targeted machine. By exploiting this vulnerability cybercriminals are inserting a data-stealing Trojan to the victim’s machine.
For more information about this zero-day attack and a snapshot of the actual code visit Finjan’s blog at: http://www.finjan.com/MCRCblog.aspx?EntryId=2300
Microsoft has just released an Advisory about this vulnerability: http://www.microsoft.com/technet/security/advisory/972890.mspx
Microsoft is currently working to develop a security update for Windows to address this vulnerability.
Web security products utilizing real-time code analysis technologies are the preferred solution to block such 0-day attacks. Yuval Ben-Itzhak, Finjan CTO explains, “Finjan customers are protected from this zero-day attack as Finjan’s Vital Security Web Gateway is able to detect the exploit and block the attack without prior knowledge of the specific technique.”
Finjan’s MCRC specializes in the detection, analysis and research of web threats, including Crimeware, Web 2.0 attacks, Trojans and other forms of malware. Our goal is to be steps ahead of hackers and cybercriminals, who are attempting to exploit flaws in computer platforms and applications for their profit. In order to protect our customers from the next Crimeware wave and emerging malware and attack vectors, Finjan MCRC is a driving force behind the development of Finjan's next generation of security technologies used in our unified Secure Web Gateway solutions. For more information please also visit our info center and blog.
Secure Gateway provides organizations with a unified web security solution combining productivity, liability and bandwidth control via URL categorization, content caching and applications control technologies. Crimeware, malware and data leakage are proactively prevented via patented active real-time content inspection technologies and optional anti-virus modules. Powerful central management enables intuitive task-based policy management, excellent drill-down reporting capabilities and easy directory integration for all network implementation options. By integrating several security engines in a single dedicated appliance, Finjan’s comprehensive and integrated web security solution enables quick deployment, simplified management and reduction of costs. Business benefits include real-time web security (no patches or updates needed), lower total cost of ownership (TCO), cost savings in administration efforts, lower maintenance costs, and reduction in loss of productivity. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including Gartner, IDC, Butler Group, SC Magazine, eWEEK, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan’s award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit: www.finjan.com.
<>
Finjan Blocks New Zero-Day Attack on Microsoft Video ActiveX Control
Seed Newsvine