Dedicated To Printer Hardware, Featuring News, Press Releases, IT Directory & Links
SOURCEFIRE DELIVERS SAME DAY PROTECTION FOR MICROSOFT
Published 15th October 2008
Sourcefire Vulnerability Research Team Protects Users from Latest Microsoft
Vulnerabilities
Columbia, MD – October 14, 2008 – Open source innovator and SNORT® creator,
Sourcefire, Inc. (Nasdaq: FIRE), a leader in Enterprise Threat Management, announced
that the Sourcefire® Vulnerability Research Team (VRT) has delivered rules to protect
Sourcefire customers and Snort users from the seven Microsoft vulnerabilities disclosed
today. These vulnerabilities impact Microsoft Windows, Internet Explorer, Microsoft
Office and Microsoft Host Integration Server.
“Through Sourcefire’s recently announced participation in the Microsoft Active
Protections Program, we will receive vulnerability information in advance of the monthly
security bulletins,” said Matt Watchinski, Senior Director of the Sourcefire Vulnerability
Research Team. “Our participation in this program will enhance the ability of the VRT to
deliver timely protection to our customers against new and dynamic threats.”
Following Microsoft’s disclosure earlier today, the Sourcefire VRT created, tested and
delivered Snort rules designed to detect attacks targeting the Microsoft vulnerabilities
listed below. These new rules are included in the latest Sourcefire Security Enhancement
Update (SEU) released today.
− Microsoft Security Bulletin MS08-057 – Critical vulnerabilities in Microsoft
Office Excel could allow remote code execution if a user opens a specially crafted
Excel file. An attacker who successfully exploited these vulnerabilities could take
complete control of an affected system.
− Microsoft Security Bulletin MS08-058 – Critical vulnerabilities could allow
information disclosure or remote code execution if a user views a specially crafted
Web page using Internet Explorer.
− Microsoft Security Bulletin MS08-059 – Critical vulnerability in Microsoft Host
Integration Server could allow remote code execution if an attacker sent a
specially crafted Remote Procedure Call (RPC) request to an affected system.
− Microsoft Security Bulletin MS08-060 – Critical vulnerability in
implementations of Active Directory on Microsoft Windows 2000 Servers
configured to be domain controllers could allow remote code execution if an
attacker gains access to an affected network.
− Microsoft Security Bulletin MS08-062 – Vulnerability in the Windows Internet
Printing Service could allow remote code execution in the context of the current
user. If a user is logged on with administrative user rights, an attacker who
successfully exploited this vulnerability could take complete control of an
affected system.
− Microsoft Security Bulletin MS08-063 – Vulnerability in Microsoft Server
Message Block (SMB) Protocol could allow remote code execution on a server
that is sharing files or folders. An attacker who successfully exploited these
vulnerabilities could install programs; view, change, or delete data; or create new
accounts with full user rights.
− Microsoft Security Bulletin MS08-065 – Vulnerability in the Message Queuing
Service (MSMQ) on Microsoft Windows 2000 systems could allow remote code
execution on Microsoft Windows 2000 systems with the MSMQ service enabled.
About the Sourcefire VRT
The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts
working to proactively discover, assess and respond to the latest trends in hacking
activities, intrusion attempts and vulnerabilities. This team is also supported by the vast
resources of the open source Snort community, making it the largest group dedicated to
advances in the network security industry.
About Sourcefire
Sourcefire, Inc. (Nasdaq: FIRE), Snort creator and open source innovator, is a world
leader in Enterprise Threat Management (ETM) solutions. Sourcefire is transforming the
way Global 2000 organizations and government agencies manage and minimize network
security risks with its 3D Approach – Discover, Determine, Defend – to securing real
networks. This ETM approach equips customers with an efficient and effective layered
security defense – protecting network assets before, during and after an attack. Through
the years, Sourcefire has been consistently recognized for its innovation and industry
leadership by customers, media and industry analysts alike – with more than 40 awards
and accolades. Today, the names Sourcefire and founder Martin Roesch have grown
synonymous with innovation and network security intelligence. For more information
about Sourcefire, please visit http://www.sourcefire.com.
SOURCEFIRE®, SNORT®, the Sourcefire logo, the Snort and Pig logo, SECURITY
FOR THE REAL WORLD™, SOURCEFIRE DEFENSE CENTER™, SOURCEFIRE
3D™, SOURCEFIRE RNA™, DAEMONLOGGER™, CLAMAV™, SOURCEFIRE
SOLUTIONS NETWORK™, and certain other trademarks and logos are trademarks or
registered trademarks of Sourcefire, Inc. in the United States and other countries. Other
company, product and service names may be trademarks or service marks of others.
# # #
Media Contact: Investor Contact:
Tony Welz Tania Almond
Principal Investor Relations Officer
Welz & Weisel Communications Sourcefire, Inc.
703.218.3555 x226 410.423.1919
tony@w2comm.com tania.almond@sourcefire.com