GFI MailSecurity’s exploit engine safeguards against new high risk Outlook vulnerability

Monday
00:20:52
March
15 2004

GFI MailSecurity’s exploit engine safeguards against new high risk Outlook vulnerability

GFI MailSecurity will detect any new virus that attempts to exploit Outlook 2002 vulnerability

View 136.6K

word 832 read time 4 minutes, 9 Seconds

GFI released an update to its email exploit engine today which can detect any viruses that exploit a newly discovered Outlook 2002 vulnerability. The new Outlook vulnerability, MS04-009, was yesterday upgraded to “high risk” by Microsoft Corp, which issued a patch against it on Tuesday (more details at http://www.microso...letin/ms04-009.mspx ). The vulnerability is related to the way mailto URLs are handled and could allow Internet Explorer to execute code on affected machines.

To exploit this vulnerability, attackers could simply create an HTML email that either lures the recipient into clicking a link in the message body or that contains a fake image that can automatically launch a link without requiring user intervention. The payload of such an attack could include running JavaScript under the My Computer (local) Security Zone. This means that the attacker could execute code on the local disk of unpatched machines and/or access user files.

New viruses based on this exploit can be caught by GFI’s gateway-level exploit engine
Users of GFI MailSecurity for Exchange/SMTP " GFI’s email content checking, exploit detection, threats analysis and anti-virus solution " simply need to download the latest exploit engine updates to allow GFI MailSecurity to detect any new viruses that use this exploit to propagate and infect systems. Information on how to update the GFI MailSecurity exploits database and technical information about the exploit are available at http://www.gfi.com.../ms04009exploit.htm .

The difference between a virus engine and an exploit engine
Anti-virus software is designed to detect known malicious code. An email exploit engine takes a different approach: it analyses the code for exploits that could be malicious. Email exploit detection software analyzes emails for exploits - i.e., it scans for methods used to exploit the OS, email client or Internet Explorer - that can permit execution of code or a program on the user's system. It does not check whether the program is malicious or not. It simply assumes there is a security risk if an email is using an exploit in order to run a program or piece of code.

In this manner, an email exploit engine works like an intrusion detection system for email. The email exploit engine might cause more false positives, but it adds a new layer of security that is not available in a normal anti-virus package, simply because it uses a totally different way of securing email.

An exploit engine needs to be updated less frequently than an anti-virus engine because it looks for a method rather than a specific virus. Although keeping exploit and anti-virus engines up-to-date involve very similar operations, the results are different. Once an exploit is identified and incorporated in GFI MailSecurity’s exploit engine, that engine can protect against any new virus that is based on a known exploit. That means the exploit engine will catch the virus even before the anti-virus vendor is aware of its emergence, and certainly before the anti-virus definition files have been updated to counter the attack.-  Further information is available at http://www.gfi.com...wpexploitengine.htm .

About GFI MailSecurity for Exchange/SMTP
GFI MailSecurity for Exchange/SMTP is an email content checking, exploit detection, threats analysis and anti-virus solution that removes all types of email-borne threats before they can affect an organization's email users. GFI MailSecurity's key features include multiple virus engines, to guarantee higher detection rate and faster response to new viruses; email content and attachment checking, to quarantine dangerous attachments and content; an exploit shield, to protect against present and future viruses based on exploits (e.g., Nimda, Bugbear); an HTML threats engine, to disable HTML scripts; a Trojan & Executable Scanner, to detect malicious executables; and more. Further information and a full evaluation version are available at http://www.gfi.com/mailsecurity/ .

About GFI
GFI is a leading provider of Windows-based network security, content security and messaging software. Key products include the GFI FAXmaker fax connector for Exchange and fax server for networks; GFI MailSecurity email content/exploit checking and anti-virus software; GFI MailEssentials server-based anti-spam software; GFI LANguard Network Security Scanner (N.S.S.) security scanning and patch management software; GFI Network Server Monitor that automatically sends alerts, and corrects network and server issues; and GFI LANguard Security Event Log Monitor (S.E.L.M.) that performs event log based intrusion detection and network-wide event log management. Clients include Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has offices in the US, the UK, Germany, Cyprus, Romania, Australia and Malta, and operates through a worldwide network of distributors. GFI is a Microsoft Gold Certified Partner and has won the Microsoft Fusion (GEM) Packaged Application Partner of the Year award.

All product and company names herein may be trademarks of their respective owners.

Source by press


LSNN is an independent editor which relies on reader support. We disclose the reality of the facts, after careful observations of the contents rigorously taken from direct sources, we work in the direction of freedom of expression and for human rights , in an oppressed society that struggles more and more in differentiating. Collecting contributions allows us to continue giving reliable information that takes many hours of work. LSNN is in continuous development and offers its own platform, to give space to authors, who fully exploit its potential. Your help is also needed now more than ever!

In a world, where disinformation is the main strategy, adopted to be able to act sometimes to the detriment of human rights by increasingly reducing freedom of expression , You can make a difference by helping us to keep disclosure alive. This project was born in June 1999 and has become a real mission, which we carry out with dedication and always independently "this is a fact: we have never made use of funds or contributions of any kind, we have always self-financed every single operation and dissemination project ". Give your hard-earned cash to sites or channels that change flags every time the wind blows , LSNN is proof that you don't change flags you were born for! We have seen the birth of realities that die after a few months at most after two years. Those who continue in the nurturing reality of which there is no history, in some way contribute in taking more and more freedom of expression from people who, like You , have decided and want to live in a more ethical world, in which existing is not a right to be conquered, L or it is because you already exist and were born with these rights! The ability to distinguish and decide intelligently is a fact, which allows us to continue . An important fact is the time that «LSNN takes» and it is remarkable! Countless hours in source research and control, development, security, public relations, is the foundation of our basic and day-to-day tasks. We do not schedule releases and publications, everything happens spontaneously and at all hours of the day or night, in the instant in which the single author or whoever writes or curates the contents makes them public. LSNN has made this popular project pure love, in the direction of the right of expression and always on the side of human rights. Thanks, contribute now click here this is the wallet to contribute


Similar Articles / GFI Mail...erability
from: ladysilvia
by: Comune_di_Milano