IBM Protects Customers From Microsoft Vulnerabilities

IBM has promised to use its 'Internet Security Systems' to help customers to all possible extent in tackling recent Microsoft vulnerabilities. This was decided after IBM 'Internet Security Systems' found a flaw in Microsoft's 'XML HTTP request handling' being used by cyber-criminals through IE November this year. Hackers can use the flaw to remotely employ malicious code on a prey's computer to gain access to sensitive information and corporate networks.

During the time when the exploit was discovered early this month, IBM products had already launched 'preemptive protection' for this threat for the benefit of its customers. These protections were the "Buffer Overflow Exploit Prevention" (BOEP) solution and "Protocol Analysis Module" (PAM). These 'intrusion prevention and detection' technologies are central to IBM security systems. IBM cautioned Microsoft of its discovery and provided additional protection to its customers.

According to Lamar Bailey, 'senior operations manager' for the IBM 'X-Force research and development team', this particular attack to Microsoft's 'XML HTTP request handling' indicates the critical need for 'preemptive protection'. Bailey added that organizations without proactive security technologies would dangerously expose themselves to attack by zero-day exploits such as in the case of the present vulnerability.

Today, IBM is aiding protection to another latest critical threat to Microsoft users. This vulnerability is a remote code execution in Microsoft 'Workstation Service', which connects clients to Windows networking services and is a default run-up on Microsoft 'Operating Systems'.
As per X-Force, this vulnerability is easily exploitable and its success can provide the attacker total access on the target machine. The service is remotely accessible in Windows XP requiring authentication. However, such authentication is not necessary in Windows 2000, making the vulnerability extremely dangerous to Windows 2000 networks. This vulnerability can face exploitation by worms or other malware as well.

Bailey also said that IBM expects to see more browser vulnerabilities coming up. Since the modern web browsers are so complex, they become popular targets for malware distributors. IBM's news release says that many of these vulnerabilities in Microsoft products were exploited since September. But it assures its customers full safety and protection from those vulnerabilities.

Related article: IBM Mainframes’ Vulnerability to Attacks

» SPAMfighter News - 11/22/2006