Skip navigation
Skip navigation

Sourcefire Vulnerability Research Team Protects Users from Latest Microsoft Windows, Office, and SQL Server Vulnerabilities

Wokingham, UK – 10th September, 2008 – Open source innovator and SNORT® creator, Sourcefire, Inc. (Nasdaq: FIRE), a leader in Enterprise Threat Management, announced that the Sourcefire® Vulnerability Research Team (VRT) has delivered rules to protect Sourcefire customers and Snort users from the four Microsoft vulnerabilities disclosed today. These vulnerabilities impact Microsoft Windows, Office, Internet Explorer, .NET Framework, SQL Server and Visual Studio.

“Critical vulnerabilities, like the ones announced today, can cause huge security issues as they create holes for new exploits to quietly disrupt systems or steal information,” said Matt Watchinski, Senior Director of the Sourcefire Vulnerability Research Team. “The proactive protection offered by Sourcefire’s IPS, combined with the superior network visibility delivered by Sourcefire RNA™, provides our customers with a one-two punch for defending networks against zero-day attacks.”

Following Microsoft’s disclosure earlier today, the Sourcefire VRT created, tested and delivered Snort rules designed to detect attacks targeting the Microsoft vulnerabilities listed below. These new rules are included in the latest Sourcefire Security Enhancement Update (SEU) released today.

- Microsoft Security Bulletin MS08-052 – Critical Microsoft Windows GDI+ vulnerability could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content.

- Microsoft Security Bulletin MS08-053 – Critical Windows Media Encoder 9 Series vulnerability could allow remote code execution if a user viewed a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

- Microsoft Security Bulletin MS08-054 – Critical Windows Media Player vulnerability could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

- Microsoft Security Bulletin MS08-055 – Critical Microsoft Office vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

About the Sourcefire VRT

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activities, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

About Sourcefire Sourcefire, Inc. (Nasdaq: FIRE), Snort creator and open source innovator, is a world leader in Enterprise Threat Management (ETM) solutions. Sourcefire is transforming the way Global 2000 organizations and government agencies manage and minimize network security risks with its 3D Approach – Discover, Determine, Defend – to securing real networks. This ETM approach equips customers with an efficient and effective layered security defense – protecting network assets before, during and after an attack. Through the years, Sourcefire has been consistently recognized for its innovation and industry leadership by customers, media and industry analysts alike – with more than 40 awards and accolades. Today, the names Sourcefire and founder Martin Roesch have grown synonymous with innovation and network security intelligence. For more information about Sourcefire, please visit http://www.sourcefire.com.

SOURCEFIRE®, SNORT®, the Sourcefire logo, the Snort and Pig logo, SECURITY FOR THE REAL WORLD™, SOURCEFIRE DEFENSE CENTER™, SOURCEFIRE 3D™, RNA™, DAEMONLOGGER™, CLAMAV™, SOURCEFIRE SOLUTIONS NETWORK™, and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire, Inc. in the United States and other countries. Other company, product and service names may be trademarks or service marks of others.

# # #

Media Contact:

Paula Elliott
Managing Director
C8 Consulting Ltd
+44 (0) 118 9001132
+44 (0) 7894 339645
paula@c8consulting.co.uk

Investor Contact:
Tania Almond
Investor Relations Officer
Sourcefire, Inc
+ 1 410 423 1919
tania.almond@sourcefire.com

This press release was distributed by ResponseSource Press Release Wire on behalf of C8 Consulting in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.