Zero Day Exploit Advisory: Secure Elements C5 Enterprise Vulnerability Management Suite Protects Against New Zero Day Exploit That Has No Patch Available

C5 EVM automates detection and remediation of new vulnerabilities even when a patch is not available.

Herndon, VA (PRWEB) August 18, 2005 -- Secure Elements today announced that it has provided users of the C5 Enterprise Vulnerability Management suite with complete, automated remediation for the vulnerability associated with the zero day exploit disclosed in the last 24 hours. Customers of Secure Elements were notified of the vulnerability, exploit, and recommendation remediation actions last evening.

Critical Alert: Microsoft Internet Explorer "Msdds.dll" Remote Code Execution vulnerability

FrSIRT has released an exploit code for a critical vulnerability in Microsoft Internet Explorer 6.0, which allows remote attackers to execute arbitrary code and take complete control of an affected system. The issue is due to a memory corruption error that occurs when instantiating the "Msdds.dll" object as an ActiveX control. The vulnerability has been confirmed on Microsoft Internet Explorer 6.0 on Microsoft Windows XP Service Pack 2.

The Secure Elements Security Lab engineers believe that this exploit has a high probability to be used to create a worm or virus in the near future, and have classified the vulnerability as Critical". While are not aware of a patch for this newly discovered vulnerability, one of our remediation countermeasures does mitigate this, and other, ActiveX based vulnerabilities and exploits that have no patch available.

C5 EVM users have been advised to deploy remediation SE-0002435 (Sets the Security level to High" in Internet Explorer) immediately due to the imminent threat represented by this zero day exploit.

Products Effected:
-- Microsoft Internet Explorer 6.0
-- Microsoft Internet Explorer 6.0 SP1
-- Microsoft Internet Explorer 6.0 for Windows XP SP2

References:
-- http://www.frsirt.com/english/advisories/2005/1450
-- http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php

Enterprises or others may contact Secure Elements at 1-800-709-5011 to obtain more information or schedule discussions with expert sources from Secure Elements.

About Secure Elements

Secure Elements, an enterprise vulnerability management leader, automates security remediation strategies and tactics across the entire enterprise, reducing business risk and IT management costs while improving systems performance and maintaining business continuity. Protecting mission critical and network infrastructure assets from both known and unknown attacks without limiting operational performance, the company rapidly identifies and intelligently responds to complex and diverse security incidents. Using real-time threat intelligence data and analysis, Secure Elements provides administrators with optimal security control across the enterprise. Herndon, Va.-based Secure Elements serves organizations in the federal government and critical infrastructure markets, as well as Global 1000 corporations.

Contact:
Scott Armstrong
Secure Elements
Phone: (703) 709-5011
http://www.secure-elements.com

# # #

secure elements c5 enterprise vulnerability management c5 evm frsirt

Bookmark -  Del.icio.us | Digg | Furl It | Spurl | RawSugar | Simpy | Shadows | Blink It | My Web

• Secure Elements' C5 Compliance Platform Now Provides for 'Green' IT Auditing, Extending SCAP Protocols to Encompass ENERGY STAR Settings 2008-08-13
• Secure Elements Recognized for Outstanding Contributions Advancing Leading Information Security Standard 2008-07-23
• Secure Elements Receives OVAL Repository Top Contributor Award for Advancing Open Information Security Content Standard 2008-04-30
• Secure Elements’ C5 Compliance Platform Procured for Use by the 27 President’s Management Agenda (PMA) Scorecard Agencies in Support of Federal Desktop Core Configuration (FDCC) Reporting Deadlines 2008-04-04
• Secure Elements Partners with HP to Offer NIST SCAP Validated Solutions to the U.S. Federal Government 2008-02-19