Welcome!

Cloud Security Authors: Elizabeth White, Liz McMillan, Pat Romanski, Zakia Bouachraoui, Yeshim Deniz

Related Topics: Cloud Security

News Feed Item

Finjan Identifies Important Vulnerability in Windows Vista's Contact Gadget, Leading to a Security Update Issued by Microsoft

Finjan Identifies Important Vulnerability in Windows Vista's Contact Gadget, Leading to a Security Update Issued by Microsoft

SAN JOSE, California, August 15 /PRNewswire/ --

- Vulnerability Discovered by Finjan's Malicious Code Research Center (MCRC) in Vista Contact Gadget can Lead to Remote Code Execution

Finjan Inc., a leader in secure web gateway products, announced that a new Windows Vista security update released by Microsoft as part of its monthly security update resulted from security research by Finjan's Malicious Code Research Center (MCRC). The discovery of the vulnerability by Finjan's Malicious Code Research Center (MCRC) and Finjan's prompt action to alert Microsoft reflect the commitment of the two companies to work together to counter security threats posed by malicious hacker attacks to PC and Internet users.

More about this vulnerability can be found in Microsoft's Security Bulletin , http://www.microsoft.com/technet/security/current.aspx .

The vulnerability associated with Windows Vista's Contact gadget could potentially lead to remote code execution on the Vista platform. An attacker could exploit the vulnerability with minimal user interaction with the Contact gadget that is available in Windows Vista.

Finjan has made a short video showing the exploit in action, http://www.finjan.com/MCRCblog.aspx, available on its web site. Finjan recently presented findings related to the entire field of Widgets and Gadgets, and the implications for vendors using them, in the recent DefCon event held in Las-Vegas during the beginning of August.

Finjan provided Microsoft with full technical details, including proof-of-concept, concerning this vulnerability and worked with Microsoft until a fix was ready to be released to customers. "This discovery is the latest example of the close cooperation between our Malicious Code Research Center and Microsoft with the goal of securing users from potential malicious attacks," said Finjan CTO Yuval Ben-Itzhak. "Security is an industry problem and this type of collaboration and cooperation is critical to helping protect people using the Internet."

Ben-Itzhak noted that Finjan's patented real-time content inspection technology has demonstrated a solid track record in protecting Windows users against web exploits. Finjan's Vital Security(TM) Web appliances are free from the recent false positive problems associated with several anti-malware products as discussed in http://www.theregister.co.uk/2007/08/03/64bitvista_av_tests/

About MCRC

Malicious Code Research Center (MCRC) is the leading research department at Finjan, dedicated to the research and detection of security vulnerabilities in Internet applications, as well as other popular programs. MCRC's goal is to stay steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as Spyware, Trojans, Phishing attacks, worms and viruses. MCRC shares its research efforts with many of the world's leading software vendors to help patch their security holes. MCRC is a driving force behind the development of next generation security technologies used in Finjan's proactive web security solutions. For more information, visit our website: http://www.finjan.com/SecurityLab.aspx?id=547

About Finjan

Finjan is a global provider of secure web gateway solutions for the enterprise market. Our real-time, appliance-based web security solutions deliver the most effective shield against web-borne threats, freeing enterprises to harness the web for maximum commercial results. Finjan's real-time web security solutions utilize patented real-time content inspection technology to repel all types of threats arriving via the web, such as spyware, phishing, Trojans, obfuscated code and other malicious code, securing businesses against unknown and emerging threats, as well as known malware. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including IDC, Butler Group, SC Magazine, eWEEK, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan's award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit http://www.finjan.com.

(c) Copyright 1996-2007. Finjan Software Inc. and its affiliates and subsidiaries. All rights reserved. All text and figures included in this publication are the exclusive property of Finjan and are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, use or sell any part of its content in any way without the express permission in writing from Finjan. Information in this document is subject to change without notice and does not present a commitment or representation on the part of Finjan. The Finjan technology and/or products and/or software described and/or referenced to in this material are protected by registered and/or pending patents including U.S. Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662, 6965968, 7058822, 7076469, 7155743, 7155744, 7185358 and may be protected by other U.S. Patents, foreign patents, or pending applications.

Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and Window-of-Vulnerability are trademarks or registered trademarks of Finjan Inc., and/or its affiliates and subsidiaries. All other trademarks are the trademarks of their respective owners.

Media Contacts United States Jan Wiedrick-Kozlowski Activa PR Tel: +1-585-392-7878 [email protected] UK Neil Stinchcombe Eskenzi PR Ltd. Tel: +44-(0)-208-449-1007 [email protected]

Finjan Software

Media Contacts: United States, Jan Wiedrick-Kozlowski, Activa PR, Tel. +1-585-392-7878, [email protected]; UK, Neil Stinchcombe, Eskenzi PR Ltd., Tel: +44-(0)-208-449-1007, [email protected]

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
CloudEXPO has been the M&A capital for Cloud companies for more than a decade with memorable acquisition news stories which came out of CloudEXPO expo floor. DevOpsSUMMIT New York faculty member Greg Bledsoe shared his views on IBM's Red Hat acquisition live from NASDAQ floor. Acquisition news was announced during CloudEXPO New York which took place November 12-13, 2019 in New York City.
OpsRamp is an enterprise IT operation platform provided by US-based OpsRamp, Inc. It provides SaaS services through support for increasingly complex cloud and hybrid computing environments from system operation to service management. The OpsRamp platform is a SaaS-based, multi-tenant solution that enables enterprise IT organizations and cloud service providers like JBS the flexibility and control they need to manage and monitor today's hybrid, multi-cloud infrastructure, applications, and wor...
The Master of Science in Artificial Intelligence (MSAI) provides a comprehensive framework of theory and practice in the emerging field of AI. The program delivers the foundational knowledge needed to explore both key contextual areas and complex technical applications of AI systems. Curriculum incorporates elements of data science, robotics, and machine learning-enabling you to pursue a holistic and interdisciplinary course of study while preparing for a position in AI research, operations, ...
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
Tapping into blockchain revolution early enough translates into a substantial business competitiveness advantage. Codete comprehensively develops custom, blockchain-based business solutions, founded on the most advanced cryptographic innovations, and striking a balance point between complexity of the technologies used in quickly-changing stack building, business impact, and cost-effectiveness. Codete researches and provides business consultancy in the field of single most thrilling innovative te...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
Intel is an American multinational corporation and technology company headquartered in Santa Clara, California, in the Silicon Valley. It is the world's second largest and second highest valued semiconductor chip maker based on revenue after being overtaken by Samsung, and is the inventor of the x86 series of microprocessors, the processors found in most personal computers (PCs). Intel supplies processors for computer system manufacturers such as Apple, Lenovo, HP, and Dell. Intel also manufactu...