SOURCEFIRE DELIVERS SAME DAY PROTECTION FOR MICROSOFT TUESDAY VULNERABILITIES

Published 13th November 2008

Sourcefire Vulnerability Research Team Protects Users from Latest Microsoft Vulnerabilities

Wokingham, UK – 12th November 2008 – Open source innovator and SNORT® creator, Sourcefire, Inc. (Nasdaq: FIRE), a leader in Enterprise Threat Management, announced that the Sourcefire® Vulnerability Research Team (VRT) has delivered rules to protect Sourcefire customers and Snort users from the two Microsoft vulnerabilities disclosed today. These vulnerabilities impact Microsoft Windows and Microsoft Office.

“While the number of vulnerabilities announced this month are relatively small, they can have significant impact on users’ networks, which underscores the need for organizations to proactively secure their systems,” said Matt Watchinski, Senior Director of the Sourcefire Vulnerability Research Team. “Sourcefire’s participation in the Microsoft Active Protections Program (MAPP) helps us to quickly deliver protection for the latest threats, so that our customers receive the best possible protection.”

The Sourcefire VRT created, tested and delivered Snort rules designed to detect attacks targeting the Microsoft vulnerabilities listed below. These new rules are included in the latest Sourcefire Security Enhancement Update (SEU) released today.

− Microsoft Security Bulletin MS08-068 – Vulnerability in Microsoft Server Message Block (SMB) Protocol could allow remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
− Microsoft Security Bulletin MS08-069 – Multiple vulnerabilities exist in Microsoft XML Core Services, the most serious of which could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer.