Finjan Software, the leading provider of proactive secure content management solutions for enterprises, announces today 10 serious security vulnerabilities discovered by Finjan’s Malicious Code Research Center (MCRC) in Windows® XP Service Pack 2 (SP2) operating system.
"The recently released Service Pack 2 of Microsoft® Windows® XP operating system offers certain features of security," says Shlomo Touboul, CEO and Founder of Finjan Software. "However, it suffers because it is still basically the same operating system and has some major flaws which compromise end-user security. By using Finjan’s proactive security solutions, based on our patented behavior blocking technology on top of SP2, users can enjoy a secure environment that protects them from such vulnerabilities".
Finjan has provided Microsoft with full technical details concerning the vulnerabilities discovered by Finjan’s Malicious Code Research Center and has been assisting Microsoft to patch these holes. In order to prevent the creation of malicious viruses and worms, Finjan will not release any technical details about these vulnerabilities until they are fully patched by Microsoft.
"Windows® XP SP2 operating system is a continuation of the same Windows XP Operating System and Windows Kernel. All Windows versions have been developed with requirements for highest backward compatibility and open architecture, with maximum productivity and ease of use. In addition, Windows® applications typically run with administrative permission with full and unlimited access to computer resources", continues Shlomo Touboul.
"This, together with the emerging technology of mobile code has created a situation in which active content travels freely over the web and gains full control of host computers. These fundamentals create a green field for hackers shown by constantly increasing attacks and damage over the last few years. A security patch of Windows® operating system without changing the rules of the game will not be enough to fight the recent complex malicious code attacks such as Scob, Mydoom, and others. End users and Enterprises must add an independent security layer that is not dependent on the above fundamentals. Application level behavior blocking is the leading technology designed to immunize systems from both known and unknown vulnerabilities and exploits; viruses, worms, Trojans, spyware, phishing and other threats", concluded Mr. Touboul.
More details on the Vulnerabilities
By exploiting all vulnerabilities discovered in SP2 by Finjan, attackers can silently and remotely take over an SP2 machine when the user simply browses a web page.
The following scenarios demonstrate some of the vulnerabilities discovered by Finjan in SP2:
- Hackers can remotely access users' local files Windows® XP SP2 is designed to deny access to a local file in the course of Internet browsing. Therefore, any attempt by a remote web page to access a local file in any way other than downloading a file, is denied. Finjan has shown that this feature can be remotely compromised by hackers.
- Hackers can switch between Internet Explorer Security Zones to obtain rights of local zone Internet Explorer uses the notion of security zones to differentiate between mobile codes by their origin. In this way, for example, the permissions of files running from the local hard drive are much higher than the permissions of code downloaded from the Internet. Finjan has shown that it is possible to elevate the privilege level of mobile code downloaded from the Internet. By gaining additional privileges, the remote code could read, write and execute files on the user’s hard drive.
- Hackers can bypass SP2’s notification mechanism on the download and execution of EXE files and therefore download files without any warning or notification,
One of the mechanisms that have been implemented in SP2 is the verification of the download and the execution of content arriving from the Internet. This mechanism is implemented by three new features – an information bar inside Internet Explorer which filters and blocks unauthorized operations performed by web pages, a file download dialog which requires the user’s confirmation for file save and execution operations, and an execution verification dialog. These features are important to prevent unauthorized silent “drive-by” installations of malicious software.