Nevis Labs Identifies Vulnerabilities in Microsoft Windows Live OneCare
Welcome to TMCnet.com
TMC Launches New Web Sites: Cable WiMAX   |    ITEXPO West begins in:   Register Now!
Columnists:
...more
E-mail this page to a friend Order reprints online Print this page Bookmark this page Free magazines Free newsletters RSS-XML alerts
Digg this article!

TMCNet: Nevis Labs Identifies Vulnerabilities in Microsoft Windows Live OneCare

[May 14, 2008]

Nevis Labs Identifies Vulnerabilities in Microsoft Windows Live OneCare

MOUNTAIN VIEW, Calif. --(Business Wire)-- Nevis Networks, a market leader in secure switching and identity-based policy enforcement appliances, today announced that Nevis Labs has identified vulnerabilities in Microsoft Windows Live OneCare. 



















						






Affected Product/Versions: Windows Live OneCare less than 2.0.2500
              Windows Defender and ForeFront are also
              affected.


Product Overview: Windows Live OneCare is a new, subscription-based service provided by Microsoft to protect Windows computers. OneCare provides anti-virus protection, a two-way firewall, a back-up utility and system tune-ups.



For more information visit http://onecare.live.com/.

Vulnerability Details: These vulnerabilities allow remote unauthenticated attackers to launch a Denial of Service (DoS) attack on the Windows Live OneCare/Windows Defender/ForeFront. No user interaction is required. There are various ways to exploit these vulnerabilities. It can be done through sending email to victim's Mail server, convincing victim to visit website, transferring files through P2P/IM.

The first flaw exists within the parsing of the certain size field in the PE file. By setting this field to an overly large value, the vulnerable antivirus software will "eat" several Giga bytes disk space, which result in a disk space based DoS, especially for the antivirus installed on the server side.

The second flaw also exists within the parsing PE file. By crafting a malformed PE file, the vulnerable antivirus software will crash with memory corruption while scanning this file.

Vendor Response / Solution: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/Bulletin/MS08-029.mspx.

Reference:

1. http://www.microsoft.com

2. http://www.nevisnetworks.com/services.php?id=10

3. http://secway.org/

For more information: http://www.nevisnetworks.com

About Nevis Networks

Nevis Networks is a market leader in secure switching and identity-based policy enforcement appliances. The company's LANenforcer product family transparently enforces identity-based policies in real time within the network fabric, tightly controlling who can access a company's network and what resources they are permitted to use. Cross-industry customers, ranging from financial services, healthcare, education and defense contractors deploy Nevis LANenforcers to protect sensitive network resources and assets, and significantly reduce the overall costs and time to resolve security breaches and conduct network audits. The company is headquartered in Mountain View, CA, with additional R&D centers in Pune, India and Beijing, China. http://www.nevisnetworks.com

[ Back To TMCnet.com's Homepage ]

Digg this article!
Discussions:
Be the first to post a comment on this page!
 
By  
TMCnet
+ Add to the Discussion

Video: Tech Test: Polaroid PoGo Pocketable, Practical

Polaroid is abandoning instant film, but if you're going to miss the feel of getting a small print in your hand a minute after shooting, the company has a solution: a battery-powered printer that fits in your pocket. (June 19)

Video: List of most fuel-efficient cars released

Consumer Reports has just come out with a listing of the best fuel-efficient vehicles on the road. It's based on the price paid divided by overall miles per gallon.

Video: Samsung Battles Apple's iPhone

Samsung to battle Apple's iPhone with Omnia Touchscreen Mobile; Samsung's Omnia will be commercially launched in Southeast Asia; Samsung and Nokia took global market share from Motorola last quarter; Analysis by Youngcho Chi, Samsung Electronics Senior VP

Featured White Papers  |  Featured White Papers from White Paper Library, research using the library of white papers for the latest white papers
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
Top Stories   |   Top Stories
---------------------------
---------------------------
---------------------------
---------------------------
---------------------------


Related VoIP News   |   Latest News

E-mail this page to a friend Order reprints online Print this page Bookmark this page Free magazines Free newsletters RSS-XML alerts
  2008 TMC Labs Innovation Award Winners Announced Presented By INTERNET TELEPHONY Magazine
  White Paper Library Re-Launched On TMCnet
  Introducing the 2008 IPTV Excellence Award Presented by INTERNET TELEPHONY Magazine
  TMCnet Welcomes New Columnist Peter Brockmann
  INTERNET TELEPHONY Conference & EXPO West 2008 Exhibit Hall Nearing Capacity for Fall Event
  Customer Interaction Solutions Announces 2008 IP Contact Center Technology Pioneer Award Winners
  Customer Interaction Solutions Magazine Names Brendan B. Read Senior Contributing Editor
  TMC Schedules Internet Telephony Conference & Expo West 2008
  PIKA Technologies Launches Telephony Hardware Community on TMCnet
  Announcing the 2007 Product of the Year Award Winners Presented by Communications Solutions
  Last Call for Speech Technology Excellence Award Entries
  TMC Schedules Internet Telephony Conference & Expo West 2008
  TMCnet Welcomes New Columnist Matt Bancroft
  TMC Launches WiMAXtoday.TMCnet.com
  2008 TMC Labs Innovation Award Winners Announced by Unified Communications Magazine
  TMCnet Welcomes Rick Bye as Newest Columnist
  TMC Names Best of Show Winners of INTERNET TELEPHONY Conference & EXPO East 2008
  Interactive Intelligence Receives Record Page Views on Highest Trafficked Contact Center Site on the Web

18th INTERNET TELEPHONY Conference & EXPO West
September 16-18, 2008 — Los Angeles Convention Center, Los Angeles, CA
Featuring Collocated: Call Center 2.0 Conference

5th Annual Communications Developer Conference
September 16-18, 2008 — Los Angeles Convention Center, Los Angeles, CA

19th INTERNET TELEPHONY Conference & EXPO East
February 2-4, 2009 — Miami Beach Convention Center, Miami, FL
Featuring Collocated: Call Center 2.0 Conference

TMC's Customized Keymail Alert