Nevis Labs Identifies Vulnerabilities in Microsoft Windows Live OneCare
TMCnet
TMC Launches New Sites ::  NGC  |  4GWE  |  Green Tech  |  Satellite  |  IT |  IVR |  ITEXPO SHOW NEWS  |  Healthcare  |  Cisco News  |  Skype News  |  Microsoft News  |  AVAYA News
  INDUSTRIES
  VERTICALS
  HORIZONTAL
  PUBLICATIONS
  FREE RESOURCES
  INTERNATIONAL
  EVENTS
  ABOUT TMC
  COMMUNITIES
TMCnet CHANNELS
#1 VoIP Enabler: Risk-free, Quick & Easy Deployment
3G, VoIP & IPTV Performance Management
Advanced Carrier Services
All-in-one IPPBX
Appliance Deployment
ATCA
Auto Dialer
Billing
BPA (3rd Party Remote Call Monitoring)
Business Automation
Business Phone Systems
Business VoIP
Call Center
Call Center Certification
Call Center Digital Signage
Call Center Furniture
Call Center Hiring
Call Center Management
Call Center On Demand
Call Center Outsourcing
Call Center Scheduling
Call Center Software
Call Center Solutions
Call Center Training
Call Center Workforce Management
Call Monitoring
Call Recording
Conference Call
Conference Phones
Conferencing
Contact Center Software
CRM Solutions
Dialer
DID/DDI
Digital Signage
e911
E911 Hosted Solutions
Ethernet Extender
Fax
Fax Over IP
HD Conference
Headsets
Hosted Call Center
Hosted Contact Center
Hosted PBX
Integrated Communications
IP Fax
IP Phone System
IP Phones
IVR
Lead Management Software
Master Agent
Mobile Management
Mobile Unified Communications
Mobile Video
NEBS
Open Source CRM
Phone Systems
Predictive Dialer
SIP
Speech Recognition and Text to Speech
Telecom Expense Management
Telecom Training
Telemarketing Software
Virtual Call Center
Virtual Office
Virtual PBX
Voice Broadcast
Voice Management
Voice Over IP
Voice Peering
Voicemail Replacement
VoIP Contact Center
VoIP Developer
VoIP Gateways
VoIP Monitoring
VoIP Robustness Testing
VoIP Test Solutions
VoIPSwitch
Web Conferencing
Web Meeting
Wholesale VoIP
Wireless Expense Management
Wireless Management
Workforce Management
Workforce Optimization
Share
TMCnews
[May 14, 2008]

Nevis Labs Identifies Vulnerabilities in Microsoft Windows Live OneCare

MOUNTAIN VIEW, Calif. --(Business Wire)-- Nevis Networks, a market leader in secure switching and identity-based policy enforcement appliances, today announced that Nevis Labs has identified vulnerabilities in Microsoft Windows Live OneCare. 





















						






Affected Product/Versions: Windows Live OneCare less than 2.0.2500
              Windows Defender and ForeFront are also
              affected.


Product Overview: Windows Live OneCare is a new, subscription-based service provided by Microsoft to protect Windows computers. OneCare provides anti-virus protection, a two-way firewall, a back-up utility and system tune-ups.



For more information visit http://onecare.live.com/.

Vulnerability Details: These vulnerabilities allow remote unauthenticated attackers to launch a Denial of Service (DoS) attack on the Windows Live OneCare/Windows Defender/ForeFront. No user interaction is required. There are various ways to exploit these vulnerabilities. It can be done through sending email to victim's Mail server, convincing victim to visit website, transferring files through P2P/IM.

The first flaw exists within the parsing of the certain size field in the PE file. By setting this field to an overly large value, the vulnerable antivirus software will "eat" several Giga bytes disk space, which result in a disk space based DoS, especially for the antivirus installed on the server side.

The second flaw also exists within the parsing PE file. By crafting a malformed PE file, the vulnerable antivirus software will crash with memory corruption while scanning this file.

Vendor Response / Solution: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/Bulletin/MS08-029.mspx.

Reference:

1. http://www.microsoft.com

2. http://www.nevisnetworks.com/services.php?id=10

3. http://secway.org/

For more information: http://www.nevisnetworks.com

About Nevis Networks

Nevis Networks is a market leader in secure switching and identity-based policy enforcement appliances. The company's LANenforcer product family transparently enforces identity-based policies in real time within the network fabric, tightly controlling who can access a company's network and what resources they are permitted to use. Cross-industry customers, ranging from financial services, healthcare, education and defense contractors deploy Nevis LANenforcers to protect sensitive network resources and assets, and significantly reduce the overall costs and time to resolve security breaches and conduct network audits. The company is headquartered in Mountain View, CA, with additional R&D centers in Pune, India and Beijing, China. http://www.nevisnetworks.com

[ Back To TMCnet.com's Homepage ]
Discussions:
Be the first to post a comment on this page!
 
By  
TMCnet
+ Add to the Discussion
Receive more news in your Email
Featured White Papers
Featured White Paper RSS feed
10 reasons to switch to an IP PBX
Satisfy Your Customers the First Time, Every Time
Application Whitelisting: A new security paradigm
view all white papers…
Top Stories
Today's TMCnet Top Stories and News Articles
Facebook Rearranging Privacy Settings
Joost Targets Online Video Platforms
U.S. to Spend $4 Billion on Broadband in Rural …
SIP Trunking's Success Puts Pressure on Carriers: IVR Expert
Open Internet Advocates to Congress: Take a Hard Look at …
more of today's top stories...
Related VoIP News
Latest IP Communitions and VoIP News
Qwest Ethernet Services Selected by the State of Utah
J.D. Power and Associates Ranks Verizon Business Highest in Customer Satisfaction
Cadence GRE Technology Reduces Hitachi's PCB Design-Cycle Time
Coleman Technologies Offers Borderless Unified Cisco Network
Kyrgyzstan's National Telecom Operator Selects Cisco's Technologies

Subscribe FREE to all of TMC's monthly magazines. Click here now.