We add confidence to computing
TOLL FREE - 1-877-EZ-VIRUS, CALL (+91) 22 28265701, 93223 59065.
Forums: http://forums.mwti.net
Home                                
MWTI Products
Download Center
Partners Section
Support Center
Buy Online
Virus Information
About Us
Events
Contact Us
Career With Us


  Home » Press Release
  MicroWorld Press Release
  
 
   
 
 
MicroWorld - Microsoft Releases Early Patch for the VML Flaw - 27 Sep 2006

Microsoft Corporation broke its patch Tuesday cycle falling on second Tuesday of every month, to release a fix for the critical and widely exploited VML vulnerability in Internet Explorer. Security Experts at the AntiVirus and Content Security firm, MicroWorld Technologies, urge computer users to go for an immediate update of the Explorer patch.

The patch released yesterday can be found at http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx. It plugs the remote code execution vulnerability in the Vector Markup Language (VML), when a smartly crafted webpage with VML containing a long "fill" inside a "rect" tag is displayed in IE.

Microsoft was under pressure as the number of websites hosting malicious exploits for the vulnerability grew multifold while scamsters sent out spoof ecards leading users to many sites that dropped Keyloggers into user computers via the flaw.

“The potential risk level of a vulnerability depends on multiple factors than the mere gravity of the software flaw,” says Govind Rammurthy CEO, MicroWorld Technologies. “Different attack vectors, availability of the exploit code, the amount of user interaction required for a successful penetration and the level of organizing and coordination displayed in the attack, all contribute towards how serious the threat can become within a short span of time. In that sense, this VML vulnerability had all the right ingredients to make you dash for cover.”

An imminent possibility of changing vectors and targets loomed in the form of mass mailing attacks aiming at Outlook and Outlook Express, both using IE’s rendering mechanisms to preview emails. It meant the attacker can compromise and takeover a remote computer with little or no action from the victim’s side.

In the mean time, a security group named Zero Day Emergency Response Team (ZERT) offered an unofficial patch for the vulnerability, presenting users with the tough choice between perils of a critical browser vulnerability and a possible software clash arising from a third party component. The plot got thicker with the second unofficial patch coming from a vulnerability management firm, Patchlink.

The confusion now settles down with the release of the Microsoft patch which blocks the hole in the risky VML component, but not before raising serious questions about the effectiveness, safety and legitimacy of third party patches for vulnerabilities in software applications.

MicroWorld Solutions eScan and MailScan were soon updated with protection against the exploit code in the wild named Exploit.HTML.VML, while also providing workarounds for mitigating the threat. The security firm protects its users with its fastest updating Threat Detection and Prevention System, Advanced Behavioral Analysis and the unique MWL technology. eScan and MailScan also employ a Multi-pronged Spam Blocking system to make sure that emails carrying malware do not make it to user mailboxes. To prevent network Intrusions, MicroWorld offers eConceal Firewall and for best of breed spam protection, X-Spam.

“Be it large Enterprises or home users, two major channels of malware proliferation are Web Access and emails, amply displayed in the case of this exploit. One needs to be extra careful in guarding these prime conduits, as Virus writers and hackers find and force errors via these routes to advance their cause. We at MicroWorld combine some of the future defining technologies to combat and prevent digital threats in a continuous and consistent fashion, to ensure that we leave nothing to chance,” says Sunil Kripalani, Vice President, Global Sales and Marketing, MicroWorld Technologies.

 

MicroWorld

MicroWorld (www.mwti.net ) is the developer of the world's first Real-Time Anti-Virus and Content Security software eScan for desktops and servers. Its communication security software, MailScan is the first comprehensive e-mail scanner for your SMTP/POP3 Mail Server. MicroWorld Winsock Layer (MWL) is the revolutionary technology underlying these products, powering them to several certifications and awards by some of the most prestigious testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red Hat Ready, and Novell Ready. Combining their powerful scanner with MWL technology, MicroWorld solutions provide a Real-Time Proactive security for your systems. For network security of enterprises, eConceal Firewall is the latest powerful offering from MicroWorld.

To learn more, kindly visit http://www.mwti.net.

 

From

MicroWorld
Email: response@mwti.net

 
 





Corporate Links
Corporate Info
Our Vision

Press Center

Press Releases

MicroWorld Offices

Career With Us

Awards Earned
Click here for more awards of eScan

Customer Feedback

 

Hi There I must say your support is great I only wish other tech companies were half as good.

David Hyde

--------------------------
I really appreciate all your help with the Microsoft fiasco the other day. You always go the extra mile and no matter how it seems, I greatly appreciate you.

Jay Traylor
    Copyright © 2004-2005 MicroWorld Technologies Inc. Privacy Policy | Contact Us | Feedback