Contact Information: Press Contact: Sean Martin CISSP smartin@skyrecon.com (949) 878-0592
SkyRecon Detects Software Flaw, Helps Secure Windows Systems
SkyRecon Research Team Provides Information Leading to Patch of Active Directory Flaw
| Source: SkyRecon Systems
SAN JOSE, CA--(Marketwire - February 15, 2008) - SkyRecon Systems, the premier provider of
unified endpoint security solutions, today announced that its research team
uncovered a remote Denial of Service (DoS) vulnerability
CVE-2008-0088 in the Microsoft® Active Directory component of the
Windows® operating system.
Active Directory (AD) is the Microsoft implementation of Lightweight
Directory Access Protocol (LDAP) directory services used primarily in the
Windows operating environment to provide centralized access control
(authentication and authorization) services for Windows-based computers.
Using a database for storage of system, user, software, and policy
information, Active Directory also allows IT administrators to assign
policies, deploy software, and apply critical updates to an organization.
"As our research and development team continues to build leading-edge
unified client security solutions to secure the Windows operating
environment, we strive to provide Microsoft with information we uncover in
order to help them in their drive to continue to provide a secure operating
system and supporting application services," said Thomas Garnier, Senior
Research Engineer at SkyRecon Systems Inc. "During our ongoing research in
and integration with the Windows Active Directory service, we found an
important vulnerability which could be used to effectively disable the
Active Directory service, rendering the system unusable."
The vulnerability affects the Active Directory component in the following
32-bit, 64-bit, and Itanium versions of the Windows Operating systems:
Windows XP Professional, Windows 2000 Server, and Windows 2003 Server. The
vulnerability also affects implementations of Active Directory Application
Mode (ADAM) when installed on Windows XP Professional and Windows 2003
Server editions.
If exploited, the vulnerability could allow an attacker to cause the system
to stop responding or automatically restart. The vulnerability has been
addressed by validating client LDAP requests.
More information regarding the vulnerability and Microsoft Security
Bulletin can be found at:
Microsoft Security Bulletin MS08-003 - Important
Vulnerability
SkyRecon's StormShield uses multiple layers of protection to address every
critical aspect of system and data
protection and does so through a single, lightweight agent. As the
industry's first unified endpoint protection solution to integrate
behavioral-based host intrusion prevention with device control and content
encryption, StormShield provides real-time defenses designed to protect an
organization's endpoints and the critical business data that resides on
them -- without the need for patches or signatures.
About SkyRecon Systems, Inc.
Founded in 2003 in Paris and with US headquarters in San Jose, Calif.,
SkyRecon Systems is a provider of system and data security solutions for
200 enterprises in 40 countries. In March 2007 the company raised $6.5
million in a second round of venture financing from Ventech and ACE
Management to establish US operations and to develop a reseller channel.
The company enjoys strategic partnerships with Microsoft and Juniper in
support of its engineering and sales efforts. SkyRecon received the
prestigious Red Herring 100 Award and has been named "Entrepreneurial
Security Company of the Year" by Frost & Sullivan. In 2007 it received a
Readers Trust finalist award by SC Magazine. More information on SkyRecon
Systems can be found at www.skyrecon.com. SkyRecon Systems Inc., 2033
Gateway Place, Suite 500, San Jose, CA 95110. Tel. (877) 239 3057.
SkyRecon Systems is a contributing member of the SecureIT Alliance. For
more information, please visit:
http://secureitalliance.org/blogs/Skyrecon_Systems/Default.aspx.
SkyRecon Systems Inc., 2033 Gateway Place, Suite 500, San Jose, CA 95110.
Tel. (877) 239 3057. www.skyrecon.com.