SkyRecon Detects Software Flaw, Helps Secure Windows Systems

SAN JOSE, CA--(Marketwire - February 15, 2008) - SkyRecon Systems, the premier provider of unified endpoint security solutions, today announced that its research team uncovered a remote Denial of Service (DoS) vulnerability CVE-2008-0088 in the Microsoft® Active Directory component of the Windows® operating system.

Active Directory (AD) is the Microsoft implementation of Lightweight Directory Access Protocol (LDAP) directory services used primarily in the Windows operating environment to provide centralized access control (authentication and authorization) services for Windows-based computers. Using a database for storage of system, user, software, and policy information, Active Directory also allows IT administrators to assign policies, deploy software, and apply critical updates to an organization.

"As our research and development team continues to build leading-edge unified client security solutions to secure the Windows operating environment, we strive to provide Microsoft with information we uncover in order to help them in their drive to continue to provide a secure operating system and supporting application services," said Thomas Garnier, Senior Research Engineer at SkyRecon Systems Inc. "During our ongoing research in and integration with the Windows Active Directory service, we found an important vulnerability which could be used to effectively disable the Active Directory service, rendering the system unusable."

The vulnerability affects the Active Directory component in the following 32-bit, 64-bit, and Itanium versions of the Windows Operating systems: Windows XP Professional, Windows 2000 Server, and Windows 2003 Server. The vulnerability also affects implementations of Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows 2003 Server editions.

If exploited, the vulnerability could allow an attacker to cause the system to stop responding or automatically restart. The vulnerability has been addressed by validating client LDAP requests.

More information regarding the vulnerability and Microsoft Security Bulletin can be found at:

Microsoft Security Bulletin MS08-003 -– Important Vulnerability

SkyRecon's StormShield uses multiple layers of protection to address every critical aspect of system and data protection and does so through a single, lightweight agent. As the industry's first unified endpoint protection solution to integrate behavioral-based host intrusion prevention with device control and content encryption, StormShield provides real-time defenses designed to protect an organization's endpoints and the critical business data that resides on them -- without the need for patches or signatures.

About SkyRecon Systems, Inc.

Founded in 2003 in Paris and with US headquarters in San Jose, Calif., SkyRecon Systems is a provider of system and data security solutions for 200 enterprises in 40 countries. In March 2007 the company raised $6.5 million in a second round of venture financing from Ventech and ACE Management to establish US operations and to develop a reseller channel. The company enjoys strategic partnerships with Microsoft and Juniper in support of its engineering and sales efforts. SkyRecon received the prestigious Red Herring 100 Award and has been named "Entrepreneurial Security Company of the Year" by Frost & Sullivan. In 2007 it received a Readers Trust finalist award by SC Magazine. More information on SkyRecon Systems can be found at www.skyrecon.com. SkyRecon Systems Inc., 2033 Gateway Place, Suite 500, San Jose, CA 95110. Tel. (877) 239 3057.

SkyRecon Systems is a contributing member of the SecureIT Alliance. For more information, please visit: http://secureitalliance.org/blogs/Skyrecon_Systems/Default.aspx.

SkyRecon Systems Inc., 2033 Gateway Place, Suite 500, San Jose, CA 95110. Tel. (877) 239 3057. www.skyrecon.com.

Contact Information: Press Contact: Sean Martin CISSP smartin@skyrecon.com (949) 878-0592