IBM safeguards against Microsoft vulnerabilities

By | February 16, 2007

IBM’s security division, Internet Security Systems, offers protection from several critical vulnerabilities announced by Microsoft. The vulnerabilities include a flaw discovered in Microsoft’s core anti-virus engine.

By creating a specially-crafted PDF file, hackers are able to trigger a heap overflow in the anti-virus engine, resulting in remote code execution, said ISS in its security advisory.

ISS also provides protection for three critical vulnerabilities in Internet Explorer covered by Microsoft bulletin MS07-016. The critical of these is an FTP client vulnerability that can be remotely exploited by a malformed response from a malicious server.

“ISS continues to work closely with Microsoft to provide Vista support for our customers,” says IBM.

ISS also published a white-paper named “Microsoft Vista’s Kernel-Locking”, discussing Vista’s kernel security features.

Leave a Reply