IBM’s security division, Internet Security Systems, offers protection from several critical vulnerabilities announced by Microsoft. The vulnerabilities include a flaw discovered in Microsoft’s core anti-virus engine.
By creating a specially-crafted PDF file, hackers are able to trigger a heap overflow in the anti-virus engine, resulting in remote code execution, said ISS in its security advisory.
ISS also provides protection for three critical vulnerabilities in Internet Explorer covered by Microsoft bulletin MS07-016. The critical of these is an FTP client vulnerability that can be remotely exploited by a malformed response from a malicious server.
“ISS continues to work closely with Microsoft to provide Vista support for our customers,” says IBM.
ISS also published a white-paper named “Microsoft Vista’s Kernel-Locking”, discussing Vista’s kernel security features.