Contact Information: Press Contact: Sean Martin CISSP smartin@skyrecon.com (949) 878-0592
SkyRecon Blocks Vulnerability That Exploits Passwords Stored by Windows
SkyRecon Provides Single-Agent Protection for Endpoint Applications, Operating Systems, and Sensitive Data
| Source: SkyRecon Systems
SAN JOSE, CA--(Marketwire - January 9, 2008) - SkyRecon
Systems, the premier provider of unified endpoint security solutions,
today announced that its flagship product, StormShield, blocks against a
known vulnerability CVE-2007-5352 recently identified
by the research engineers at SkyRecon. The vulnerability affects the
32-bit, 64-bit, and Itanium-based versions of the Microsoft® Windows®
2000, XP, and 2003 Server operating systems.
"This is the second vulnerability that our research team has identified and
reported to Microsoft in the past couple months," said Thomas Garnier,
Senior Research Engineer at SkyRecon Systems. "During our ongoing research
in the Windows LPC Interface, we found an important vulnerability which
could be used to gain local elevated privilege and then execute code in the
LSASS process -- a system account process which manages credentials in the
Windows operating system. If the vulnerability is exploited, there is a
potential for saved system-level passwords to be accessed by users that did
not originally possess the proper credentials to access this sensitive
information."
SkyRecon's StormShield is the first in the industry to provide a
single-agent solution with real-time defenses designed to protect an
organization's endpoints and the sensitive data that resides on them.
Upon identification of the LSASS vulnerability, engineers at SkyRecon
confirmed that StormShield detects and blocks attacks targeting the
Microsoft vulnerability without the need for patches or changes in
configuration. As this is a local vulnerability, organizations that rely
only on perimeter security technologies are vulnerable to attack. More
information regarding the vulnerability and Microsoft Security Bulletin can
be found at:
-- Microsoft Security Bulletin MS08-002 - Important
Vulnerability
"Vulnerability research continues to be a critical component in designing
generic, effective, and efficient layers of protection," said Yann Torrent,
Director of Research and Development at SkyRecon Systems, Inc. "As this
vulnerability leaves workstations and terminal servers at most risk,
SkyRecon Systems is pleased that our unified endpoint protection solution
protects these critical business endpoint systems from compromise using its
integrated buffer overflow protection."
SkyRecon's StormShield uses multiple protection layers to comprehensively
address endpoint and data protection
and does so through a single, lightweight agent. As the industry's first
unified endpoint protection solution to integrate behavioral-based host
intrusion prevention with device control and content encryption,
StormShield provides real-time defenses designed to protect an
organization's endpoints and the critical business data that resides on
them.
About SkyRecon Systems Inc.
SkyRecon Systems is the premier global provider of system and data security
solutions. With its multi-layered approach, SkyRecon's StormShield Unified Endpoint Protection solution delivers the industry's first integrated
endpoint security product to provide single-agent protection for endpoint
operating systems, applications, and sensitive data. SkyRecon's patented
technologies meet the market's current and future requirements for
protecting their networked and mobile PCs, offering the only lightweight security agent to
deliver integrated device control, secure content encryption, application control, intrusion prevention, system firewall, network access control (NAC), with centralized dynamic policy
management and enforcement.
SkyRecon Systems is also a contributing member of the SecureIT Alliance.
For more information, please visit:
http://secureitalliance.org/blogs/Skyrecon_Systems/Default.aspx.
SkyRecon Systems Inc., 2033 Gateway Place, Suite 500, San Jose, CA 95110.
Tel. (877) 239 3057. www.skyrecon.com.