Zero Day Exploit Advisory: Secure Elements C5 Enterprise Vulnerability Management Suite Protects Against New Zero Day Exploit That Has No Patch Available

C5 EVM automates detection and remediation of new vulnerabilities even when a patch is not available.

Herndon, VA (PRWEB via PR Web Direct) August 18, 2005 -- Secure Elements today announced that it has provided users of the C5 Enterprise Vulnerability Management suite with complete, automated remediation for the vulnerability associated with the zero day exploit disclosed in the last 24 hours. Customers of Secure Elements were notified of the vulnerability, exploit, and recommendation remediation actions last evening.

Critical Alert: Microsoft Internet Explorer "Msdds.dll" Remote Code Execution vulnerability

FrSIRT has released an exploit code for a critical vulnerability in Microsoft Internet Explorer 6.0, which allows remote attackers to execute arbitrary code and take complete control of an affected system. The issue is due to a memory corruption error that occurs when instantiating the "Msdds.dll" object as an ActiveX control. The vulnerability has been confirmed on Microsoft Internet Explorer 6.0 on Microsoft Windows XP Service Pack 2.

The Secure Elements Security Lab engineers believe that this exploit has a high probability to be used to create a worm or virus in the near future, and have classified the vulnerability as “Critical”. While are not aware of a patch for this newly discovered vulnerability, one of our remediation countermeasures does mitigate this, and other, ActiveX based vulnerabilities and exploits that have no patch available.

C5 EVM users have been advised to deploy remediation SE-0002435 (Sets the Security level to “High” in Internet Explorer) immediately due to the imminent threat represented by this zero day exploit.

Products Effected:
-- Microsoft Internet Explorer 6.0
-- Microsoft Internet Explorer 6.0 SP1
-- Microsoft Internet Explorer 6.0 for Windows XP SP2

References:
-- http://www.frsirt.com/english/advisories/2005/1450
-- http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php

Enterprises or others may contact Secure Elements at 1-800-709-5011 to obtain more information or schedule discussions with expert sources from Secure Elements.

About Secure Elements

Secure Elements, an enterprise vulnerability management leader, automates security remediation strategies and tactics across the entire enterprise, reducing business risk and IT management costs while improving systems performance and maintaining business continuity. Protecting mission critical and network infrastructure assets from both known and unknown attacks without limiting operational performance, the company rapidly identifies and intelligently responds to complex and diverse security incidents. Using real-time threat intelligence data and analysis, Secure Elements provides administrators with optimal security control across the enterprise. Herndon, Va.-based Secure Elements serves organizations in the federal government and critical infrastructure markets, as well as Global 1000 corporations.

Contact:
Scott Armstrong
Secure Elements
Phone: (703) 709-5011
http://www.secure-elements.com

# # #

Source :  http://www.prweb.com/releases/2005/8/prweb274468.htm