|  |
StillSecure Safe Access Detects New Windows Registry Key Vulnerability
StillSecure(R), provider of an integrated suite of enterprise network security solutions, announced that StillSecure Safe Access customers are protected from the new Windows registry vulnerability. The Windows Registry Editor Utility String Concealment vulnerability, first exposed on August 24, 2005, is particularly dangerous because it cannot currently be detected by some security programs.
This new security hole discovered in Windows allows hackers to take advantage of a computer's registry keys to hide the presence of worms, Trojans, and viruses. Once hackers have compromised a system they can cover their tracks by adding an overly long registry entry to the key. Because of its length it cannot be easily detected and neither can subsequent keys so malicious code can re-launch each time the system reboots.
StillSecure Safe Access, a network access control solution, detects the hidden registry entries that may house malicious code. The SANS Internet Storm Center has posted a list of solutions that have been tested and are capable of detecting this vulnerability at http://isc.sans.org/diary.php?date=2005-08-25.
Robert Danford, StillSecure Security Alert Team (SAT) member and the SANS Internet Storm Center handler on duty when the vulnerability became widely exposed, states that the Storm Center "expect(s) this trend to continue over the lifecycle of the next few weeks as vendors patch their products as necessary to allow these values to be visible to their scan engines."
"Organizations need to make sure that their security software detects this vulnerability, otherwise they're leaving themselves wide open to attack," said Mitchell Ashley, CTO and VP of Customer Experience at StillSecure. "Safe Access is capable of accommodating unusual or anomalous entries so our customers are automatically supported without a patch or rule update. This vulnerability re-confirms that unlike other network access control solutions, Safe Access has extensive capabilities for detecting security holes and the presence of worms, Trojans, and viruses." 30.08.2005, StillSecure
Subscribe to the newsletter | | |
| | | |
