Tags: Beijing, China, Forefront Security for Exchange, Gallagher Group Communications, India, Microsoft, Microsoft Windows Live OneCare, Nevis Labs, Nevis Networks, Pune, Windows Defender, Windows Live OneCare

Nevis Networks, a market leader in secure switching and identity-based policy enforcement appliances, today announced that Nevis Labs has identified vulnerabilities in Microsoft Windows Live OneCare.

Affected Product/Versions:
Windows Live OneCare < 2.0.2500
Windows Defender and ForeFront are also affected.

Product Overview: Windows Live OneCare is a new, subscription-based service provided by Microsoft to protect Windows computers. OneCare provides anti-virus protection, a two-way firewall, a back-up utility and system tune-ups.

For more information visit http://onecare.live.com/.

Vulnerability Details: These vulnerabilities allow remote unauthenticated attackers to launch a Denial of Service (DoS) attack on the Windows Live OneCare/Windows Defender/ForeFront. No user interaction is required. There are various ways to exploit these vulnerabilities. It can be done through sending email to victim’s Mail server, convincing victim to visit website, transferring files through P2P/IM.

The first flaw exists within the parsing of the certain size field in the PE file. By setting this field to an overly large value, the vulnerable antivirus software will “eat” several Giga bytes disk space, which result in a disk space based DoS, especially for the antivirus installed on the server side.

The second flaw also exists within the parsing PE file. By crafting a malformed PE file, the vulnerable antivirus software will crash with memory corruption while scanning this file.

Vendor Response / Solution: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/Bulletin/MS08-029.mspx.

Reference:

1. http://www.microsoft.com

2. http://www.nevisnetworks.com/services.php?id=10

3. http://secway.org/

For more information: http://www.nevisnetworks.com

About Nevis Networks

Nevis Networks is a market leader in secure switching and identity-based policy enforcement appliances. The company’s LANenforcer product family transparently enforces identity-based policies in real time within the network fabric, tightly controlling who can access a company’s network and what resources they are permitted to use. Cross-industry customers, ranging from financial services, healthcare, education and defense contractors deploy Nevis LANenforcers to protect sensitive network resources and assets, and significantly reduce the overall costs and time to resolve security breaches and conduct network audits. The company is headquartered in Mountain View, CA, with additional R&D centers in Pune, India and Beijing, China. http://www.nevisnetworks.com

Contacts

Gallagher Group Communications
Kevin Gallagher, 925-831-1041
kevin {at} gg-comm(.)com