Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

GFI MailSecurity’s exploit engine safeguards against new high risk Outlook vulnerability

  • 12 March, 2004 20:45

<p>GFI MailSecurity will detect any new virus that attempts to exploit Outlook 2002 vulnerability</p>
<p>GFI released an update to its email exploit engine today which can detect any viruses that exploit a newly discovered Outlook 2002 vulnerability. The new Outlook vulnerability, MS04-009, was yesterday upgraded to “high risk” by Microsoft Corp, which issued a patch against it on Tuesday (more details at http://www.microsoft.com/technet/security/bulletin/ms04-009.mspx). The vulnerability is related to the way mailto URLs are handled and could allow Internet Explorer to execute code on affected machines.</p>
<p>To exploit this vulnerability, attackers could simply create an HTML email that either lures the recipient into clicking a link in the message body or that contains a fake image that can automatically launch a link without requiring user intervention. The payload of such an attack could include running JavaScript under the My Computer (local) Security Zone. This means that the attacker could execute code on the local disk of unpatched machines and/or access user files.</p>
<p>New viruses based on this exploit can be caught by GFI’s gateway-level exploit engine
Users of GFI MailSecurity for Exchange/SMTP – GFI’s email content checking, exploit detection, threats analysis and anti-virus solution – simply need to download the latest exploit engine updates to allow GFI MailSecurity to detect any new viruses that use this exploit to propagate and infect systems. Information on how to update the GFI MailSecurity exploits database and technical information about the exploit are available at http://www.gfi.com/news/en/ms04009exploit.htm.</p>
<p>The difference between a virus engine and an exploit engine</p>
<p>Anti-virus software is designed to detect known malicious code. An email exploit engine takes a different approach: it analyses the code for exploits that could be malicious. Email exploit detection software analyzes emails for exploits - i.e., it scans for methods used to exploit the OS, email client or Internet Explorer - that can permit execution of code or a program on the user's system. It does not check whether the program is malicious or not. It simply assumes there is a security risk if an email is using an exploit in order to run a program or piece of code.</p>
<p>In this manner, an email exploit engine works like an intrusion detection system for email. The email exploit engine might cause more false positives, but it adds a new layer of security that is not available in a normal anti-virus package, simply because it uses a totally different way of securing email.</p>
<p>An exploit engine needs to be updated less frequently than an anti-virus engine because it looks for a method rather than a specific virus. Although keeping exploit and anti-virus engines up-to-date involve very similar operations, the results are different. Once an exploit is identified and incorporated in GFI MailSecurity’s exploit engine, that engine can protect against any new virus that is based on a known exploit. That means the exploit engine will catch the virus even before the anti-virus vendor is aware of its emergence, and certainly before the anti-virus definition files have been updated to counter the attack. Further information is available at http://www.gfi.com/mailsecurity/wpexploitengine.htm.</p>
<p>About GFI MailSecurity for Exchange/SMTP</p>
<p>GFI MailSecurity for Exchange/SMTP is an email content checking, exploit detection, threats analysis and anti-virus solution that removes all types of email-borne threats before they can affect an organization's email users. GFI MailSecurity's key features include multiple virus engines, to guarantee higher detection rate and faster response to new viruses; email content and attachment checking, to quarantine dangerous attachments and content; an exploit shield, to protect against present and future viruses based on exploits (e.g., Nimda, Bugbear); an HTML threats engine, to disable HTML scripts; a Trojan &amp; Executable Scanner, to detect malicious executables; and more. Further information and a full evaluation version are available at http://www.gfi.com/mailsecurity/.</p>
<p>About GFI</p>
<p>GFI is a leading provider of Windows-based network security, content security and messaging software. Key products include the GFI FAXmaker fax connector for Exchange and fax server for networks; GFI MailSecurity email content/exploit checking and anti-virus software; GFI MailEssentials server-based anti-spam software; GFI LANguard Network Security Scanner (N.S.S.) security scanning and patch management software; GFI Network Server Monitor that automatically sends alerts, and corrects network and server issues; and GFI LANguard Security Event Log Monitor (S.E.L.M.) that performs event log based intrusion detection and network-wide event log management. Clients include Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has offices in the US, the UK, Germany, Cyprus, Romania, Australia and Malta, and operates through a worldwide network of distributors. GFI is a Microsoft Gold Certified Partner and has won the Microsoft Fusion (GEM) Packaged Application Partner of the Year award.</p>
<p>All product and company names herein may be trademarks of their respective owners.</p>
<p>For more information:
Please email Angelica Micallef Trigona on angelica@gfi.com
GFI Software Ltd - Malta: Tel: +356 21382418; Fax: +356 21382419.
http://www.gfi.com</p>

Most Popular

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Join the newsletter!

Error: Please check your email address.

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?