BroadWeb Successfully Prevents WMF 0-Day Exploits

Burlingame, Calif., Jan. 4 -- BroadWeb Corp. announced on December 29, 2005 that it had released an updated countermeasure signatures in pattern 3.31, successfully preventing BroadWeb IPS users from being adversely attacked by the notorious WMF 0-day exploits. BSST (BroadWeb Security Service Team) has once again demonstrated its commitments and dedications to fight against any network attacks and its expertise at helping customers build up network places free from Internet threats.

The new vulnerability in WMF is not known until the first WMF 0-day exploit was publicly reported on December 28, 2005. This vulnerability is totally different from that of MS05-053 (Vulnerabilities in Graphics Rendering Could Allow Code Execution 8964242), published in November 2005.  

Internet security researchers all agreed that this is a very serious vulnerability, because patches from Microsoft have not been available yet; and users with Windows XP SP2 fully patched can be easily affected by just visiting a malicious web site containing a malformed WMF file. Microsoft has announced that an official patch will not be available until Jan. 10. Microsoft has also recommended in its security bulletin that "Customers should contact their IDS [IPS] provider to determine if it offers protection from this vulnerability."

“A great number of Windows users without a third-party vender’s aids are now at extremely high level of risk”, said Ruidi Chu, network security consultant of Broadweb, “They leave their PCs wide open for Trojans, worms, spyware, and other malicious exploits before they get patches from Microsoft”.

According to BSST, the attacking vector has diversified. The original vector is to put malicious WMF files on web sites. Now some spam mails have been found to contain links connecting to malicious WMF files that will install Trojans. Other “Greeting Card” emails are also found to contain links to these exploits.  

“70 different versions of malformed WMF files are found so far, and they are being aggressively used by hackers with a clear criminal motivation”, said Stephen Tseng, director of Broadweb international sales department, “and the best way to guard against the attacks is to employ an IPS that thwart these threats based on OS vulnerabilities, but not on variants of malformed WMF files.  

Broadweb BSST strongly suggests that BroadWeb IPS users upgrade their signature patterns to version 3.31 or later immediately in order to thwart WMF 0-day exploits.  

About BroadWeb Corporation:
Founded in mid-Fall 1999, is a leading company providing complete network security technology from network layer up to application layer. This impeccable technical expertise of BroadWeb Corp. at high-speed networking, high-speed string matching, network security and policy-based management technologies has won many different awards in the IT industry all over the world and achieved its highly reputable fame throughout the years. With the combination of advanced core technologies along with our strong R&D team, BroadWeb Corp. is able to provide quality network security products to enterprises and corporations alike without compromising on the performance, accuracy and total cost of ownership (TCO). Currently BroadWeb Corp. is focusing on providing application layer network security appliances with complete hardware/software solutions. These products possess multiple network security features including Intrusion Detection and Prevention, Anti-Virus, Anti-P2P, Anti-IM, Anti-Spam, Anti-Porn and more. For further information, please visit our website at:
http://www.broadweb.com