The vulnerability affects the 32-bit, 64-bit, and Itanium-based versions of the Microsoft® Windows® 2000, XP, and 2003 Server operating systems.

“This is the second vulnerability that our research team has identified and responsibly reported to Microsoft in the past couple months,” said Thomas Garnier, Senior Research Engineer at SkyRecon Systems. “During our ongoing research in the Windows LPC Interface, we found an important vulnerability which could be used to gain elevated privilege and then execute code in the LSASS process – a System account process which manages credentials in the Windows operating system. If the vulnerability is exploited, there is a potential for saved system-level passwords to be accessed by users that did not originally possess the proper credentials to access this sensitive information."

SkyRecon's StormShield is the first in the industry to provide a single-agent solution with real-time defenses designed to protect an organization’s endpoints and the sensitive data that resides on them.

Upon identification of the LSASS vulnerability, engineers at SkyRecon confirmed that StormShield detects and blocks attacks targeting the Microsoft vulnerability without the need for patches or changes in configuration. As this is a local vulnerability, organizations that rely only on perimeter security technologies are vulnerable to attack.
 
More information regarding the vulnerability and Microsoft Security Bulletin can be found at:
-- Microsoft Security Bulletin MS08-002 – Important Vulnerability

“Vulnerability research continues to be a critical component in designing generic, effective, and efficient layers of protection,” said Yann Torrent, Director of Research and Development at SkyRecon Systems, Inc. “As this vulnerability leaves workstations and terminal servers at most risk, SkyRecon Systems is pleased that our unified endpoint protection solution protects these critical business endpoint systems from compromise using its integrated buffer overflow protection.”

SkyRecon’s StormShield uses multiple protection layers to address every aspect of endpoint and data protection and does so through a single, lightweight agent. As the industry’s first unified endpoint protection solution to integrate behavioral-based host intrusion prevention with device control and content encryption, StormShield provides real-time defenses designed to protect an organization’s endpoints and the critical business data that resides on them.