SkyRecon Identifies Two Kernel-Level Windows Vulnerabilities

SkyRecon Research Provides Information Leading to Important Patch of the Windows Kernel


SAN JOSE, CA--(Marketwire - October 14, 2008) - SkyRecon® Systems (www.skyrecon.com), the premier provider of integrated, proactive endpoint security solutions, today announced that its research team has uncovered two kernel-level vulnerabilities -- CVE-2008-2252 and CVE-2008-3464 -- both located in multiple versions of the Microsoft® Windows® operating system.

The Microsoft Windows kernel is the virtual interface between the hardware and the operating system, providing administrative control over multiple subsystems, processes, and memory. Some of the subsystems are designed run within the kernel space, providing direct access to the other kernel-level services directly through the operating system layer. Compromise of the kernel via one of the kernel-level subsystems could expose the system to further compromise, such as a root-kit injection that could lead to hi-jacking and remote control of the endpoint.

"These are two important vulnerabilities that our research team has identified and that are being patched this month," said Thomas Garnier, Senior Research Engineer at SkyRecon Systems. "During our ongoing security research of the Windows kernel environment and our passionate desire to protect the Windows business environment, we found these two important vulnerabilities which could be used to increase privileges for the compromised subsystem, effectively granting local access to every component of the system -- both hardware and software."

Both vulnerabilities -- CVE-2008-2252 and CVE-2008-3464 -- affect the kernel in the following 32-bit, 64-bit, and Itanium versions of the Windows Operating systems: Windows XP Professional, Windows 2000 Server, and Windows 2003 Server. Vulnerability CVE-2008-2252 affects Windows Vista as well. CVE-2008-2252 is located in the graphical kernel interface. CVE-2008-3464 is located in the network kernel interface subsystem areas. If exploited, either vulnerability could allow for a local escalation of privilege, and ultimately, system compromise.

More information regarding the vulnerabilities and the Microsoft Security Bulletin can be found at:

-- Microsoft Security Bulletin MS08-003 - Important Vulnerability, Accredited to Thomas Garnier, SkyRecon Systems

-- Microsoft Security Bulletin MS08-003 - Important Vulnerability, Accredited to Fabien Le Mentec, SkyRecon Systems

SkyRecon's partnership with Microsoft and its ongoing and recent vulnerability research, enable the innovative endpoint security vendor to be proactive in responding to the customer need for an endpoint security solution that proactively protects the system and data from compromise while not eating up their precious hardware and IT staff resources.

StormShield Security Suite provides real-time protection from both identified and zero-day attacks. The comprehensive, proactive protection is delivered through a multi-layered, light-weight single endpoint protection platform, providing integrated endpoint policy control and enforcement for: host-based intrusion prevention (HIPS), system firewall, anti-virus/anti-spyware, application control, device control, data encryption, wireless security, and network access control (NAC).

About SkyRecon Systems Inc.

Founded in 2003, SkyRecon Systems is a leading global provider of endpoint protection platforms. With its award-winning single-policy endpoint security solutions, organizations are able to ensure protection and enforce policy for the endpoint systems, applications, data and users upon which their business relies. The company is a contributing member of the SecureIT Alliance, has received the prestigious Red Herring 100 Award, and has been named "Entrepreneurial Security Company of the Year" by Frost & Sullivan. StormShield has again received 4 stars in the SC Magazine Endpoint Security Group Test, has been nominated as a finalist for the SC Awards magazine in the US Best Mobile Device Security Solution category and the 2008 TechWorld.com Awards in the Endpoint Security Product of the Year category, and was also recently selected as a top 10 vendor for the 2008 Computer Reseller News list of Emerging Tech Vendors You Need to Know.

More information about SkyRecon can be obtained by visiting www.skyrecon.com, attending an educational security webinar, or by calling (877) 239-3057.

SkyRecon, the SkyRecon logo, StormShield, and TradeShield are registered trademarks of SkyRecon Systems Inc. All other product or service names are the property of their respective owners.

Contact Information: Press Contact: Sean Martin, CISSP smartin@skyrecon.com (949) 878-0592