Sourcefire® Delivers Protection for Critical Microsoft Vulnerabilities

Business Wire, May 10, 2007

Sourcefire Vulnerability Research Team Delivers Protection for Recent Microsoft DNS Server Service, Exchange Server, CAPICOM, Internet Explorer and Excel Vulnerabilities

COLUMBIA, Md. -- Open source innovator and SNORT([R])creator, Sourcefire, Inc. (Nasdaq:FIRE), a leader in network intrusion prevention, today announced that the Sourcefire Vulnerability Research Team (VRT) has delivered rules to protect Sourcefire customers and Snort users from significant Microsoft vulnerabilities announced on Tuesday, May 8, 2007, releasing protection in advance of the three most significant risks.

"Sourcefire is dedicated to providing our customers and Snort users with the best protection possible, as evidenced by our ability to deliver protection ahead of four of Microsoft's critical vulnerabilities," said Matt Watchinski, Director of the Sourcefire Vulnerability Research Team. "As zero day attacks become even more prevalent, the Sourcefire VRT is continuing to increase our focus on addressing these types of risks before they are disclosed or discovered."

Prior to the recent Microsoft disclosure, the Sourcefire VRT created and delivered rules to protect users from the following critical vulnerabilities. In addition, new rules to detect attacks targeting these vulnerabilities are included in the latest Sourcefire VRT rules, released on May 8, 2007.

* Microsoft Security Bulletin MS07-029 - The Microsoft DNS Server Service is prone to a vulnerability that may allow a remote attacker to execute code on an affected system. The issue is present in the RPC interface of servers using Microsoft's implementation of DNS.

* Microsoft Security Bulletin MS07-027 - Microsoft Internet Explorer suffers from programming errors that may allow a remote attacker to execute code on an affected system.

* Microsoft Security Bulletin MS07-026 - The Microsoft Exchange Server incorrectly handles certain electronic mail transactions. This may allow a remote attacker to execute code on an affected system.

Additionally, the Sourcefire VRT created new rules to detect attacks targeting the following vulnerabilities on May 8, 2007:

* Microsoft Security Bulletin MS07-028 -- A vulnerability in Microsoft Cryptographic API Component Object Model (CAPICOM) may allow a remote attacker to execute code on an affected system.

* Microsoft Security Bulletin MS07-023 -- Microsoft Excel is prone to a vulnerability that may allow a remote attacker to execute code on an affected system.

About the Sourcefire VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activities, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

About Sourcefire

Sourcefire, Inc. (Nasdaq:FIRE), Snort creator and open source innovator, is a world leader in Enterprise Threat Management (ETM) solutions. Sourcefire is transforming the way Global 2000 organizations and government agencies manage and minimize network security risks with its 3D Approach - Discover, Determine, Defend - to securing real networks. The Sourcefire 3D System is the first to unify IPS, NBA, NAC and Vulnerability Assessment technologies under the same management console. This ETM approach equips customers with an efficient and effective layered security defense - protecting network assets before, during and after an attack. Through the years, Sourcefire has been consistently recognized for its innovation and industry leadership by customers, media and industry analysts alike - with more than 30 awards and accolades. Recently, Sourcefire was positioned in the Leaders Quadrant of Gartner's "Magic Quadrant for Network Intrusion Prevention System Appliances 2H06" report, and the Sourcefire 3D System was named "Best Security Solution" at the 2006 SC Magazine Awards. Today, the names Sourcefire and founder Martin Roesch have grown synonymous with innovation and network security intelligence. For more information about Sourcefire, please visit http://www.sourcefire.com.

SOURCEFIRE[R], SNORT[R], the Sourcefire logo, the Snort and Pig logo, SECURITY FOR THE REAL WORLD[TM], SOURCEFIRE DEFENSE CENTER[TM], SOURCEFIRE 3D[TM], RNA[TM], DAEMONLOGGER[TM] and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire, Inc. in the United States and other countries.