Home page
Services
Licences and fees
Surveys and statistics
Regulations, decisions and guidelines
FICORA
Contact details

Finnish Communications Regulatory Authority (FICORA)
Itämerenkatu 3 A
P.O. Box 313
FI-00181 HELSINKI

Switchboard +358 9 69 661

Television fees
Customer service +358 9 613 161

Customer service of Fi-domain names +358 9 6966 700

About cookies

 Home page > FICORA > Press releases > Year 2009 > FICORA urges users to install patches against serious software vulnerabilities at once

06.08.2009

FICORA urges users to install patches against serious software vulnerabilities at once

Together with several Finnish and foreign software manufacturers, FICORA's information security unit CERT-FI coordinated the mitigation process regarding flaws in implementations processing XML. The software vulnerabilities are related to XML program libraries used by nearly all new operating systems and software therein. The patches released today will considerably reduce the threat exposed by vulnerabilities.

By exploiting vulnerabilities, attackers may be able to execute arbitrary commands on the targeted network device or information system. Attackers may also send denial-of-service attacks to target systems containing vulnerabilities. The impact of the attacks may be far-reaching if corrective software patches are not deployed. Therefore, FICORA recommends that patches be installed immediately.

XML (Extensible Markup Language) is a general-purpose language specified by World Wide Web Consortiumin (W3C). It is used for processing information and documents in nearly all information systems. The XML vulnerabilities were discovered by Codenomicon Oy, a company from the city of Oulu in northern Finland. In February 2009, Codenomicon requested CERT-FI to coordinate the fixing process of the vulnerabilities.

"We are pleased to work together with CERT-FI in order to patch the critical vulnerabilities. Many software manufacturers are nearly always affected by the vulnerabilities we have found, so solid international experience is needed for reporting and organizing," says Heikki Kortti from Codenomicon Oy.

CERT-FI's press release on vulnerabilities and how to resolve them (in Finnish):
www.cert.fi

Codenomicon's press release on XML tests:
www.codenomicon.com/labs/xml/
www.codenomicon.com/solutions/cross.shtml


Additional information on XML:
www.w3.org/XML/


Further information:

FICORA, CERT-FI, tel. +358 09 6966 510
Juhani Eronen, Information Security Adviser, tel. +358 9 6966 253, +358 50 3519 318
Erka Koivunen, Head of CERT-FI, tel. +358 09 6966 737, 040 309 8094

Page updated 06.08.2009   Print version Print version