Sourcefire Delivers Same Day Protection for Microsoft Tuesday Vulnerabilities

Sourcefire Vulnerability Research Team Protects Users from Latest
             Microsoft Windows and Office Vulnerabilities
COLUMBIA, Md.--(Business Wire)--
Open source innovator and SNORT(R) creator, Sourcefire, Inc.
(Nasdaq:FIRE), a leader in Enterprise Threat Management, announced
that the Sourcefire(R) Vulnerability Research Team (VRT) has delivered
rules to protect Sourcefire customers and Snort users from 9 Microsoft
vulnerabilities disclosed today. These vulnerabilities impact
Microsoft Windows, Windows Messenger, Office, Internet Explorer and
Outlook Express.

   "During the Black Hat Conference last week, a lot of vendors were
talking about the importance of immediate detection and early
disclosure, and while this is critical, it is only half the story,"
said Matt Watchinski, Director of the Sourcefire Vulnerability
Research Team. "By developing an early disclosure policy, Microsoft is
taking the necessary steps to protect its users. Now the vendor
community needs to deliver on its responsibility of delivering the
most effective protection possible. Sourcefire takes proactive
protection extremely seriously, and we will continue to focus on both
the quality of our rules, as well as the speed at which we address new
threats."

   Following Microsoft's disclosure earlier today, the Sourcefire VRT
created, tested and delivered Snort rules designed to detect attacks
targeting the Microsoft vulnerabilities listed below. These new rules
are included in the latest Sourcefire Security Enhancement Update
(SEU) released today.

   --  Microsoft Security Bulletin MS08-041 - Critical vulnerability
        in the ActiveX control for the Snapshot Viewer for Microsoft
        Access. An attacker could exploit the vulnerability by
        constructing a specially crafted Web page. When a user views
        the Web page, the vulnerability could allow remote code
        execution. An attacker who successfully exploited this
        vulnerability could gain the same user rights as the logged-on
        user.

   --  Microsoft Security Bulletin MS08-043 - Critical
        vulnerabilities in Microsoft Office Excel could allow remote
        code execution if a user opens a specially crafted Excel file.
        An attacker who successfully exploited these vulnerabilities
        could take complete control of an affected system. An attacker
        could then install programs; view, change, or delete data; or
        create new accounts with full user rights.

   --  Microsoft Security Bulletin MS08-044 - Five critical
        vulnerabilities could allow remote code execution if a user
        viewed a specially crafted image file using Microsoft Office.

   --  Microsoft Security Bulletin MS08-045 - Five critical
        vulnerabilities could allow remote code execution if a user
        views a specially crafted Web page using Internet Explorer.

   --  Microsoft Security Bulletin MS08-046 - Critical vulnerability
        in the Microsoft Image Color Management (ICM) system could
        allow remote code execution in the context of the current
        user. If a user is logged on with administrative user rights,
        an attacker who successfully exploited this vulnerability
        could take complete control of an affected system. An attacker
        could then install programs; view, change, or delete data; or
        create new accounts with full user rights.

   --  Microsoft Security Bulletin MS08-048 - Important vulnerability
        in Outlook Express and Windows Mail could allow information
        disclosure if a user visits a specially crafted Web page using
        Internet Explorer.

   --  Microsoft Security Bulletin MS08-049 - Two important
        vulnerabilities in Microsoft Windows Event System could allow
        remote code execution. An attacker who successfully exploited
        these vulnerabilities could take complete control of an
        affected system. An attacker could then install programs;
        view, change, or delete data; or create new accounts with full
        administrative rights.

   --  Microsoft Security Bulletin MS08-050 - Important vulnerability
        in supported versions of Windows Messenger. As a result of
        this vulnerability, scripting of an ActiveX control could
        allow information disclosure in the context of the logged-on
        user. An attacker could change state, get contact information,
        and initiate audio and video chat sessions without the
        knowledge of the logged-on user. An attacker could also
        capture the user's logon ID and remotely log on to the user's
        Messenger client impersonating that user.

   --  Microsoft Security Bulletin MS08-051 - Three critical
        vulnerabilities in Microsoft Office PowerPoint and Microsoft
        Office PowerPoint Viewer could allow remote code execution if
        a user opens a specially crafted PowerPoint file. An attacker
        who successfully exploited any of these vulnerabilities could
        take complete control of an affected system. An attacker could
        then install programs; view, change, or delete data; or create
        new accounts with full user rights.

   About the Sourcefire VRT

   The Sourcefire VRT is a group of leading edge intrusion detection
and prevention experts working to proactively discover, assess and
respond to the latest trends in hacking activities, intrusion attempts
and vulnerabilities. This team is also supported by the vast resources
of the open source Snort community, making it the largest group
dedicated to advances in the network security industry.

   About Sourcefire

   Sourcefire, Inc. (Nasdaq:FIRE), Snort creator and open source
innovator, is a world leader in Enterprise Threat Management (ETM)
solutions. Sourcefire is transforming the way Global 2000
organizations and government agencies manage and minimize network
security risks with its 3D Approach - Discover, Determine, Defend - to
securing real networks. This ETM approach equips customers with an
efficient and effective layered security defense - protecting network
assets before, during and after an attack. Through the years,
Sourcefire has been consistently recognized for its innovation and
industry leadership by customers, media and industry analysts alike -
with more than 40 awards and accolades. Today, the names Sourcefire
and founder Martin Roesch have grown synonymous with innovation and
network security intelligence. For more information about Sourcefire,
please visit http://www.sourcefire.com.

   SOURCEFIRE(R), SNORT(R), the Sourcefire logo, the Snort and Pig
logo, SECURITY FOR THE REAL WORLD(TM), SOURCEFIRE DEFENSE CENTER(TM),
SOURCEFIRE 3D(TM), RNA(TM), DAEMONLOGGER(TM), CLAMAV(TM), SOURCEFIRE
SOLUTIONS NETWORK(TM), and certain other trademarks and logos are
trademarks or registered trademarks of Sourcefire, Inc. in the United
States and other countries. Other company, product and service names
may be trademarks or service marks of others.

Media Contact:
Welz & Weisel Communications
Tony Welz, Principal
703-218-3555 x226
tony@w2comm.com
or
Investor Contact:
Sourcefire, Inc.
Tania Almond, Investor Relations Officer
410-423-1919
tania.almond@sourcefire.com

Copyright Business Wire 2008