|
| [June 15, 2005] |
 |
BindView RAZOR Team Issues RapidFire Updates for Microsoft Vulnerabilities
HOUSTON --(Business Wire)-- June 15, 2005 -- BindView Corp. (Nasdaq:BVEW) announced today that its RAZOR Rapid Response Team is providing checks for 10 newly identified critical Microsoft vulnerabilities.
BindView customers on current maintenance contracts running Vulnerability Management solutions that include bv-Control for Windows and/or bv-Control for Internet Security can take immediate protective action. In addition, BindView Patch Deployment customers can use the product to deploy Microsoft patches across their environments or to package the patches for deployment with a software deployment tool such as SMS. BindView's RapidFire Update Service provides customers with immediate access to the updates via automatic distribution, or customers can download the new updates online at: -0- *T www.bindview.com/Services/TechSupport/Advisories/ADV_MSFT05-061505.cfm *T
Who is at Risk
It is recommended that customers refer to the associated Microsoft Bulletins for full details. Following are brief descriptions of the four newly identified vulnerabilities deemed critical with bv-Control for Internet Security:
MS05-025: This vulnerability allows an attacker to take control of an affected system if a user is logged on with administrative rights. Attackers can install programs; view, change or delete data; or create new accounts with full user rights. Organizations affected include those using Microsoft Windows 2000 Service Pack 3 and 4, Microsoft Windows XP Service Pack 1 and 2, Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium), Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium), Microsoft Windows XP Professional x64 Edition, Microsoft Windows Server 2003, Service Pack 1, Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, Microsoft Windows Server 2003 x64 Edition, Microsoft Windows 98, Second Edition and Millenium Edition.
MS05-026: A vulnerability in HTML Help allows attackers to take control of an affected system, if a user is logged on with administrative rights. An attacker can install programs; view, change or delete data; or create new accounts with full user rights. Organizations affected include those using Microsoft Windows 2000 Service Pack 3 and 4, Microsoft Windows XP Service Pack 1 and 2, Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium), Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium), Microsoft Windows XP Professional x64 Edition, Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, Microsoft Windows Server 2003 x64 Edition, Microsoft Windows 98, Second Edition and Millenium Edition.
MS05-027: A vulnerability in the Server Message Block (SMB) allows attackers to take complete control of the affected system. An attacker can install programs; view, change or delete data; or create new accounts with full user rights. Organizations affected include those using Microsoft Windows 2000 Service Pack 3 and 4, Microsoft Windows XP Service Pack 1 and 2, Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) and Version 2003 (Itanium), Microsoft Windows Server 2003 and Service Pack 1, Microsoft Windows Server 2003 for Itanium-based Systems and SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 x64 Edition.
MS05-034: A vulnerability in ISA Server 2000 handling of malformed HTTP requests could allow an attacker to poison the cache of the affected ISA server. Attackers could bypass content restrictions and access content they would normally not have access to or could cause users to be directed to unexpected content. An attacker could also use this in combination with a separate Cross Site Scripting vulnerability to obtain sensitive information including logon credentials. The flaw affects Microsoft Internet Security and Acceleration (ISA) Server 2000 Service Pack 2.
Suggested Actions
BindView has created vulnerability checks for bv-Control for Windows and bv-Control for Internet Security to assist customers in locating vulnerable systems. Once systems are identified, customers should proceed with outlined precautionary measures as quickly as possible.
Priority should be given to Internet-facing and other critical Web servers, as well as bv-Control installations. Mobile systems connected to broadband networks -- including notebook computers -- are also a priority as they may be exposed to the Internet without firewall protection.
Commentary on the Vulnerabilities
BindView RAZOR Team experts are available to discuss these new vulnerabilities and share further insight into organizations most at risk, potential outcomes of an attack, as well as additional ways to secure enterprise IT infrastructures. Experts can also discuss the growing number of system vulnerabilities that have been identified in the past few months.
About BindView Corporation
BindView Corporation is a leading provider of proactive IT Security Compliance software worldwide. BindView solutions enable customers to centralize and automate Compliance Monitoring, Vulnerability Management, Identity Administration and Configuration Management operations across the enterprise. By following established regulatory guidelines, audit frameworks, technical standards and industry best practices, BindView solutions enable customers to implement a policy-based approach toward safeguarding their IT environments from internal and external threats and vulnerabilities. The result is improved security and improved compliance auditing across users, systems, applications, and databases based on Microsoft, UNIX, LINUX and Novell operating systems. With BindView insight at work(TM), customers benefit from reduced risk and improved operational efficiencies with a verifiable return on investment. More than 20 million licenses have shipped to 5,000 companies worldwide, spanning all major business segments and the public sector. Contact BindView via e-mail at info@bindview.com, on the web at http://www.bindview.com, and at 1-713-561-4000 or 1-800-749-8439.
[ Back To cable.tmcnet.com's Homepage ]
|