BindView RAZOR Team Issues RapidFire Update for Microsoft Vulnerability.HOUSTON -- BindView Corp. (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on :BVEW BVEW Binary View ) announced today that its RAZOR Rapid Response Team is providing a check for a newly identified critical Microsoft vulnerability. BindView customers on current maintenance contracts running Vulnerability Management solutions that include bv-Control for Windows and/or bv-Control for Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. can take immediate protective action. In addition, BindView Patch Deployment customers can use the product to deploy Microsoft patches across their environments or to package the patches for deployment with a software deployment Software deployment is all of the activities that make a software system available for use. The general deployment process consists of several interrelated activities with possible transitions between them. tool such as SMS (1) (Storage Management System) Software used to routinely back up and archive files. See HSM. (2) (Systems Management Server) Systems management software from Microsoft that runs on Windows NT Server. . BindView's RapidFire Update Service provides customers with immediate access to the updates via automatic distribution, or customers can download the new updates online at: www.bindview.com/Services/TechSupport/Advisories/ADV_MSFT MSFT Microsoft (stock symbol) MSFT Movimento Sociale Fiamma Tricolore (Italy) MSFT Multi-Stage Fitness Test MSFT Master of Science in Family Therapy MSFT Macalester Students for Fair Trade 05-101205.cfm Who is at Risk It is recommended that customers refer to the associated Microsoft Security Bulletin for full details. Following is a brief description of the vulnerability and the systems affected: MS05-053: A vulnerability in the rendering of Windows Metafile The native vector graphics file format in Windows. Windows Metafiles also can hold bitmaps and text. The original 16-bit format uses the .WMF file extension. The subsequent 32-bit format, which supports more sophisticated graphics functions, generates .EMF (Enhanced MetaFile) files. (WMF (filename extension) wmf - The filename extension for a Windows Metafile. ) and Enhanced Metafile A file that contains other files. It generally refers to graphics files that can hold vector drawings and bitmaps. For example, Windows Metafiles (WMFs) and Enhanced Metafiles (EMFs) can store pictures in vector graphics and bitmap formats as well as text. (EMF emf: see electromotive force. (1) (ElectroMagnetic Field) See electromagnetic radiation. (2) (Enhanced MetaFile) See Windows metafile. ) image formats could allow an attacker to execute remote code and take complete control of an affected system. The attacker must persuade the user to open a specially crafted file or view a folder containing the specially crafted image to successfully exploit the vulnerability. Organizations affected include those using versions of Microsoft Windows 2000 SP4; Microsoft Windows XP SP1; Microsoft Windows XP Professional x64 edition; Microsoft Windows Server 2003, SP1 and Itanium-based Systems; and Microsoft Windows Server 2003 x64 edition. Suggested Actions BindView has created a vulnerability check for bv-Control for Windows and bv-Control for Internet Security to assist customers in locating vulnerable systems. Once systems are identified, customers should proceed with outlined precautionary measures as quickly as possible. Priority should be given to critical workstations, such as administrative workstations, and bv-Control installations. Mobile systems connected to broadband networks -- including notebook computers -- are also a priority as they may be exposed to the Internet without firewall protection. Commentary on the Vulnerability BindView RAZOR Team experts are available to discuss this new vulnerability and share further insight into organizations most at risk, potential outcomes of an attack, as well as additional ways to secure enterprise IT infrastructures. Experts can also discuss the growing number of system vulnerabilities that have been identified in the past few months. About BindView Corporation BindView Corporation is a global provider of IT security compliance software. BindView solutions remove barriers that limit an organization's ability to cost effectively demonstrate due care and maintain compliance with IT security policies and regulatory mandates. BindView policy compliance; vulnerability and configuration management; and directory and access management software combine best-practices knowledge with automated controls to reduce risk and protect IT assets at the lowest cost across users, systems, applications and databases in multi-platform environments. More than 20 million licenses have shipped to 5,000 companies worldwide, spanning all major business segments and the public sector. Contact BindView via e-mail at info@bindview.com, on the web at http://www.bindview.com, and at 1-713-561-4000 or 1-800-749-8439. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion