BindView RAZOR Team Issues RapidFire Update for Microsoft Vulnerabilities.HOUSTON -- BindView Corp. (Nasdaq:BVEW BVEW Binary View ) announced today that its RAZOR Rapid Response Team is providing a check for two newly identified critical Microsoft vulnerabilities. BindView customers on current maintenance contracts running Vulnerability Management solutions can take immediate protective action. In addition, BindView Patch Deployment customers can use the product to deploy Microsoft patches across their environments or to package the patches for deployment with a software deployment Software deployment is all of the activities that make a software system available for use. The general deployment process consists of several interrelated activities with possible transitions between them. tool such as SMS (1) (Storage Management System) Software used to routinely back up and archive files. See HSM. (2) (Systems Management Server) Systems management software from Microsoft that runs on Windows NT Server. . BindView's RapidFire Update Service provides customers with immediate access to the updates via automatic distribution, or customers can download the new updates online at: www.bindview.com/Services/TechSupport/Advisories/ADV_MSFT MSFT Microsoft (stock symbol) MSFT Movimento Sociale Fiamma Tricolore (Italy) MSFT Multi-Stage Fitness Test MSFT Master of Science in Family Therapy MSFT Macalester Students for Fair Trade 05-121405.cfm Who is at Risk It is recommended that customers refer to the associated Microsoft Security Bulletins for full details. Following is a brief description of the vulnerabilities and the systems affected: MS05-054: A number of remote code execution vulnerabilities exist in Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. that could lead to a complete system compromise. An attacker could construct a malicious Web page that potentially allows remote code execution if a user visits the malicious Web site. An information disclosure vulnerability with Internet Explorer could also allow an attacker to read Web addresses in clear text sent from Internet Explorer to a proxy server Also called a "proxy," it is a computer system or router that breaks the connection between sender and receiver. Functioning as a relay between client and server, proxy servers are used to help prevent an attacker from invading the private network. using an HTTPS (1) (HyperText Transport Protocol Secure) The protocol for accessing a secure Web server. Using HTTPS in the URL instead of HTTP directs the message to a secure port number rather than the default Web port number of 80. connection that requires Basic authentication. Organizations affected include those using versions of Internet Explorer 5.01 and 6; Microsoft Windows See Windows. (operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. 2000 SP4; Microsoft Windows XP SP1 and SP2; Microsoft Windows XP Professional x64 edition Refers to 64-bit versions of Windows operating systems. See x64. ; Microsoft Windows Server 2003, SP1 and Itanium-based Systems; Microsoft Windows Server 2003 x64 edition; and Microsoft Windows 90, Second Edition and Millennium Edition. MS05-055: A privilege elevation vulnerability exists in the way asynchronous Refers to events that are not synchronized, or coordinated, in time. The following are considered asynchronous operations. The interval between transmitting A and B is not the same as between B and C. The ability to initiate a transmission at either end. procedure calls are processed within the kernel and could allow an attacker to take complete control of a system. The attacker must have valid log-on credentials and be able to log-on locally to exploit this vulnerability. The vulnerability cannot be exploited remotely or by anonymous users. Organizations affected include those using Microsoft Windows 2000 Service Pack 4. Suggested Actions BindView has created vulnerability checks to assist customers in locating vulnerable systems. Once systems are identified, customers should proceed with outlined precautionary measures as quickly as possible. Priority should be given to critical workstations, such as administrative workstations, and bv-Control installations. Mobile systems connected to broadband networks  This article or section needs copy editing for grammar, style, cohesion, tone and/or spelling.You can assist by [ editing it] now. -- including notebook computers -- are also a priority as they may be exposed to the Internet without firewall protection. Commentary on the Vulnerabilities BindView RAZOR Team experts are available to discuss the vulnerabilities and share further insight into organizations most at risk, potential outcomes of an attack, as well as additional ways to secure enterprise IT infrastructures. Experts can also discuss the growing number of system vulnerabilities that have been identified in the past few months. About BindView Corporation BindView Corporation is a global provider of IT security compliance software. BindView solutions remove barriers that limit an organization's ability to cost effectively demonstrate due care and maintain compliance with IT security policies and regulatory mandates. BindView policy compliance; vulnerability and configuration management; and directory and access management software combine best-practices knowledge with automated controls to reduce risk and protect IT assets at the lowest cost across users, systems, applications and databases in multi-platform environments. More than 20 million licenses have shipped to 5,000 companies worldwide, spanning all major business segments and the public sector. Contact BindView via e-mail at info@bindview.com, on the web at http://www.bindview.com, and at 1-713-561-4000 or 1-800-749-8439. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion