BindView RAZOR Team Issues RapidFire Updates for Microsoft Vulnerabilities.

HOUSTON -- BindView Corp. (Nasdaq:BVEW BVEW Binary View ) announced today that its RAZOR Rapid Response Team is providing checks for 10 newly identified critical Microsoft vulnerabilities.

BindView customers on current maintenance contracts running Vulnerability Management solutions that include bv-Control for Windows and/or bv-Control for Internet Security ''This article or section is being rewritten at

Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. can take immediate protective action. In addition, BindView Patch Deployment customers can use the product to deploy Microsoft patches across their environments or to package the patches for deployment with a software deployment Software deployment is all of the activities that make a software system available for use.

The general deployment process consists of several interrelated activities with possible transitions between them. tool such as SMS (1) (Storage Management System) Software used to routinely back up and archive files. See HSM.

(2) (Systems Management Server) Systems management software from Microsoft that runs on Windows NT Server. . BindView's RapidFire Update Service provides customers with immediate access to the updates via automatic distribution, or customers can download the new updates online at:

www.bindview.com/Services/TechSupport/Advisories/ADV_MSFT05-061505.cfm

Who is at Risk

It is recommended that customers refer to the associated Microsoft Bulletins for full details. Following are brief descriptions of the four newly identified vulnerabilities deemed critical with bv-Control for Internet Security:

MS05-025: This vulnerability allows an attacker to take control of an affected system if a user is logged on with administrative rights. Attackers can install programs; view, change or delete data; or create new accounts with full user rights. Organizations affected include those using Microsoft Windows See Windows.

(operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. 2000 Service Pack 3 and 4, Microsoft Windows XP Service Pack 1 and 2, Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium), Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium), Microsoft Windows XP Professional x64 Edition Refers to 64-bit versions of Windows operating systems. See x64. , Microsoft Windows Server 2003, Service Pack 1, Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, Microsoft Windows Server 2003 x64 Edition, Microsoft Windows 98, Second Edition and Millenium Edition.

MS05-026: A vulnerability in HTML HTML
in full HyperText Markup Language

Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. Help allows attackers to take control of an affected system, if a user is logged on with administrative rights. An attacker can install programs; view, change or delete data; or create new accounts with full user rights. Organizations affected include those using Microsoft Windows 2000 Service Pack 3 and 4, Microsoft Windows XP Service Pack 1 and 2, Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium), Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium), Microsoft Windows XP Professional x64 Edition, Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, Microsoft Windows Server 2003 x64 Edition, Microsoft Windows 98, Second Edition and Millenium Edition.

MS05-027: A vulnerability in the Server Message Block See SMB.

(protocol) Server Message Block - (SMB) A client/server protocol that provides file and printer sharing between computers. In addition SMB can share serial ports and communications abstractions such as named pipes and mail slots. (SMB (1) (Small to Medium-sized Business) Also called "SME" (small to medium-sized enterprise), it refers to companies that are larger than the small office/home office (SOHO), but not huge. ) allows attackers to take complete control of the affected system. An attacker can install programs; view, change or delete data; or create new accounts with full user rights. Organizations affected include those using Microsoft Windows 2000 Service Pack 3 and 4, Microsoft Windows XP Service Pack 1 and 2, Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) and Version 2003 (Itanium), Microsoft Windows Server 2003 and Service Pack 1, Microsoft Windows Server 2003 for Itanium-based Systems and SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 x64 Edition.

MS05-034: A vulnerability in ISA Server See .NET. 2000 handling of malformed mal·formed
adj.
Abnormally or faultily formed. HTTP HTTP
in full HyperText Transfer Protocol

Standard application-level protocol used for exchanging files on the World Wide Web. HTTP runs on top of the TCP/IP protocol. requests could allow an attacker to poison the cache of the affected ISA server. Attackers could bypass content restrictions and access content they would normally not have access to or could cause users to be directed to unexpected content. An attacker could also use this in combination with a separate Cross Site Scripting vulnerability to obtain sensitive information including logon credentials. The flaw affects Microsoft Internet Security and Acceleration (ISA (1) (Instruction Set Architecture) See instruction set.

(2) (Interactive Services Association) See Internet Alliance.

(3) (Internet Security and Acceleration) See .NET. ) Server 2000 Service Pack 2.

Suggested Actions

BindView has created vulnerability checks for bv-Control for Windows and bv-Control for Internet Security to assist customers in locating vulnerable systems. Once systems are identified, customers should proceed with outlined precautionary measures as quickly as possible.

Priority should be given to Internet-facing and other critical Web servers, as well as bv-Control installations. Mobile systems connected to broadband networks

This article or section needs copy editing for grammar, style, cohesion, tone and/or spelling.
You can assist by [ editing it] now. -- including notebook computers -- are also a priority as they may be exposed to the Internet without firewall protection.

Commentary on the Vulnerabilities

BindView RAZOR Team experts are available to discuss these new vulnerabilities and share further insight into organizations most at risk, potential outcomes of an attack, as well as additional ways to secure enterprise IT infrastructures. Experts can also discuss the growing number of system vulnerabilities that have been identified in the past few months.

About BindView Corporation

BindView Corporation is a leading provider of proactive IT Security Compliance software worldwide. BindView solutions enable customers to centralize and automate Compliance Monitoring, Vulnerability Management, Identity Administration and Configuration Management operations across the enterprise. By following established regulatory guidelines, audit frameworks, technical standards and industry best practices, BindView solutions enable customers to implement a policy-based approach toward safeguarding their IT environments from internal and external threats and vulnerabilities. The result is improved security and improved compliance auditing across users, systems, applications, and databases based on Microsoft, UNIX UNIX

Operating system for digital computers, developed by Ken Thompson of Bell Laboratories in 1969. It was initially designed for a single user (the name was a pun on the earlier operating system Multics). , LINUX and Novell operating systems. With BindView insight at work(TM), customers benefit from reduced risk and improved operational efficiencies with a verifiable return on investment. More than 20 million licenses have shipped to 5,000 companies worldwide, spanning all major business segments and the public sector. Contact BindView via e-mail at info@bindview.com, on the web at http://www.bindview.com, and at 1-713-561-4000 or 1-800-749-8439.

COPYRIGHT 2005 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Publication:	Business Wire
Date:	Jun 15, 2005
Words:	874
Previous Article:	Adept Technology Appoints Janine Roth as Vice President of Marketing and Corporate Development; Industry Veteran to Align Worldwide Marketing Efforts...
Next Article:	Family Room Goes to the ''Borderland'' with Lions Gate Films.
Topics:	Computer software industry Software industry

Related Articles
RAZOR, BindView's Newly Named Security Team, Discovers `Syskey Bug' on Microsoft NT Feature; Top Security Experts Join RAZOR.
BindView Continues to Detect and Eliminate Latest Security Vulnerabilities; Microsoft Acknowledges the BindView RAZOR Team's Ongoing Commitment to...
BindView is First to Help Customers Address the Latest Wave of Security Threats and System Vulnerabilities.
CORRECTING and REPLACING BindView Corporation News Release.
Media Alert - BindView RAZOR Team Issues RapidFire Update for Two Critical Microsoft Vulnerabilities.
BindView RAZOR Team Issues RapidFire Update for New Microsoft Vulnerability.
BindView RAZOR Team Issues RapidFire Updates for Microsoft and Cisco Vulnerabilities.
BindView RAZOR Team Issues RapidFire Updates for Five Microsoft Vulnerabilities.
BindView RAZOR Team Issues RapidFire Update for Microsoft Vulnerability.
BindView RAZOR Team Issues RapidFire Update for Microsoft Vulnerabilities.