BindView RAZOR Team Issues RapidFire Updates for New Microsoft Vulnerabilities.Business Editors/High-Tech Writers HOUSTON--(BUSINESS WIRE)--April 16, 2004 What BindView Corp. (Nasdaq:BVEW BVEW Binary View ) announced today that its RAZOR Rapid Response Team has created security checks for three newly identified critical Microsoft vulnerabilities. These new vulnerabilities are: Bulletin MS04-011: Relates to several buffer overflow A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. and input data processing data processing or information processing, operations (e.g., handling, merging, sorting, and computing) performed upon data in accordance with strictly defined procedures, such as recording and summarizing the financial transactions of a vulnerabilities that allow an attacker to gain full access to vulnerable systems. A major risk is the Local Security Authority Service vulnerability, a stack buffer overflow This article is about the specifics of stack-based buffer overflows. For buffer overflows more generally, see Buffer overflow. In software, a stack buffer overflow that runs on Windows 2000 and XP workstations. A self-propagating worm can be developed for large-scale attacks. Bulletin MS04-012: Relates to a race-condition vulnerability in the RPC/DCOM runtime library A collection of executable software functions in the machine language of the target computer. A runtime library can be linked into an application at compile time with links already resolved from the programmer's code to the functions when the application is loaded. that could allow a remote attacker to gain complete control of the system. Bulletin MS04-014: Relates to a buffer overflow vulnerability in the Microsoft Jet Database Engine This article is about JET Red used in Microsoft Access. For the JET Blue ISAM implementation, see Extensible Storage Engine. The Microsoft Jet Database Engine is a database engine on which several Microsoft products were built. used by many software products running on Windows operating systems. This vulnerability could allow a remote attacker to gain complete control of the system. BindView customers on current maintenance contracts running Vulnerability Management solutions that include bv-Control for Windows can take immediate protective action. BindView's RapidFire Update Service provides customers with immediate access to the update via automatic distribution, or customers can download the new updates over the Web at http://www.bindview.com/Advisories/ADV_MSFT MSFT Microsoft (stock symbol) MSFT Movimento Sociale Fiamma Tricolore (Italy) MSFT Multi-Stage Fitness Test MSFT Master of Science in Family Therapy MSFT Macalester Students for Fair Trade 04-041404.cfm/ . Who is at Risk Nearly every version of Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003 operating systems is potentially vulnerable, regardless of whether the systems are servers or workstations. BindView has created vulnerability checks for bv-Control for Windows to assist customers in locating at-risk systems. Once these systems are identified, the Microsoft patches should be installed as quickly as possible. Commentary on the Vulnerabilities BindView RAZOR Team experts are available to discuss these new vulnerabilities and share further insight into organizations most at risk, potential outcomes of an attack, as well as additional ways to secure enterprise IT infrastructures. Experts can also discuss the growing number of system vulnerabilities that have been identified in the past several months. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion