BindView RAZOR Team Issues RapidFire Updates for Two New Microsoft Vulnerabilities.HOUSTON -- BindView Corp. (Nasdaq:BVEW BVEW Binary View ) What BindView Corp. (Nasdaq:BVEW) announced today that its RAZOR Rapid Response Team has created security checks for two newly identified critical Microsoft vulnerabilities outlined in the latest Microsoft Security Bulletins. BindView customers on current maintenance contracts running Vulnerability Management solutions that include bv-Control for Windows, bv-Control for Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. and/or Patch Management The installation of patches from a software vendor onto an organization's computers. Patching thousands of PCs and servers is a major issue. A patch should be applied to test machines first before deployment, and the testing environments must represent all the users' PCs with their unique can take immediate protective action. In addition, BindView Patch Deployment customers can use the product to deploy Microsoft patches across their environments or to package the patches for deployment with a software deployment Software deployment is all of the activities that make a software system available for use. The general deployment process consists of several interrelated activities with possible transitions between them. tool such as SMS (1) (Storage Management System) Software used to routinely back up and archive files. See HSM. (2) (Systems Management Server) Systems management software from Microsoft that runs on Windows NT Server. . BindView's RapidFire Update Service provides customers with immediate access to the updates via automatic distribution, or customers can download the new updates online at http://www.bindview.com/Advisories/ADV_MSFT MSFT Microsoft (stock symbol) MSFT Movimento Sociale Fiamma Tricolore (Italy) MSFT Multi-Stage Fitness Test MSFT Master of Science in Family Therapy MSFT Macalester Students for Fair Trade 05-011205.cfm. Who is at Risk It is recommended that customers refer to the associated Microsoft Security Bulletins for full details. Following are the systems affected by these newly identified vulnerabilities: MS05-001: By taking advantage of a vulnerability in the Windows HTML HTML in full HyperText Markup Language Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. Help ActiveX control A software module based on Microsoft's Component Object Model (COM) architecture. It enables a program to add functionality by calling ready-made components that blend in and appear as normal parts of the program. in Windows, an attacker can execute arbitrary code In computer security, arbitrary code is executable code introduced externally that runs despite the intent of the original programmer. The code is injected into a currently-running application or its memory space, thus making the application execute the code. using permission levels of the currently logged-in user. The vulnerability can also be exploited by a user visiting a malicious Web site crafted by an attacker. Organizations at risk include those using Windows 2000, Windows XP, Windows Server 2003 and Windows NT 4.0, if Internet Explorer version 6 is loaded. MS05-003: The Indexing Service is a fast, popular tool for searching file systems on Windows computers and by default is not enabled. A vulnerability in the query validation code of this service could allow for remote code execution. Microsoft Internet Information Services See IIS. (IIS (Internet Information Services) Microsoft's Web server. IIS runs under the server versions of Windows, adding HTTP server capability to the Windows operating system. ) Web servers are also vulnerable if the Indexing Service has been configured for the Web space, and if a web-based program has been provided to use the Indexing Service. Microsoft platforms affected by this new vulnerability include Windows 2000, Windows XP and Windows Server 2003. BindView has created vulnerability checks for bv-Control for Windows and bv-Control for Internet Security to assist customers in locating compromised systems. Once these systems are identified, customers should proceed with the outlined precautionary measures as quickly as possible. Priority should be given to Internet-facing and other critical Web servers, as well as bv-Control for Windows installations. Also important are mobile systems connected to broadband networks -- including notebook computers -- that may be exposed to the Internet without firewall protection. Commentary on the Vulnerabilities BindView RAZOR Team experts are available to discuss these new vulnerabilities and share further insight into organizations most at risk, potential outcomes of an attack, as well as additional ways to secure enterprise IT infrastructures. Experts can also discuss the growing number of system vulnerabilities that have been identified in the past few months. About BindView Corporation BindView Corporation is a leading provider of proactive business policy, IT security and directory management software. BindView solutions and services enable customers to centralize and automate policy compliance, vulnerability assessment, and directory administration across the entire organization. With BindView insight at work(TM), customers benefit from reduced risk and improved operational efficiencies with a verifiable return on investment. More than 20 million licenses have shipped to 5,000 companies worldwide, spanning all major business segments and the public sector. Contact BindView via e-mail at info@bindview.com or visit BindView's Web site at http://www.bindview.com. BindView can also be reached at 1-800-749-8439 or at 1-713-561-4000. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion