BindView is First to Offer Solution to Identify Critical Microsoft PPTP Vulnerability; Security Check and RAZOR Team Report Available on BindView Web Site.Business/Technology Editors HOUSTON--(BUSINESS WIRE)--Sept. 27, 2002 BindView Corporation (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : BVEW BVEW Binary View ), a leading provider of IT security management solutions, announced today the availability of the first security check to identify new critical Microsoft PPTP (Point-to-Point Tunneling Protocol) A protocol from Microsoft that is used to create a virtual private network (VPN) over the Internet. Remote users can access their corporate networks via any ISP that supports PPTP on its servers. vulnerabilities. On Sept. 26, 2002, a vulnerability was announced on the Internet that allows hackers to gain full control of critical PPTP servers and clients. A patch to thwart and defend against this exploit code has not yet been released by Microsoft. However, BindView's RAZOR Team has developed the first downloadable report that its bv-Control customers can utilize to determine which of their servers are at risk and then take the necessary steps to secure their systems. These reports are available for download To receive a file transmitted over a network. In any communications session, "download" means receive, and "upload" means send. The download/upload often implies a big/little scenario, in which data is being downloaded from the "big" server into the "little" user's computer. at www.bindview.com. "This type of vulnerability is especially dangerous because it can enable unauthorized attackers to remotely gain full access to and control over organizations' servers and internal information," said Scott Blake, vice president of Information Security at BindView and head of the company's RAZOR Team. "BindView's solution and security check helps organizations prepare to patch their Microsoft PPTP servers and aids them in ensuring that all vulnerable systems are safely shut down until the necessary patch is available." This vulnerability affects all Microsoft Windows See Windows. (operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. 2000 and Windows XP The previous client version of Windows. XP was a major upgrade to the client version of Windows 2000 with numerous changes to the user interface. XP improved support for gaming, digital photography, instant messaging, wireless networking and sharing connections to the Internet. systems running either the PPTP Server or PPTP Client. It is not currently known if the vulnerability also affects Microsoft Windows NT systems running PPTP. The Point-to-Point Tunneling Protocol See PPTP. (communications, protocol) Point-to-Point Tunneling Protocol - (PPTP) A tunneling protocol for connecting Windows NT clients and servers over Remote Access Services (RAS). PPTP can be used to create a Virtual Private Network between computers running NT. (PPTP) is a networking technology widely used for implementing Virtual Private Networks (VPNs). PPTP allows two Internet hosts to communicate over a secure channel by providing security features including authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. and encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. . PPTP clients ship with all versions of Microsoft Windows 2000 and Windows XP and are commonly used by many businesses to allow secure remote connectivity to their internal systems. The vulnerability exposed yesterday on the Internet enables an outside attacker to execute arbitrary commands on a Windows system running PPTP. While the vulnerability affects both PPTP servers and PPTP clients, the PPTP server vulnerability is considered more serious, since an attacker who compromises an organization's PPTP server can typically obtain widespread access to its internal network. The security check made available today by BindView and its RAZOR Team works with the bv-Control for Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. and bv-Control for Windows 2000 solutions. Upon Microsoft's issue of a patch for this vulnerability, BindView will make available new security checks that can help organizations verify patch deployment on Windows systems. BindView's bv-Control solution suite helps organizations reduce security vulnerabilities with enterprise-wide assessment, ensure the consistency and accuracy of their network configuration and provide global network administration and policy enforcement. Then by using its exclusive bv-Control ActiveAdmin(R) technology, most identified vulnerabilities can be repaired quickly and easily, with just a few clicks of the mouse. From comprehensive vulnerability assessments A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. to routine administration, bv-Control software helps provide the technology that security and system administrators need to efficiently secure and maintain optimal network service levels. About BindView Corporation BindView Corporation, the worldwide leader in providing host-based vulnerability assessment software, delivers proactive security management solutions to help safeguard computer systems and networks from security breaches before they occur. Unlike traditional approaches, the company's solutions work from the inside out to help protect business systems from both internal and external threats, thus reducing business risks. BindView's suite of cross-platform software and associated services help secure, automate To turn a set of manual steps into an operation that goes by itself. See automation. and reduce the costs of managing information technology infrastructures. More than 20 million licenses of our solutions have been shipped worldwide to approximately 5,000 companies, including more than 80 of the Fortune 100 and 24 of the largest 25 U.S. banks. Contact BindView via e-mail at info@bindview.com or visit BindView's World Wide Web Site at http://www.bindview.com. BindView can also be reached at (800) 749-8439 or at (713) 561-4000. Editors Note: BindView(R), the BindView logo, and the BindView product names used in this document are trademarks of BindView Development Corporation, which may be registered in one or more jurisdictions. The names of products of other companies mentioned in this document, if any, may be the registered or unregistered trademarks of the owners of the products. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion