Citadel Security Software Discovers New Automated Attack Tool Exploiting WebDAV Vulnerability.Business Editors/High-Tech Writers DALLAS--(BUSINESS WIRE)--April 24, 2003 Recommends Immediate Remediation Action to Protect Networks against Emerging Threat Citadel Security Software, Inc. (OTCBB OTCBB See OTC Bulletin Board (OTCBB). :CDSS CDSS California Department of Social Services CDSS Clinical Decision Support Systems CDSS Country Dance and Song Society CDSS Canadian Down Syndrome Society CDSS Community Day Secondary Schools (Malawi) ), a leader in automated vulnerability remediation (AVR (Automatic Voltage Regulation) See voltage regulator. ) and policy compliance solutions, announces that the company's security research team today alerted Microsoft of an emerging attack tool found in the wild, designed to rapidly exploit the WebDAV vulnerability initially posted on March 17, 2003 in Microsoft Security Bulletin MS03-007 "Unchecked Buffer The lack of validity checking of the data that is written into a program buffer. Buffers are reserved areas in the program (in memory) that accept data from external sources. Unchecked buffers can cause all kinds of errors and erratic behavior. In Windows Component Could Cause Server Compromise." Utilizing the discovered attack
in full HyperText Transfer Protocol Standard application-level protocol used for exchanging files on the World Wide Web. HTTP runs on top of the TCP/IP protocol. or Port 80 which is commonly opened on many organization's firewalls to allow standard web traffic. To ensure protection against this potential threat, organizations should immediately apply the patch referenced in Microsoft Security Bulletin MS03-007 and or disable the WebDAV component of Microsoft Internet Information Services See IIS. by following the instructions listed in the Security Bulletin -- http://www.microsoft.com/technet/security/bulletin/MS03-007.asp. Following the life-cycle of vulnerabilities and their exploits, this discovery is evidence that a worm may soon be created to exploit the vulnerability in mass. The rapid appearance of the attack tool shortly after the vulnerability was announced illustrates the growing rate at which attacks are being developed following the release of vendor security bulletins. "The discovery of this automated attack tool reinforces the need for organizations to adopt a proactive approach to mitigation and remediation of vulnerabilities before a worm propagates throughout the Internet," said Kerry Steele, Director of Vulnerability Research and Remediation, Citadel Security Software. "Even though Microsoft released the necessary hotfix to patch the vulnerability over a month ago, as the recent Slammer A worm that caused a billion dollars worth of damage on the Internet on January 25, 2003. Slammer infected computers all over the Internet by generating random IP addresses and causing the computer's buffer to overflow with its own instructions that replicate itself and start the process worm proved earlier this year, many organizations are not taking action to protect themselves in a timely manner and may be at risk. To protect against this attack and to mitigate the threat of future exploits, organizations must proactively perform routine vulnerability assessments and remediations. Our team is committed to delivering the latest remediation actions that speed the resolution of ongoing and immediate threats and ensure the protection of our customers." About Citadel Citadel Security Software, Inc., a leader in automated vulnerability remediation and policy enforcement solutions, helps enterprises effectively neutralize neutralize to render neutral. security vulnerabilities. Citadel's patent-pending Hercules(R) technology provides users with full control over the automated remediation process, enabling efficient aggregation, prioritization and resolution of vulnerabilities detected by industry-standard vulnerability assessment tools. Winshield(R) SecurePC(TM) and NetOFF(TM) products enable companies to enforce security policies from a single point of control. Citadel's solutions enable organizations to ensure the confidentiality of information, reduce the time and costs associated with the inefficient manual remediation process, and facilitate compliance with organizational security policies and government mandates such as HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, and Gramm-Leach-Bliley legislation. For more information on Citadel, visit www.citadel.com, or contact the company at 214/520-9292. Safe Harbor/Forward-looking Statements: Except for the historical information contained herein, this news release contains forward looking statements that are subject to risks and uncertainties, including the current economic and geopolitical ge·o·pol·i·tics n. (used with a sing. verb) 1. The study of the relationship among politics and geography, demography, and economics, especially with respect to the foreign policy of a nation. 2. a. environment, information technology spending trends, lack of Citadel operating history, uncertainty of product acceptance, uncertainty of ability to compete effectively in a new market and the uncertainty of profitability and cash flow of Citadel. These risks and uncertainties may cause actual outcomes and results to differ materially from expectations in this press release. These and other risks are detailed in Citadel's report on Form 10-KSB. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion