Internet Security Systems Discovers and Protects Against Critical Flaws in Microsoft DNS Client; ISS Also Warns That Another Flaw Disclosed Today in Microsoft's Server Service Could Be ``Wormable''.ATLANTA -- Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Systems, Inc. (ISS ISS See Institutional Shareholder Services (ISS). ) (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : ISSX ISSX Internet Security Systems Inc. (stock abbreviation, AMEX) ), the worldwide leader in preemptive pre·emp·tive or pre-emp·tive adj. 1. Of, relating to, or characteristic of preemption. 2. Having or granted by the right of preemption. 3. a. , enterprise security, today announced that it has discovered and provided preemptive protection for critical flaws in the Microsoft Domain Name System (DNS (Domain Name System) A system for converting host names and domain names into IP addresses on the Internet or on local networks that use the TCP/IP protocol. For example, when a Web site address is given to the DNS either by typing a URL in a browser or behind the ) client since February 2006. ISS is providing customers with security content and protection for all of the vulnerabilities disclosed by Microsoft today, including a flaw in the Microsoft Server Service, which X-Force predicts could soon be used by attackers to create an Internet worm (networking, security) Internet Worm - The November 1988 worm perpetrated by Robert T. Morris. The worm was a program which took advantage of bugs in the Sun Unix sendmail program, Vax programs, and other security loopholes to distribute itself to over 6000 computers on the . "The Microsoft DNS Microsoft DNS is the name given to the implementation of domain name system services provided in Microsoft Windows operating systems. Overview The Domain Name System support in Microsoft Windows NT, and thus its derivatives Windows 2000, Windows XP, and Windows Server client flaws discovered by X-Force are of particular concern because the vulnerable DNS client is installed on all current Windows platforms," said Alain Sergile Alain Sergile is a Haitian swimmer who competed at the 1996 Summer Olympics in Atlanta, Georgia. He participated in the men's 100 meter butterfly, finishing with a time of 58.23 seconds. He did not advance to the finals. , technical product manager of X-Force, the research division of Internet Security Systems. "Through these vulnerabilities, an attacker can answer a DNS query with a malicious response, triggering a heap corruption and gaining complete, unauthorized control of an affected machine." The Microsoft DNS client is an internal library supplied with Windows that is used to resolve domain names to IP addresses. X-Force has discovered three separate vulnerabilities in the DNS code. "In addition to paying particular attention to the DNS flaws, ISS advises organizations to place priority on patching the Microsoft Server Service," said Gunter Ollmann, director of ISS X-Force. "Because the service runs by default on Windows machines, and a successful compromise of an affected version leaves the attacker in complete control of the targeted host, this type of vulnerability is traditionally a common vector for worm exploitation." The Microsoft Server Service provides basic Windows networking services such as file and printer sharing An operational state in a computer that lets other users in the network copy files and use the printer. See file sharing. . Through the flaw announced by Microsoft today, it is vulnerable to remote code execution. The unique intelligence of X-Force is infused into all ISS products and services, including the company's Virtual Patch(R) technology, enabling the company to preemptively protect customers from the world's most dangerous security events before impact. Since its inception in 1997, X-Force has consistently rivaled independent researchers and other security vendors with its cutting-edge vulnerability discoveries. Further details on these vulnerabilities and ISS' discoveries can be found in the ISS X-Force advisories and alert at: http://xforce.iss.net/ Microsoft's security bulletin addressing these issues can be found at: http://www.microsoft.com/technet/security/current.aspx About Internet Security Systems, Inc. Internet Security Systems, Inc. (ISS) is the trusted security advisor to thousands of the world's leading businesses and governments, providing preemptive protection for networks, desktops and servers. An established leader in security since 1994, the ISS Proventia(R) integrated security platform automatically protects against both known and unknown threats, keeping networks up and running and shielding customers from online attacks before they impact business assets. ISS products and services are based on the proactive security intelligence of its X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. The ISS product line is complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362. Internet Security Systems is a trademark and X-Force, Virtual Patch and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion