Internet Security Systems Protects Customers Against Critical Flaw in Microsoft Windows Operating System; Flaw Allows Unauthenticated Remote Attackers to Fully Compromise Windows 2000 Machines.
Most importantly, the company is protecting against a remote compromise issue in the Microsoft Distributed Transaction Coordinator (MSDTC), which is used by the Microsoft Windows operating system to coordinate transactions such as databases, message queues and file systems across distributed machines. MSDTC is configured to run by default on Windows 2000. Unprotected systems running Windows 2000 can therefore be compromised without any user interaction.
"Based on the profit-driven nature of today's hacker community, ISS fully expects to see rapid and widespread development of exploit code for this vulnerability in a matter of days," said Chris Rouland, chief technology officer at Internet Security Systems.
ISS is also warning customers about an additional vulnerability announced by Microsoft today in Windows Audio Video Interleave (AVI) file parsing. AVI is a common format for audio/video data found on personal computers. This vulnerability affects all recent versions of the Windows operating system and can lead to remote compromise if a victim is convinced to view a maliciously crafted video file.
Compromise of networks and machines running Microsoft Windows can lead to loss of productivity, financial setbacks and exposure of confidential information. ISS customers are therefore advised to apply product updates from ISS for these and other Microsoft vulnerabilities announced today. Other companies are advised to view today's Microsoft security bulletin for suggested methods of mitigating exposure at: http://www.microsoft.com/technet/security/bulletin/ms05-oct.mspx
For more information on Internet Security Systems(TM) preemptive protection offerings, please visit: http://www.iss.net/proof/preemptiveprotection/
The full ISS X-Force alert on today's Microsoft updates can be found at: http://xforce.iss.net/xforce/alerts/id/206
About Internet Security Systems, Inc.
Internet Security Systems, Inc. (ISS) is the trusted expert to global enterprises and world governments, providing products and services that protect against Internet threats. An established world leader in security since 1994, ISS delivers proven cost efficiencies and reduces regulatory and business risk across the enterprise. ISS products and services are based on the proactive security intelligence conducted by ISS' X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. Headquartered in Atlanta, Internet Security Systems has additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.
Internet Security Systems is a trademark and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.