Internet Security Systems Protects Customers Against Critical Flaw in Microsoft Windows Operating System; Flaw Allows Unauthenticated Remote Attackers to Fully Compromise Windows 2000 Machines.ATLANTA -- Internet Security Systems, Inc. (ISS ISS
See Institutional Shareholder Services (ISS). ) (NASDAQ NASDAQ
in full National Association of Securities Dealers Automated Quotations
U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : ISSX ISSX Internet Security Systems Inc. (stock abbreviation, AMEX) ) today announced that the company is providing customers of its Proventia(R) products and Managed Security Services with preemptive pre·emp·tive or pre-emp·tive
1. Of, relating to, or characteristic of preemption.
2. Having or granted by the right of preemption.
a. protection for multiple security vulnerabilities announced in the October Microsoft security bulletin.
Most importantly, the company is protecting against a remote compromise issue in the Microsoft Distributed Transaction Coordinator The Distributed Transaction Coordinator (MSDTC) service is a component of modern versions of Microsoft Windows that is responsible for coordinating transactions that span multiple resource managers, such as databases, message queues, and file systems. (MSDTC MSDTC Microsoft Distributed Transaction Coordinator ), which is used by the Microsoft Windows operating system to coordinate transactions such as databases, message queues and file systems across distributed machines. MSDTC is configured to run by default on Windows 2000. Unprotected systems running Windows 2000 can therefore be compromised without any user interaction.
"Based on the profit-driven nature of today's hacker community, ISS fully expects to see rapid and widespread development of exploit code for this vulnerability in a matter of days," said Chris Rouland, chief technology officer at Internet Security Systems.
ISS is also warning customers about an additional vulnerability announced by Microsoft today in Windows Audio Video Interleave (multimedia) Audio Video Interleave - (AVI) An audio-video standard designed by Microsoft. Apparently proprietary and Microsoft Windows-specific.
http://www2.echo.lu/oii/en/video.html#AVI. (AVI (Audio Video Interleaved) A Windows multimedia video format from Microsoft. It interleaves standard waveform audio and digital video frames (bitmaps) to provide reduced animation at 15 fps at 160x120x8 resolution. Audio is 11,025Hz, 8-bit samples. ) file parsing See parse.
parsing - parser . AVI is a common format for audio/video data found on personal computers. This vulnerability affects all recent versions of the Windows operating system and can lead to remote compromise if a victim is convinced to view a maliciously crafted video file.
Compromise of networks and machines running Microsoft Windows can lead to loss of productivity, financial setbacks and exposure of confidential information. ISS customers are therefore advised to apply product updates from ISS for these and other Microsoft vulnerabilities announced today. Other companies are advised to view today's Microsoft security bulletin for suggested methods of mitigating exposure at: http://www.microsoft.com/technet/security/bulletin/ms05-oct.mspx
For more information on Internet Security Systems(TM) preemptive protection offerings, please visit: http://www.iss.net/proof/preemptiveprotection/
The full ISS X-Force alert on today's Microsoft updates can be found at: http://xforce.iss.net/xforce/alerts/id/206
About Internet Security Systems, Inc.
Internet Security Systems, Inc. (ISS) is the trusted expert to global enterprises and world governments, providing products and services that protect against Internet threats. An established world leader in security since 1994, ISS delivers proven cost efficiencies and reduces regulatory and business risk across the enterprise. ISS products and services are based on the proactive security intelligence conducted by ISS' X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. Headquartered in Atlanta, Internet Security Systems has additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.
Internet Security Systems is a trademark and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.