Media Alert - BindView RAZOR Team Issues RapidFire Update for New Microsoft ASN.1 Vulnerability.
Business Editors/High-Tech Writers
HOUSTON--(BUSINESS WIRE)--Feb. 12, 2004
BindView Corp. (Nasdaq:BVEW BVEW Binary View ) announced today that its RAZOR Rapid Response Team has created security checks for a newly identified critical vulnerability. The new vulnerability pertains to the Abstract Syntax (language, data) abstract syntax - A representation of data (typically either a message passing over a communications link or a program being compiled) which is independent of machine-oriented structures and encodings and also of the physical representation of the data (called Notation 1 (ASN (1) (Autonomous System Number) A unique identifier of an autonomous system on the Internet. Of the 65 thousand ASNs available, more than 30 thousand have been assigned to ISPs and NSPs. ISPs usually have only one ASN, but NSPs may have more than one. .1), a standard for interchanging data between many disparate platforms and applications. The Microsoft ASN.1 Library handles data translations for many parts of the Windows Operating System operating system (OS)
Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. and other applications. Microsoft has released a patch to correct a buffer overflow A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. in this library that if uncorrected allows attackers to exploit the problem and gain full administrative control Direction or exercise of authority over subordinate or other organizations in respect to administration and support, including organization of Service forces, control of resources and equipment, personnel management, unit logistics, individual and unit training, readiness, mobilization, of the target systems. The newly discovered vulnerability appears to have as much destructive potential as the Blaster worm, with even more attack vectors. Rapid exploitation is expected.
BindView customers running Vulnerability Management solutions that include bv-Control for Windows can take immediate protective action. BindView's RapidFire Update Service provides customers with immediate access to the update via automatic distribution, or customers can download the new updates over the Web at www.bindview.com/advisories/ADV_MSFT-021004.cfm.
Who is at Risk
Nearly every version of Windows NT-based technology -- from Windows NT (Windows New Technology) A 32-bit operating system from Microsoft for Intel x86 CPUs. NT is the core technology in Windows 2000 and Windows XP (see Windows). Available in separate client and server versions, it includes built-in networking and preemptive multitasking. , Windows 2000, Windows XP and Windows Server 2003 -- is potentially vulnerable, regardless of whether the systems are servers or workstations, or which applications are installed.
BindView has created vulnerability checks for bv-Control for Windows to assist customers in locating at-risk systems. Once these systems are identified, the Microsoft patches should be installed as quickly as possible.
Commentary on the ASN.1 Vulnerability
BindView RAZOR Team experts are available to discuss these new vulnerabilities and share further insight into organizations most at risk, potential outcomes of an attack, as well as additional ways to secure enterprise IT infrastructures. Experts can also discuss the growing number of system vulnerabilities that have been identified in the past several months.