Media Alert - BindView RAZOR Team Issues RapidFire Update for New Microsoft ASN.1 Vulnerability.
HOUSTON--(BUSINESS WIRE)--Feb. 12, 2004
BindView Corp. (Nasdaq:BVEW) announced today that its RAZOR Rapid Response Team has created security checks for a newly identified critical vulnerability. The new vulnerability pertains to the Abstract Syntax Notation 1 (ASN.1), a standard for interchanging data between many disparate platforms and applications. The Microsoft ASN.1 Library handles data translations for many parts of the Windows Operating System and other applications. Microsoft has released a patch to correct a buffer overflow in this library that if uncorrected allows attackers to exploit the problem and gain full administrative control of the target systems. The newly discovered vulnerability appears to have as much destructive potential as the Blaster worm, with even more attack vectors. Rapid exploitation is expected.
BindView customers running Vulnerability Management solutions that include bv-Control for Windows can take immediate protective action. BindView's RapidFire Update Service provides customers with immediate access to the update via automatic distribution, or customers can download the new updates over the Web at www.bindview.com/advisories/ADV_MSFT-021004.cfm.
Who is at Risk
Nearly every version of Windows NT-based technology -- from Windows NT, Windows 2000, Windows XP and Windows Server 2003 -- is potentially vulnerable, regardless of whether the systems are servers or workstations, or which applications are installed.
BindView has created vulnerability checks for bv-Control for Windows to assist customers in locating at-risk systems. Once these systems are identified, the Microsoft patches should be installed as quickly as possible.
Commentary on the ASN.1 Vulnerability
BindView RAZOR Team experts are available to discuss these new vulnerabilities and share further insight into organizations most at risk, potential outcomes of an attack, as well as additional ways to secure enterprise IT infrastructures. Experts can also discuss the growing number of system vulnerabilities that have been identified in the past several months.