Media Alert - BindView RAZOR Team Issues RapidFire Update for Two Critical Microsoft Vulnerabilities.

Business Editors/High-Tech Writers

HOUSTON--(BUSINESS WIRE)--Oct. 17, 2003

What

BindView Corp. (NASDAQ NASDAQ
in full National Association of Securities Dealers Automated Quotations

U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on :BVEW BVEW Binary View ) announced today that its RAZOR Rapid Response Team has created security checks for two newly identified critical vulnerabilities. The vulnerabilities are found in Microsoft Exchange Messaging and groupware software for Windows from Microsoft. Exchange Server is an Internet-compliant e-mail system that runs under Windows NT/2000 and Windows Server 2003. It can be accessed by Web browsers, the Exchange client, versions of Outlook and the earlier Windows Inbox. - a commonly deployed mail server and groupware application that runs more than 50 percent of corporate e-mail accounts - and in Microsoft Messenger Service Messenger Service is a network-based system notification service included in some versions of Microsoft Windows. This service, although it has a similar name, is not related in any way to the . . Both are buffer overrun vulnerabilities and if not detected could allow attackers to gain full control of targeted systems.

BindView customers running Vulnerability Management solutions that include bv-Control for Internet Security ''This article or section is being rewritten at

Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. or bv-Control for Windows can take immediate protective action. BindView's RapidFire(TM) Update service provides customers with immediate access to the updates via automatic distribution, or customers can download the new updates over the Web at www.bindview.com/Advisories/Adv_MSExch-MsgSvcBo-101503.cfm/.

Who is at Risk

The Microsoft Exchange vulnerability affects both Exchange 5.5 and Exchange 2000. The Exchange 5.5 vulnerability is a Denial of Service attack An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. that does not allow code execution. On Exchange 2000 systems that handle Internet e-mail, attackers are able to execute arbitrary code In computer security, arbitrary code is executable code introduced externally that runs despite the intent of the original programmer. The code is injected into a currently-running application or its memory space, thus making the application execute the code. on vulnerable systems.

The Microsoft Messenger Service vulnerability - which should not be confused with the Instant Messaging Exchanging text messages in real time between two or more people logged into a particular instant messaging (IM) service. Instant messaging is more interactive than e-mail because messages are sent immediately, whereas e-mail messages can be queued up in a mail server for seconds or application of a similar name - is present on all Windows NT-based platforms including Windows NT, Windows NT Terminal Services, as well as Windows 2000 Workstation, Server and Advanced Server. Also vulnerable are Windows XP and Windows 2003 platforms. By default, Microsoft Messenger Service is not enabled on Windows 2003.

BindView has released updated checks for bv-Control for Internet Security and bv-Control for Windows. The bv-Control for Internet Security checks search for vulnerabilities without requiring administrative access on the target systems. The Exchange checks determine if systems are vulnerable, while checks for bv-Control for Windows identify if patches are installed.

Commentary on These Vulnerabilities

BindView RAZOR Team experts are available to discuss these new vulnerabilities and share further insight into organizations most at risk, potential outcomes of an attack, as well as additional ways to secure enterprise IT infrastructures. Experts can also discuss the growing number of system vulnerabilities that have been identified in the past several months.

COPYRIGHT 2003 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Publication:	Business Wire
Geographic Code:	1USA
Date:	Oct 17, 2003
Words:	359
Previous Article:	OXiGENE to Present at Rodman & Renshaw Techvest Healthcare Conference.
Next Article:	Midday Options Update Highlights the Following Stocks: USG Corp., eBay, Advanced Micro Devices, DoubleClick.
Topics:	Computer software industry Software industry

Related Articles
RAZOR, BindView's Newly Named Security Team, Discovers `Syskey Bug' on Microsoft NT Feature; Top Security Experts Join RAZOR.
BindView Continues to Detect and Eliminate Latest Security Vulnerabilities; Microsoft Acknowledges the BindView RAZOR Team's Ongoing Commitment to...
BindView is First to Help Customers Address the Latest Wave of Security Threats and System Vulnerabilities.
BindView RAZOR Team Creates Rapid Fire Vulnerability Check for RPC Interface Buffer Overflow.
CORRECTING and REPLACING BindView Corporation News Release.
BindView RAZOR Team Issues RapidFire Update for New Microsoft Vulnerability.
BindView RAZOR Team Issues RapidFire Updates for Microsoft Vulnerabilities.
BindView RAZOR Team Issues RapidFire Updates for Microsoft and Cisco Vulnerabilities.
BindView RAZOR Team Issues RapidFire Update for Microsoft Vulnerability.
BindView RAZOR Team Issues RapidFire Update for Microsoft Vulnerabilities.