Printer Friendly
The Free Library
5,666,863 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

St. Bernard Software Technical Advisory: Critical Microsoft Windows Flaws Present Similar Vulnerabilities Exploited by Blaster Worm.


Business Editors/High-Tech Writers

SAN DIEGO--(BUSINESS WIRE)--Sept. 11, 2003

St. Bernard Software St. Bernard Software is an American content filtering company. It produces several hardware appliances for this purpose including the ePrism, and iPrism line. In addition also makes Liveprism, a SaS filtering solution. External Links
  • St. Bernard Software - Official Website
 Inc. advises users of its UpdateEXPERT(R) patch management The installation of patches from a software vendor onto an organization's computers. Patching thousands of PCs and servers is a major issue. A patch should be applied to test machines first before deployment, and the testing environments must represent all the users' PCs with their unique  and remediation solution to verify that they have installed the latest Microsoft(R) cumulative security patch A fix to a program that eliminates a vulnerability exploited by malicious hackers. See vulnerability and patch. , MS03-039, to protect their systems from severe vulnerabilities that could open networks up to attack. Designated as "critical," Microsoft's highest severity rating, MS03-039 addresses three flaws in several versions of Windows(R) that leave a user open to a wide variety of threats, such as variants of the Blaster worm that spread across the Internet in August 2003. St. Bernard St. Bernard

a very large (110-200 lb) dog with massive, broad head, medium-sized ears lying close to the head, and a long tail. There are two varieties, the most familiar (rough) has a long, thick coat, while the smooth variety has a shorter coat, lying close to the body.  added the patch to its English and German UpdateEXPERT databases on the same day it was released by Microsoft -- Sept. 10, 2003.

The MS03-039 patch essentially supersedes a previous Microsoft patch, MS03-026, which garnered worldwide attention after the Blaster worm exploited a flaw in the remote procedure call (RPC (Remote Procedure Call) A programming interface that allows one program to use the services of another program in a remote machine. The calling program sends a message and data to the remote program, which is executed, and results are passed back to the calling ) process, even though the patch had been issued weeks earlier. As with MS03-026, Microsoft advises that all users of Windows NT (Windows New Technology) A 32-bit operating system from Microsoft for Intel x86 CPUs. NT is the core technology in Windows 2000 and Windows XP (see Windows). Available in separate client and server versions, it includes built-in networking and preemptive multitasking.  4.0, Windows 2000, Windows Server See Windows Server 2008, Windows Server 2003, Windows Home Server, Windows 2000 and Windows NT.  2003 and Windows XP The previous client version of Windows. XP was a major upgrade to the client version of Windows 2000 with numerous changes to the user interface. XP improved support for gaming, digital photography, instant messaging, wireless networking and sharing connections to the Internet.  apply the MS03-039 patch immediately. St. Bernard also recommends rebooting target workstations and servers immediately to ensure the patch is installed and valid.

According to Microsoft, the RPC flaw that MS03-039 fixes produces a similar vulnerability as MS03-026 in terms of potential damage, but it affects the RPC function differently. The patch also repairs two buffer overruns in the Distributed Component Object Model (programming) Distributed Component Object Model - (DCOM) Microsoft's extension of their Component Object Model (COM) to support objects distributed across a network. DCOM has been submitted to the IETF as a draft standard.  (DCOM (Distributed Component Object Model) Formerly Network OLE, it is Microsoft's technology for distributed objects. DCOM is based on COM, Microsoft's component software architecture, which defines the object interfaces. ) interface, which could allow a hacker to take over management rights to a computer by allowing arbitrary code to execute. By exploiting these flaws at the same time, unwanted programs can be loaded onto a computer via the buffer overrun flaws, which could then launch a denial-of-service attack across the Internet similar to the Blaster worm's intended attack on Microsoft's update Web sites.

With the ongoing rash of malicious viruses and worms that have propagated around the Internet in 2003, including the most recent Blaster worm and SoBig.F virus, St. Bernard Software reinforces its recommendation that organizations keep up to date with all Microsoft patches. The use of intelligent third-party software solutions like St. Bernard's UpdateEXPERT can perform this critical function easily and cost-effectively without draining IT staff resources.

More information on UpdateEXPERT can be found at www.updateexpert.com.

About St. Bernard Software Inc.

St. Bernard Software Inc. is a global provider of security solutions that protect against data loss, system threats, Internet abuse and unsolicited e-mail. Through its products and services, St. Bernard Software helps companies protect their bottom line by securing networks against major risks before they happen. The company's products include Open File Manager(TM), which captures open and in-use files during the backup process; UpdateEXPERT(R), which solves system and application security problems by keeping software patch levels current; iPrism(R), an Internet access management appliance that monitors, filters and reports on inappropriate Internet usage; and ePrism, a dedicated e-mail filtering and spam management appliance for enterprises of all levels.

Founded in 1995, with corporate headquarters in San Diego and an international office in London, St. Bernard Software sells and supports its award-winning products through key solution partners worldwide. St. Bernard Web site: http://www.stbernard.com/.

(C) 2003 St. Bernard Software. All rights reserved. St. Bernard Software, the St. Bernard Software logo, Open File Manager and UpdateEXPERT are trademarks or registered trademarks of St. Bernard Software Inc. iPrism is a registered trademark of Internet Products Inc. Internet Products is a wholly owned subsidiary Wholly Owned Subsidiary

A subsidiary whose parent company owns 100% of its common stock.

Notes:
In other words, the parent company owns the company outright and there are no minority owners.  of St. Bernard Software Inc. All other trademarks and registered trademarks are hereby acknowledged.
COPYRIGHT 2003 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2003, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Geographic Code:1USA
Date:Sep 11, 2003
Words:597
Previous Article:Verisity Significantly Expands University Program; Program Attracting Leading Universities; 14 Members Listed Among the Top 50 Engineering...
Next Article:Greektown Casino Selects Casino Data Imaging's CasinoCAD 4.2 Analysis Interface.
Topics:



Related Articles
Nimda - how it works. (VIRUS NOTES).
Nachi Worm undoes Blaster.(Security News)(Brief Article)
Microsoft identfies critical security vulnerabilites.(Virus Notes)(Brief Article)
Microsoft releases 10 security updates.(Security)(Brief Article)
Sorbot worm targets MYSQL.(Security)
New virus diguised as Saddam Hussein death.(Security)
Dasher-B expoits Windows 2000 PC's.(Security News)
Third busy patch month for Microsoft.(Security)
IBM Internet Security Systems shields customers from critical Microsoft vulnerabilities.(Security News and Products)
Security and products; ISS helps safeguard customers.(SOFTWARE WORLD DIGEST)

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles