St. Bernard Software Technical Advisory: Critical Windows Vulnerability.
SAN DIEGO--(BUSINESS WIRE)--July 18, 2003
St. Bernard Software Inc. advises users of its UpdateEXPERT(R) patch management and remediation solution to verify that they have installed Microsoft's most recent cumulative security patches MS03-026 and MS03-027 to protect their systems from severe vulnerabilities that could open networks up to attack. The MS03-026 patch is for all Windows(R) versions except for ME and is designated as "critical," Microsoft's highest severity rating. MS03-027 affects Windows XP and is listed by Microsoft as "important," the second highest level. St. Bernard added both patches to its English and German UpdateEXPERT databases on the same day they were released by Microsoft, July 16, 2003.
MS03-026 is the most critical patch, as it fixes a major security flaw that allows almost all versions of Windows to be taken control of by an outside attacker. The MS03-026 cumulative patch corrects a buffer overrun in the Remote Procedure Call (RPC) interface that could allow a hacker to execute code with local system privileges on an affected system, enabling him to take a variety of actions including installing programs, viewing changing or deleting data, or creating new accounts with full privileges. Microsoft advises that all system administrators should apply this patch immediately.
The MS03-027 cumulative patch fixes an unchecked buffer only found in the Windows XP shell that could enable system compromise, allowing an attacker to exploit this vulnerability by hosting a Desktop.ini file with a corrupt custom attribute on a network share. If a user browses the shared folder where the file was stored it could cause the Windows shell to fail or execute an attacker's code to run in the security context of the user.
Discovered by a Polish team of security consultants on July 15, the flaw corrected by MS03-026 represents another significant security breach in the Windows operating system that attackers are expected to exploit. With the rash of worms that propagated around the Internet in the first half of 2003 (Fizzer, BugBear, etc.), St. Bernard reinforces its recommendation that organizations keep up to date with all Microsoft patches. The use of intelligent third-party software solutions like St. Bernard's UpdateEXPERT can perform this critical function easily and cost-effectively without draining IT staff resources.
For more information on UpdateEXPERT, visit www.updateexpert.com.
About St. Bernard Software Inc.
St. Bernard Software Inc. is a global provider of security solutions that protect against data loss, system threats and Internet abuse. Through its products and services, St. Bernard Software helps companies protect their bottom line by securing networks against major risks before they happen. The company's products include Open File Manager(TM), which captures open and in use files that would otherwise be skipped during the backup process; UpdateEXPERT(R), which solves system and application security problems by keeping software patch levels current; and iPrism(R), an Internet access management appliance solution that monitors, filters and reports on inappropriate Internet usage and helps organizations enforce an Internet Acceptable Usage Policy (AUP).
Founded in 1995, St. Bernard Software is a privately held corporation with corporate headquarters in San Diego and an international office in London. Ranked by Software Magazine as one of the world's 500 largest suppliers of software and services, St. Bernard Software's award-winning products are sold and supported through key solution partners worldwide. For more information call 800-782-3762 or visit www.stbernard.com.
(C) 2003 St. Bernard Software. All rights reserved. St. Bernard Software, the St. Bernard Software logo, Open File Manager and UpdateEXPERT are trademarks or registered trademarks of St. Bernard Software Inc. iPrism is a registered trademark of Internet Products Inc. Internet Products is a wholly owned subsidiary of St. Bernard Software Inc. All other trademarks and registered trademarks are hereby acknowledged.
|Printer friendly Cite/link Email Feedback|
|Date:||Jul 18, 2003|
|Previous Article:||Fannie Mae Announces New Issue 5-Year Benchmark Notes--R--.|
|Next Article:||Yield Dynamics Expands Enterprise-Wide Rollout of Genesis Yield Optimization Platform in Renesas Technology.|