TMCnet News
Security Experts Issue Update of SANS Top 20 Most Critical Internet Vulnerabilities List; Immediate Repairs Required To Protect Against Identity Theft & Industrial EspionageBETHESDA, Md. --(Business Wire)-- May 2, 2005 -- Products from Microsoft, Symantec, Computer Associates, plus iTunes and other Media Players Cited in this First Quarterly Update More than 600 new Internet security vulnerabilities were discovered during the first quarter of 2005, according to the SANS Institute and a team of experts from industry and government. This group has identified the most critical vulnerabilities disclosed in Q1 that pose critical risks that need to be addressed through patching and other defensive actions. Individuals and organizations that do not correct these problems face a heightened threat that remote, unauthorized hackers will take control of their computers and use them for identity theft, for industrial espionage, or for distributing spam or pornography. The new report provides a quarterly update to the SANS Top 20 Internet Security Vulnerabilities list (www.sans.org/top20/) published annually in October. To be included on the new quarterly update, vulnerabilities must meet five requirements: (1) they affect a large number of users, (2) they have not been patched on a substantial number of systems, (3) they allow computers to be taken over by a remote, unauthorized user, (4) sufficient details about the vulnerabilities have been posted to the Internet to enable attackers to exploit them, and (5) they were discovered or first patched during the first three months of 2005. Any person or organization running the vulnerable software products should ensure that they or their computer support professionals have corrected the specific problems listed. (The vulnerable software packages are listed at the end of this release and details on each of the vulnerabilities, and instructions on correcting them, may be found at www.sans.org/top20/Q1-2005update) -0- *T 1. Microsoft Internet Explorer 2. Microsoft Windows Media Player, Microsoft Windows Messenger, and MSN Messenger 3. Microsoft Windows XP Service Pack 1 and 2, Microsoft Windows 2000 Service Pack 3 and 4, and Microsoft Windows Server 2003 4. Microsoft Windows Server 2003, Windows 2000 Server Service Pack 3 and 4. Windows NT Server 4.0 Service Pack 6a, and NT Terminal Server Edition Service Pack 6 5. Windows NT and Windows 2000 (SP2 or earlier) Domain Name Service servers; Symantec Gateway Security, Enterprise Firewall, and VelociRaptor Products 6. Anti-Virus Products from Symantec, F-Secure, TrendMicro and McAfee 7. Oracle Database Server, Oracle Application Server, Oracle E-business Suite and Oracle Collaboration Suite 8. Computer Associates Products Running License Manager 9. RealPlayer, iTunes and WinAmp Media Players *T The team that collaborated to compile the Quarterly Vulnerability Update to the SANS Top 20 includes representatives from four key security organizations: Rohit Dhamankar of TippingPoint, a division of 3Com, for the intrusion prevention expert community; Gerhard Eschelbeck of Qualys, representing the vulnerability management expert community; the British Government's National Infrastructure Security Co-Ordination Centre (NISCC), for the government community; and Marcus Sachs and Johannes Ullrich of the SANS Internet Storm Center. The SANS Institute was established in 1989 and has become the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. SANS Institute began as a cooperative research and education organization and now reaches more than 165,000 security professionals, auditors, system administrators, network administrators, chief information security officers, and CIOs. At the heart of SANS are the many security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community. Further information about SANS is available at http://www.sans.org. |
