TMCnet News

BindView RAZOR Team Issues RapidFire Updates for Microsoft and Cisco Vulnerabilities
[August 10, 2005]

BindView RAZOR Team Issues RapidFire Updates for Microsoft and Cisco Vulnerabilities


HOUSTON --(Business Wire)-- Aug. 10, 2005 -- BindView Corp. (Nasdaq:BVEW) announced today that its RAZOR Rapid Response Team is providing checks for five newly identified critical Microsoft vulnerabilities and one Cisco vulnerability.

BindView customers on current maintenance contracts running Vulnerability Management solutions that include bv-Control for Windows and/or bv-Control for Internet Security can take immediate protective action. In addition, BindView Patch Deployment customers can use the product to deploy Microsoft patches across their environments or to package the patches for deployment with a software deployment tool such as SMS. BindView's RapidFire Update Service provides customers with immediate access to the updates via automatic distribution, or customers can download the new updates online at: www.bindview.com/Services/TechSupport/Advisories/ADV_MSFT05-081005.cfm



Who is at Risk

It is recommended that customers refer to the associated Microsoft and Cisco Bulletins for full details. Following are brief descriptions of the vulnerabilities and the systems affected:


MS05-039: A vulnerability in the Microsoft Windows Plug and Play could allow an attacker to execute remote code and escalate privileges. Plug and Play is a built-in component of Microsoft Windows that automatically configures hardware and peripherals. Organizations affected include those using versions of Microsoft Windows 2000, Microsoft Windows XP 32-bit and 64-bit, and all versions of Windows 2003 Server.

MS05-040: A flaw in the Telephony Application Programming Interface (TAPI) could allow an attacker to execute remote code on the affected system or elevate privileges if existing credentials for the attackers are available. Organizations affected include those running a telephony server on versions of Microsoft Windows 2000 and Microsoft Windows 2003. Organizations running telephony services on versions of Microsoft Windows 2000 or Microsoft Windows XP are vulnerable to local escalation of privileges.

MS05-041: A vulnerability with the Remote Desktop Protocol (RDP) could allow an attacker to cause the system to stop responding. An attacker could send a specially crafted RDP message to an affected system anonymously and without credentials. Organizations affected include those using versions of Microsoft Windows 2000 SP4; Microsoft Windows XP SP 1, SP 2, Professional 64-bit; and Microsoft Windows 2003 Server SP1, 64-bit and Itanium-based systems. By default, RDP is not enabled on any operating system.

MS05-042: A vulnerability in Microsoft Windows Kerberos could allow for a Denial of Service (DoS) attack, and a vulnerability in PKINIT could allow for information disclosure and spoofing. The DoS is triggered by a specially crafted packet sent to the domain controller, with credentials required for the attack. The PKINIT vulnerability requires credentials, and the attack is injected into an authentication session between a client and a domain controller. Organizations affected include those using versions of Microsoft Windows 2000 SP4; Microsoft Windows XP SP 1, SP 2, Professional 64-bit; and Microsoft Windows 2003 Server SP1, 64-bit and Itanium-based systems.

MS05-043: A flaw in Microsoft Print Spooler could allow an attacker to remotely execute code, leading to a complete system compromise. Organizations affected include those using versions of Microsoft Windows 2000 and Microsoft Windows XP SP1. The same attack on Windows XP SP2 and Windows 2003 requires the attacker to have credentials on the target system, which could result in a denial of service.

Cisco Vulnerability

Document ID 65783: A vulnerability in the Cisco IOS and IOS XR could allow an attacker to crash router software and possibly execute remote code. An attacker does not need credentials to execute remote code and can be completed with administrative-enabled privileges. Organizations affected include those using Cisco IOS 12.0 through 12.4 or IOS XR before 3.2 with IPv6 enabled.

Suggested Actions

BindView has created vulnerability checks for bv-Control for Windows and bv-Control for Internet Security to assist customers in locating vulnerable systems. Once systems are identified, customers should proceed with outlined precautionary measures as quickly as possible.

Priority should be given to critical workstations, such as administrative workstations, and bv-Control installations. Mobile systems connected to broadband networks -- including notebook computers -- are also a priority as they may be exposed to the Internet without firewall protection.

Commentary on the Vulnerabilities

BindView RAZOR Team experts are available to discuss these new vulnerabilities and share further insight into organizations most at risk, potential outcomes of an attack, as well as additional ways to secure enterprise IT infrastructures. Experts can also discuss the growing number of system vulnerabilities that have been identified in the past few months.

About BindView Corporation

BindView Corporation is a global provider of IT security compliance software. BindView solutions remove barriers that limit an organization's ability to cost effectively demonstrate due care and maintain compliance with IT security policies and regulatory mandates. BindView policy compliance; vulnerability and configuration management; and directory and access management software combine best-practices knowledge with automated controls to reduce risk and protect IT assets at the lowest cost across users, systems, applications and databases in multi-platform environments. More than 20 million licenses have shipped to 5,000 companies worldwide, spanning all major business segments and the public sector. Contact BindView via e-mail at [email protected], on the web at http://www.bindview.com, and at 1-713-561-4000 or 1-800-749-8439.

[ Back To TMCnet.com's Homepage ]