BindView RAZOR Team Issues RapidFire Updates for Five Microsoft Vulnerabilities
October 12 2005 - 4:17PM
Business Wire
BindView Corp. (NASDAQ:BVEW) announced today that its RAZOR Rapid
Response Team is providing checks for five newly identified
critical Microsoft vulnerabilities. BindView customers on current
maintenance contracts running Vulnerability Management solutions
that include bv-Control for Windows and/or bv-Control for Internet
Security can take immediate protective action. In addition,
BindView Patch Deployment customers can use the product to deploy
Microsoft patches across their environments or to package the
patches for deployment with a software deployment tool such as SMS.
BindView's RapidFire Update Service provides customers with
immediate access to the updates via automatic distribution, or
customers can download the new updates online at: -0- *T
www.bindview.com/Services/TechSupport/Advisories/ADV_MSFT05-101205.cfm
*T Who is at Risk It is recommended that customers refer to the
associated Microsoft Security Bulletins for full details. Following
are brief descriptions of the vulnerabilities and the systems
affected: MS05-044: A vulnerability in the way the Windows FTP
Client validates filenames could allow the owner of a malicious FTP
server to alter the location where a file is saved. User
interaction is required to overwrite existing files. Organizations
affected include those using versions of Microsoft Windows XP SP1
and Microsoft Windows Server 2003 Itanium-based Systems. MS05-045:
A denial of service vulnerability with the Microsoft Network
Connection Manager could cause network and remote access
connections to stop responding. If the affected component is
stopped due to an attack, it will automatically restart when new
requests are received. Organizations affected include those using
versions of Microsoft Windows 2000 SP4, Microsoft Windows XP SP1
and SP2, and Microsoft Windows Server 2003 and SP1. MS05-046: A
vulnerability with the Client Service for NetWare could allow an
attacker to execute remote code and take complete control of a
system. Client Service for NetWare is not installed by default on a
Windows system and common firewall practices may also reduce risk
where the component is installed. Organizations affected include
those using versions of Microsoft Windows 2000 SP4, Microsoft
Windows XP SP1 and SP2, and Microsoft Windows Server 2003 and SP1.
MS05-047: A remote code execution and local elevation-of-privilege
vulnerability with Plug and Play could allow an authenticated
attacker to take complete control of a system. In most cases, the
vulnerability requires local credentials to exploit. Common
firewall practices may also reduce risk. Organizations affected
include those using versions of Microsoft Windows 2000 SP4 and
Microsoft Windows XP SP1 and SP2. MS05-048: A vulnerability in the
Collaboration Data Objects could allow an attacker to execute
remote code and take complete control of a system. Organizations
affected include those using versions of Microsoft Windows 2000
SP4, Microsoft Windows XP SP1 and 2, Microsoft Windows XP Pro x64
Edition; Microsoft Windows 2000 and SP 1; Microsoft Windows Server
2003 for Itanium-based Systems and SP1; and Microsoft Exchange 2000
Server SP3. MS05-049: A flaw in the way Windows processes .lnk file
name extensions could leave users open to remote code execution if
the attachment is opened, allowing an attacker to take complete
control of a system. Organizations affected include those using
versions of Microsoft Windows 2000 SP4; Microsoft Windows XP SP1
and 2; Microsoft Windows XP Pro x64 Edition; Microsoft Windows 2000
and SP1; Microsoft Windows Server 2003 for Itanium-based Systems
and SP1; and Microsoft Exchange 2000 Server SP3. MS05-050: A
vulnerability in DirectShow could allow an attacker to execute
remote code, taking complete control of a system. Organizations
affected include those using versions of Microsoft DirectX 7.0 on
Microsoft Windows 2000 with SP4; Microsoft Windows 98, Second
Edition and Millennium Edition. For those using Microsoft DirectX
8.1, multiple software versions may be affected including Microsoft
Windows XP SP1 and SP2, Microsoft Windows XP Professional x64
Edition, Microsoft Windows Server 2003 and SP1, Microsoft Windows
Server 2003 for Itanium-based Systems and SP1, and Microsoft
Windows Server 2003 x64 Edition. MS05-051: A remote code execution
and local elevation of privilege vulnerability in the Microsoft
Distributed Transaction Coordinator and COM+ could allow an
attacker to take complete control of an affected system.
Organizations affected include those using versions of Microsoft
Windows 2000 SP4, Microsoft Windows XP SP1 and SP2, Microsoft
Windows XP Professional x64, Microsoft Windows Server 2003 and SP1,
Microsoft Windows Server 2003 for Itanium-based systems and SP1,
and Microsoft Windows Server 2003 x64 Edition. MS05-052: A flaw in
the way Internet Explorer creates COM objects, not intended for
creation in Internet Explorer, could allow an attacker to remotely
execute code, leading to a complete system compromise. An attacker
could construct a malicious Web page that potentially allows remote
code execution if a user visits the malicious Web site.
Organizations affected include those using versions of Microsoft
Windows 2000 SP4; Microsoft Windows XP SP1 and SP2; Microsoft
Windows XP Professional x64; Microsoft Windows Server 2003 and SP1;
Microsoft Windows Server 2003 for Itanium-based systems and SP1;
and Microsoft Windows Server 2003 x64 Edition; Microsoft Windows
98, Second Edition and Millennium Edition. Suggested Actions
BindView has created vulnerability checks for bv-Control for
Windows and bv-Control for Internet Security to assist customers in
locating vulnerable systems. Once systems are identified, customers
should proceed with outlined precautionary measures as quickly as
possible. Priority should be given to critical workstations, such
as administrative workstations, and bv-Control installations.
Mobile systems connected to broadband networks -- including
notebook computers -- are also a priority as they may be exposed to
the Internet without firewall protection. Commentary on the
Vulnerabilities BindView RAZOR Team experts are available to
discuss these new vulnerabilities and share further insight into
organizations most at risk, potential outcomes of an attack, as
well as additional ways to secure enterprise IT infrastructures.
Experts can also discuss the growing number of system
vulnerabilities that have been identified in the past few months.
About BindView Corporation BindView Corporation is a global
provider of IT security compliance software. BindView solutions
remove barriers that limit an organization's ability to cost
effectively demonstrate due care and maintain compliance with IT
security policies and regulatory mandates. BindView policy
compliance; vulnerability and configuration management; and
directory and access management software combine best-practices
knowledge with automated controls to reduce risk and protect IT
assets at the lowest cost across users, systems, applications and
databases in multi-platform environments. More than 20 million
licenses have shipped to 5,000 companies worldwide, spanning all
major business segments and the public sector. Contact BindView via
e-mail at info@bindview.com, on the web at http://www.bindview.com,
and at 1-713-561-4000 or 1-800-749-8439.
Bindview (NASDAQ:BVEW)
Historical Stock Chart
From Apr 2024 to May 2024
Bindview (NASDAQ:BVEW)
Historical Stock Chart
From May 2023 to May 2024