BindView RAZOR Team Issues RapidFire Updates for Microsoft and Cisco Vulnerabilities

1 January 1970

BindView Corp. (Nasdaq:BVEW) announced today that its RAZOR Rapid Response Team has created security checks for seven newly identified critical Microsoft vulnerabilities and one Cisco vulnerability.

BindView customers on current maintenance contracts running Vulnerability Management solutions that include bv-Control for Windows and/or bv-Control for Internet Security can take immediate protective action. In addition, BindView Patch Deployment customers can use the product to deploy Microsoft patches across their environments or to package the patches for deployment with a software deployment tool such as SMS. BindView's RapidFire Update Service provides customers with immediate access to the updates via automatic distribution, or customers can download the new updates online at http://www.bindview.com/advisories/ADV_MSFT05-041305.cfm

Who is at Risk

It is recommended that customers refer to the associated Microsoft and Cisco Security Bulletins for full details. Following are brief descriptions of the vulnerabilities and the systems affected:

MS05-016: An application association vulnerability in the Windows Shell allows an attacker to take complete control of a system. If a user is logged on with administrative rights, an attacker can install programs; view, change or delete data; or create new accounts with full user rights. Organizations affected include those using Microsoft Windows SP 3 and SP 4, Windows XP SP 1 and SP 2, Microsoft XP 64-Bit Edition SP 1; Windows XP 64-Bit Edition Version 2003, Microsoft Windows Server 2003, Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows 98 Second Edition (SE) and Millenium Edition (ME).

MS05-018: This update contains support for several vulnerabilities because required modifications to address these issues are located in related files. An attacker who successfully exploits the most severe of these vulnerabilities could take complete control of an affected system and install programs; view, change or delete data; or create new accounts with full user rights. Organizations at risk include those using Microsoft Windows 2000 SP 3 and SP 4, Microsoft Windows XP SP 1 and SP 2, Microsoft Windows XP 64-Bit Edition SP 1, Microsoft Windows XP 64-Bit Edition Version 2003, Microsoft Windows Server 2003, Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE) and Microsoft Windows Millennium Edition (ME).

MS05-019: This vulnerability allows attackers to send specially crafted messages to systems and to take complete control of the affected system. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights. Organizations affected include those using Microsoft Windows 2000 SP 3 and SP 4, Microsoft Windows XP SP 1 and SP 2, Microsoft Windows XP 64-Bit Edition SP1, Microsoft Windows XP 64-Bit Edition Version 2003, Microsoft Windows Server 2003, Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows 98 Second Edition (SE) and Microsoft Windows Millennium Edition (ME).

MS05-020: Several flaws in Internet Explorer allow for remote code execution, providing attackers with the capability to install programs; view, change or delete data; or create new accounts with full user rights. The flaw affects Microsoft Windows 2000 SP 3 and SP 4, Microsoft Windows XP SP 1 and SP 2; Microsoft Windows XP 64-Bit Edition SP 1, Microsoft Windows XP 64-Bit Edition Version 2003, Microsoft Windows Server 2003, Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME).

MS05-021: A Microsoft Exchange Server vulnerability allows attackers to connect to the SMTP port and issue a specially crafted command to take complete control of an affected system. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights. Systems at risk include Microsoft Exchange 2000 Server SP 3, Microsoft Exchange Server 2003 and Microsoft Exchange Server 2003 SP 1.

MS05-022: An MSN Messenger vulnerability allows attackers to take complete control of an affected system. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights. Organizations at risk are those using MSN Messenger 6.2.

MS05-023: By taking advantage of a flaw in Microsoft Word, attackers can run arbitrary code to take complete control of an affected system. An attacker could then install programs; view, change or delete data; or create new accounts with full privileges. Organizations affected include those using Microsoft Word 2000, Microsoft Works Suite 2001, Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, Microsoft Works Suite 2004 and Microsoft Office Word 2003.

Cisco Vulnerability

Document ID 64520: A vulnerability in the Internet Control Message Protocol (ICMP) allows an attacker to launch a Denial of Service (DoS) attack against the Transmission Control Protocol (TCP). These attacks only affect sessions terminating or originating on a device itself. Successful attacks may cause connection resets or throughput reductions in existing connections. Organizations at risk include those using IOS XR, 7960 (SCCP), 7970 (SCCP), 7960 (SIP), Cisco PIX Security Appliance, Catalyst 6608 and 6624, Cisco 11000 and 11500 Content Services Switches, Cisco Global Site Selector, Cisco MDS 9000 Series Multilayer Switches, VPN 5000 Concentrator, ONS 15454 IOS-based blades (ML and SL), ONS 15302 and ONS 15305.

BindView has created vulnerability checks for bv-Control for Windows and bv-Control for Internet Security to assist customers in locating compromised systems. Once systems are identified, customers should proceed with outlined precautionary measures as quickly as possible.

Priority should be given to Internet-facing and other critical Web servers, as well as bv-Control installations. Mobile systems connected to broadband networks -- including notebook computers -- are also a priority as they may be exposed to the Internet without firewall protection.

Commentary on the Vulnerabilities

BindView RAZOR Team experts are available to discuss these new vulnerabilities and share further insight into organizations most at risk, potential outcomes of an attack, as well as additional ways to secure enterprise IT infrastructures. Experts can also discuss the growing number of system vulnerabilities that have been identified in the past few months.

About BindView Corporation

BindView Corporation is a leading provider of proactive IT Security Compliance software worldwide. BindView solutions enable customers to centralize and automate Compliance Monitoring, Vulnerability Management, Identity Administration and Configuration Management operations across the enterprise. By following established regulatory guidelines, audit frameworks, technical standards and industry best practices, BindView solutions enable customers to implement a policy-based approach toward safeguarding their IT environments from internal and external threats and vulnerabilities. The result is improved security and improved compliance auditing across users, systems, applications, and databases based on Microsoft, UNIX, LINUX and Novell operating systems. With BindView insight at work(TM), customers benefit from reduced risk and improved operational efficiencies with a verifiable return on investment. More than 20 million licenses have shipped to 5,000 companies worldwide, spanning all major business segments and the public sector. Contact BindView via e-mail at info@bindview.com, on the web at http://www.bindview.com, and at 1-713-561-4000 or 1-800-749-8439.

Contacts
BindView Corp., Houston
Yvonne Donaldson, 713-561-4023
yvonne.donaldson@bindview.com
or
FitzGerald Communications
Rob Halpin, 617-585-2208
rhalpin@fitzgerald.com