Bindview (NASDAQ:BVEW)
Historical Stock Chart
From Jun 2019 to Jun 2024
BindView Corp. (NASDAQ:BVEW) announced today that its
RAZOR Rapid Response Team is providing checks for five newly
identified critical Microsoft vulnerabilities.
BindView customers on current maintenance contracts running
Vulnerability Management solutions that include bv-Control for Windows
and/or bv-Control for Internet Security can take immediate protective
action. In addition, BindView Patch Deployment customers can use the
product to deploy Microsoft patches across their environments or to
package the patches for deployment with a software deployment tool
such as SMS. BindView's RapidFire Update Service provides customers
with immediate access to the updates via automatic distribution, or
customers can download the new updates online at:
-0-
*T
www.bindview.com/Services/TechSupport/Advisories/ADV_MSFT05-101205.cfm
*T
Who is at Risk
It is recommended that customers refer to the associated Microsoft
Security Bulletins for full details. Following are brief descriptions
of the vulnerabilities and the systems affected:
MS05-044: A vulnerability in the way the Windows FTP Client
validates filenames could allow the owner of a malicious FTP server to
alter the location where a file is saved. User interaction is required
to overwrite existing files. Organizations affected include those
using versions of Microsoft Windows XP SP1 and Microsoft Windows
Server 2003 Itanium-based Systems.
MS05-045: A denial of service vulnerability with the Microsoft
Network Connection Manager could cause network and remote access
connections to stop responding. If the affected component is stopped
due to an attack, it will automatically restart when new requests are
received. Organizations affected include those using versions of
Microsoft Windows 2000 SP4, Microsoft Windows XP SP1 and SP2, and
Microsoft Windows Server 2003 and SP1.
MS05-046: A vulnerability with the Client Service for NetWare
could allow an attacker to execute remote code and take complete
control of a system. Client Service for NetWare is not installed by
default on a Windows system and common firewall practices may also
reduce risk where the component is installed. Organizations affected
include those using versions of Microsoft Windows 2000 SP4, Microsoft
Windows XP SP1 and SP2, and Microsoft Windows Server 2003 and SP1.
MS05-047: A remote code execution and local elevation-of-privilege
vulnerability with Plug and Play could allow an authenticated attacker
to take complete control of a system. In most cases, the vulnerability
requires local credentials to exploit. Common firewall practices may
also reduce risk. Organizations affected include those using versions
of Microsoft Windows 2000 SP4 and Microsoft Windows XP SP1 and SP2.
MS05-048: A vulnerability in the Collaboration Data Objects could
allow an attacker to execute remote code and take complete control of
a system. Organizations affected include those using versions of
Microsoft Windows 2000 SP4, Microsoft Windows XP SP1 and 2, Microsoft
Windows XP Pro x64 Edition; Microsoft Windows 2000 and SP 1; Microsoft
Windows Server 2003 for Itanium-based Systems and SP1; and Microsoft
Exchange 2000 Server SP3.
MS05-049: A flaw in the way Windows processes .lnk file name
extensions could leave users open to remote code execution if the
attachment is opened, allowing an attacker to take complete control of
a system. Organizations affected include those using versions of
Microsoft Windows 2000 SP4; Microsoft Windows XP SP1 and 2; Microsoft
Windows XP Pro x64 Edition; Microsoft Windows 2000 and SP1; Microsoft
Windows Server 2003 for Itanium-based Systems and SP1; and Microsoft
Exchange 2000 Server SP3.
MS05-050: A vulnerability in DirectShow could allow an attacker to
execute remote code, taking complete control of a system.
Organizations affected include those using versions of Microsoft
DirectX 7.0 on Microsoft Windows 2000 with SP4; Microsoft Windows 98,
Second Edition and Millennium Edition. For those using Microsoft
DirectX 8.1, multiple software versions may be affected including
Microsoft Windows XP SP1 and SP2, Microsoft Windows XP Professional
x64 Edition, Microsoft Windows Server 2003 and SP1, Microsoft Windows
Server 2003 for Itanium-based Systems and SP1, and Microsoft Windows
Server 2003 x64 Edition.
MS05-051: A remote code execution and local elevation of privilege
vulnerability in the Microsoft Distributed Transaction Coordinator and
COM+ could allow an attacker to take complete control of an affected
system. Organizations affected include those using versions of
Microsoft Windows 2000 SP4, Microsoft Windows XP SP1 and SP2,
Microsoft Windows XP Professional x64, Microsoft Windows Server 2003
and SP1, Microsoft Windows Server 2003 for Itanium-based systems and
SP1, and Microsoft Windows Server 2003 x64 Edition.
MS05-052: A flaw in the way Internet Explorer creates COM objects,
not intended for creation in Internet Explorer, could allow an
attacker to remotely execute code, leading to a complete system
compromise. An attacker could construct a malicious Web page that
potentially allows remote code execution if a user visits the
malicious Web site. Organizations affected include those using
versions of Microsoft Windows 2000 SP4; Microsoft Windows XP SP1 and
SP2; Microsoft Windows XP Professional x64; Microsoft Windows Server
2003 and SP1; Microsoft Windows Server 2003 for Itanium-based systems
and SP1; and Microsoft Windows Server 2003 x64 Edition; Microsoft
Windows 98, Second Edition and Millennium Edition.
Suggested Actions
BindView has created vulnerability checks for bv-Control for
Windows and bv-Control for Internet Security to assist customers in
locating vulnerable systems. Once systems are identified, customers
should proceed with outlined precautionary measures as quickly as
possible.
Priority should be given to critical workstations, such as
administrative workstations, and bv-Control installations. Mobile
systems connected to broadband networks -- including notebook
computers -- are also a priority as they may be exposed to the
Internet without firewall protection.
Commentary on the Vulnerabilities
BindView RAZOR Team experts are available to discuss these new
vulnerabilities and share further insight into organizations most at
risk, potential outcomes of an attack, as well as additional ways to
secure enterprise IT infrastructures. Experts can also discuss the
growing number of system vulnerabilities that have been identified in
the past few months.
About BindView Corporation
BindView Corporation is a global provider of IT security
compliance software. BindView solutions remove barriers that limit an
organization's ability to cost effectively demonstrate due care and
maintain compliance with IT security policies and regulatory mandates.
BindView policy compliance; vulnerability and configuration
management; and directory and access management software combine
best-practices knowledge with automated controls to reduce risk and
protect IT assets at the lowest cost across users, systems,
applications and databases in multi-platform environments. More than
20 million licenses have shipped to 5,000 companies worldwide,
spanning all major business segments and the public sector. Contact
BindView via e-mail at info@bindview.com, on the web at
http://www.bindview.com, and at 1-713-561-4000 or 1-800-749-8439.