Global Secure Systems - SANS issues 'critical' patching recommendations

Home

Affiliated Sites and Services

• Team Mermaid
• GSS Ireland

• 2010
• 2009 Archive
• 2008 Archive
• 2007 Archive
• 2006 Archive
• 2005 Archive
• 2004 Archive
• 2003 Archive
• 2002 Archive

• January
• February
• March
• April
• May
• June
• July
• August
• September
• October
• November
• December

About RSS feeds

SANS issues 'critical' patching recommendations

Six Microsoft flaws and assorted vulnerabilities in Veritas backup software, Computer Associates' and Zone Alarm products topped the SANS Institute's quarterly list of the most critical flaws to patch. "Individuals and organizations that do not correct these problems face a heightened threat that remote, unauthorized hackers will take control of their computers and use them for identity theft, for industrial espionage or for distributing spam or pornography," SANS warned in a statement. "Particularly worrisome this quarter are the extensive vulnerabilities found in the most popular data back-up products. Backup products are designed to prevent catastrophes by recording copies of important data and allowing those copies to be stored in a safe place. Unfortunately, those products have become easy targets for attackers and since they have access to substantially all data, their weaknesses create real danger." Drawn from 422 new vulnerabilities reported during the second quarter of 2005, the flaws must meet five requirements according to SANS: (1) they affect a large number of users; (2) they have not been patched on a substantial number of systems; (3) they allow computers to be taken over by a remote, unauthorized user; (4) sufficient details are available to enable attackers to exploit them; and (5) they were discovered or first patched during the second three months of 2005. Topping the list are:

• Microsoft Internet Explorer Multiple Vulnerabilities [MS05-020 and MS05-025];
• Microsoft Exchange Server Extended Verb Overflow [MS05-021];
• Windows Message Queuing Service Overflow [MS05-017];
• Windows SMB Protocol Processing Overflow [MS05-027];
• Windows HTML Help File Parsing Overflow [MS05-026];
• Windows Shell Remote Code Execution [MS05-016];
• Computer Associates BrightStor ARCServe Backup Overflow;
• Veritas Backup Software Multiple Vulnerabilities;
• Computer Associates and Zone Alarm Vet Library Overflow;
• Oracle Cumulative Update April 2005;
• RealNetworks RealPlayer Multiple Vulnerabilities;
• Apple iTunes MPEG4 File Processing Overflow;
• Mozilla and Firefox Browsers Multiple Vulnerabilities; and
• Apple Cumulative Security Update 2005-005 and 2005-006.

Permalink Bookmark Digg this story

  |  About RSS feeds