eEye Digital Security Discovers Six New Security Flaws in Microsoft Windows
eEye's Retina(R) Network Security Scanner can Detect and Remediate the Latest Vulnerabilities that Could Allow for the Execution of Malicious Code Similar to the MS Blaster Worm
ALISO VIEJO, Calif.--(BUSINESS WIRE)--April 13, 2004--
samsung
Whether you want to secure your laptop, digital camera, computer case, or any device with a security slot, 1 Cable Locking System provides the protection you need.
computer repair
eEye(R) Digital Security, a leading developer of network security software solutions, today announced the discovery of six new vulnerabilities related to Microsoft (NASDAQ:MSFT) Windows(R). The critical discoveries include dangerous flaws in Windows Remote Procedure Call (RPC), Local Security Authority Subsystem Service (LSASS), and in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats. These critical security flaws affect unpatched Windows NT, 2000, XP and Windows Server 2003 machines. eEye's research team discovered two of the most critical vulnerabilities as early as September 2003. The patch for these vulnerabilities released today comes more than 200 days after eEye's discovery.
Almost 10 years later, the trend of abandoning desktop computers in favor of laptops is creating a new era in computing security.
used computers
The critical vulnerabilities could potentially allow an attacker to take complete control of an affected system. If left unpatched, an attacker could then take harmful action including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Further, some of these security flaws can be detected and subsequently exploited remotely and have the potential to cause serious damage if not immediately resolved. eEye and Microsoft have released detailed advisories to alert Windows users of the need to immediately secure vulnerable machines on their networks.
Windows Vista Home Premium Upgrade Microsoft Windows Vista Home Premium Upgrade - enabling you to enjoy new, -all with the benefit of added security and reliability.
network
In order to clone your Windows system to different hardware, you should first prepare Windows using Microsoft System Preparation Tool (sysprep). According to Microsoft Knowledge Base 298491, "One problem from duplicating an installation of Windows 2000 is that each cloned computer has the same security identifier (SID) and computer name. This may prevent the cloned computers from functioning correctly in a workgroup or a domain. To work around this problem, administrators use the System Preparation Tool (Sysprep.exe) to remove configuration settings that are unique to the computer such as the computer name and SID. The resulting image can then be safely reused for installation on other computers." This issue also exists in Windows NT 4.0, Windows XP and Windows Server 2003, and thus computers running those operating systems must be prepared as well.
digital cameras
eEye Digital Security is one of the leading contributors to network security research, and its research team has identified more security vulnerabilities than any other organization this year. eEye's research team worked in conjunction with Microsoft to identify this vulnerability and develop appropriate fixes. eEye's Retina(R) Network Security Scanner already has the checks for these new vulnerabilities incorporated into the Retina audit database. Retina users should scan their networks for vulnerable machines and follow the remediation instructions provided or immediately deploy patches using Retina Remediation Manager.
A flaw in Windows XP puts digital music users at risk. A bug in Microsoft's Windows XP allows computer attackers to craft MP3 or WMA music files that give them control of listeners' computers. Simply browsing to a Web page or folder where such an MP3 file is stored would be enough to invoke the malicious code, and allow an attacker to create, modify, or delete data on the victim's computer.
desktops
cognos
"Companies should address these particular vulnerabilities without delay since they can be exploited remotely," said Firas Raouf, chief operating officer, eEye Digital Security. "Because of the increasing sophistication of hackers to exploit vulnerabilities such as this one, the window of opportunity to address them is quickly shrinking. Where organizations once had weeks or even months to patch these security threats, they now have a precious few days, or even hours, before network vulnerabilities can be exploited. As a result, enterprises of all sizes should take immediate steps to implement programs that allow them to identify and remediate vulnerabilities as soon as they are discovered."
hosting
netfinity
Retina(R) Network Security Scanner customers are already protected against this vulnerability. It is imperative that users scan their networks for vulnerable machines and follow the remediation instructions provided by Retina. eEye Digital Security, a leading contributor to network security research, regularly identifies vulnerabilities and provides specific advisories on how enterprises can secure them. For more information about upcoming advisories, visit www.eeye.com/html/Research/Upcoming/index.html.
internet
cheap computer
For more information on Retina Network Security Scanner visit:
digital camera
printer
http://www.eeye.com/html/Products/Retina/index.html
xseries
maxtor
For information on the latest vulnerability advisories, refer to eEye's advisory page:
data storage
hitachi
http://www.eeye.com/html/Research/Advisories/index.html
rational
websphere
eEye conducts a monthly Vulnerability Expert Forum webinar during the second week of each month. The next Forum is scheduled for Wednesday, April 14. This webinar is open to all interested in furthering their understanding of network security. The Vulnerability Expert Forums are conducted by eEye's Research Team and are headed by Marc Maiffret, eEye's chief hacking officer. This open forum explores the impact of high-risk vulnerabilities and exploits on network environments and infrastructures. The eEye Research Team will provide in-depth insight into these issues and recommend vulnerability detection and protection strategies.
battery
it support
Visit eEye's events page to register for the next Vulnerability Expert Forum at http://www.eeye.com/html/News_Events/Events/Apr14_Webinar.html
western digital
music
About eEye's Research Team
networks
toner
eEye's research team is recognized as the leader in network security research - having detected dozens of high-severity vulnerabilities and worms in the past few years, including the Code Red, Sapphire and Microsoft ASN vulnerabilities. This innovative and advanced research team is regarded as the foremost authority on vulnerability discovery and has built upon its expertise to deliver the industry's most comprehensive enterprise vulnerability assessment, protection and remediation management solutions.
cheap laptops
wholesale
About eEye Digital Security
brother
netvista
eEye Digital Security is a leading developer of network security software and an active contributor to network security research and education. eEye offers a comprehensive range of award-winning solutions for vulnerability assessment, remediation management, intrusion prevention and network forensics. eEye protects the networks and digital assets of more than 2,500 corporate and government entities in over 80 countries, including AT&T Wireless, Avon, Ceridian, Citigroup, Continental Airlines, Dow Jones, Ernst & Young, Farmers Insurance, Prudential, Viacom, and Wyeth. Founded in 1998, eEye is a privately held, venture-backed firm with headquarters in Aliso Viejo. For more information, visit www.eeye.com.
camera
networking
Contacts
sharp
cheap
windows
eEye Digital Security, Aliso Viejo
monitors
Joe Repetti, 949-349-9062, ext. 243
linux
press@eeye.com
computer support
or
used laptops
Tony Brookes (Europe), +41 22 787 7702
cameras
tbrookes@eEye.com
scanners
or
panasonic
Sterling Communications
workstation
Jay Nichols, 408-395-5500
jnichols@sterlingpr.com
