eEye | Antivirus, Antispyware & Vulnerability Management Solutions - eEye Digital Security Discovers Six New Security Flaws in Microsoft Windows

News

eEye Digital Security Discovers Six New Security Flaws in Microsoft Windows

eEye's Retina® Network Security Scanner can Detect and Remediate the Latest Vulnerabilities that Could Allow for the Execution of Malicious Code Similar to the MS Blaster Worm

(ALISO VIEJO, CA) April 13, 2004 — eEye® Digital Security, a leading developer of network security software solutions, today announced the discovery of six new vulnerabilities related to Microsoft (NASDAQ: MSFT) Windows®. The critical discoveries include dangerous flaws in Windows Remote Procedure Call (RPC), Local Security Authority Subsystem Service (LSASS), and in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats. These critical security flaws affect unpatched Windows NT, 2000, XP and Windows Server 2003 machines. eEye’s research team discovered two of the most critical vulnerabilities as early as September 2003. The patch for these vulnerabilities released today comes more than 200 days after eEye’s discovery.

The critical vulnerabilities could potentially allow an attacker to take complete control of an affected system. If left unpatched, an attacker could then take harmful action including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Further, some of these security flaws can be detected and subsequently exploited remotely and have the potential to cause serious damage if not immediately resolved. eEye and Microsoft have released detailed advisories to alert Windows users of the need to immediately secure vulnerable machines on their networks.

eEye Digital Security is one of the leading contributors to network security research, and its research team has identified more security vulnerabilities than any other organization this year. eEye's research team worked in conjunction with Microsoft to identify this vulnerability and develop appropriate fixes. eEye’s Retina® Network Security Scanner already has the checks for these new vulnerabilities incorporated into the Retina audit database. Retina Users should scan their networks for vulnerable machines and follow the remediation instructions provided or immediately deploy patches using eEye Remediation Manager.

"Companies should address these particular vulnerabilities without delay since they can be exploited remotely," said Firas Raouf, chief operating officer, eEye Digital Security. “Because of the increasing sophistication of hackers to exploit vulnerabilities such as this one, the window of opportunity to address them is quickly shrinking. Where organizations once had weeks or even months to patch these security threats, they now have a precious few days, or even hours, before network vulnerabilities can be exploited. As a result, enterprises of all sizes should take immediate steps to implement programs that allow them to identify and remediate vulnerabilities as soon as they are discovered.”

Retina® Network Security Scanner customers are already protected against this vulnerability. It is imperative that users scan their networks for vulnerable machines and follow the remediation instructions provided by Retina. eEye Digital Security, a leading contributor to network security research, regularly identifies vulnerabilities and provides specific advisories on how enterprises can secure them. For more information about upcoming advisories, visit:
http://www.eeye.com/html/Research/Upcoming/index.html

For more information on Retina Network Security Scanner please visit:
http://www.eeye.com/html/Products/Retina/index.html

For information on the latest vulnerability advisories, please refer to eEye's advisory listings:
http://www.eeye.com/html/Research/Advisories/index.html

eEye conducts a monthly Vulnerability Expert Forum webinar during the second week of each month. The next Forum is scheduled for Wednesday, April 14. This webinar is open to all interested in furthering their understanding of network security. The Vulnerability Expert Forums are conducted by eEye's Research Team and are headed by Marc Maiffret, eEye’s Chief Hacking Officer. This open forum explores the impact of high-risk vulnerabilities and exploits on network environments and infrastructures. The eEye Research Team will provide in-depth insight into these issues and recommend vulnerability detection and protection strategies.

Visit eEye's events page to register for the next Vulnerability Expert Forum at:
http://www.eeye.com/html/resources/vef/index.html

About eEye’s Research Team
eEye's research team is recognized as the leader in network security research – having detected dozens of high-severity vulnerabilities and worms in the past few years, including the Code Red, Sapphire and Microsoft ASN vulnerabilities. This innovative and advanced research team is regarded as the foremost authority on vulnerability discovery and has built upon its expertise to deliver the industry’s most comprehensive enterprise vulnerability assessment, protection and remediation management solutions.

About eEye Digital Security

eEye Digital Security is the global leader in a new class of security solutions: comprehensive vulnerability management and zero-day endpoint security protection. eEye enables secure computing through world-renowned research and innovative technology, supplying the world's largest businesses with an integrated and research-driven vulnerability assessment, intrusion prevention, and client security solution. eEye's research team is consistently the first to identify new threats in the wild and our products leverage that research to deliver the insights and tools necessary to protect our customer's operating environments. For more information, please visit http://www.eeye.com

Primary Press Contact

Victor Cruz
MediaPR
(401) 349-3369 vcruz@mediapr.net

EMEA Press Contact

Ralph Klöwer
INTERFACE Relations
+49 (0) 89-552 688-66 r.kloewer@interface.pr.de