eEye Digital Security » News

News

eEye Digital Security Discovers Four New Critical Security Flaws for Windows; Offers Free Scanning Tool to Detect New MSDTC Vulnerability

Security leader eEye warns of potential worm resulting from Windows 2000 vulnerability patched by Microsoft on October 11, 2005

(ALISO VIEJO, CA) October 11, 2005 — eEye Digital Security®, a leading developer of network security and vulnerability management software solutions, as well as the industry's foremost contributor to security research and education, today announced details for four new vulnerabilities related to Microsoft (NASDAQ: MSFT) Windows®, one of which has immense potential to result in a worm. This highly "wormable" security vulnerability, located within the Windows 2000 Operating System (OS), is currently found in a large percentage of all business systems running Windows today and has the potential to inflict as much damage as the previous Sasser and Blaster worms. Other critical discoveries include remotely exploitable flaws in Windows Media Player, Windows ActiveX and Plug and Play service of the Windows OS. These critical security flaws affect unpatched Windows NT, 2000, XP and Windows Server 2003 machines. eEye has also made a free scanning tool available for enterprises to detect the Windows 2000 vulnerability.

The volume of patches announced today illustrates that critical, remotely exploitable flaws continue to be found within the Windows operating system," said Marc Maiffret, eEye's co-founder and chief hacking officer. "Even with Microsoft's recent efforts to improve its security posture, IT departments must continue to view patching and remediation as a priority. In order to fully protect their networks and minimize the impact of patching on department resources, these enterprises should strongly consider additional strategies such as upgrading their operating systems or deploying endpoint security such as eEye's Blink solution."

The critical vulnerabilities announced today could allow an attacker to take complete control of an affected system. If left unpatched, an attacker could then take harmful action including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. All of these security flaws can be detected and exploited remotely with the potential to cause serious damage if not immediately resolved. Those organizations that are utilizing eEye's Retina® Network Security Scanner can immediately scan for affected systems. Organizations that have deployed the Blink® Endpoint Intrusion Prevention System have been protected against these vulnerabilities since their discovery several months ago and can postpone patching to regularly scheduled maintenance cycles.

The most significant of these flaws is found in the Microsoft Distributed Transaction Coordinator (MSDTC) service within the Windows 2000 OS. When exploited, this flaw gives attackers the ability to run remote commands on the affected system using SYSTEM privileges, which is the highest level of privileges possible and would allow these attackers to do anything they wished with the system. Large enterprises are particularly susceptible to this vulnerability, as the MSDTC service is primarily used for enterprise-wide applications (such as distributed database applications), as well as load balancing Web servers. Given that larger organizations often have the most difficulty quickly patching vulnerable systems, a worm based on this vulnerability would be extremely damaging to large enterprises, as it targets the gateway to their most valuable digital assets.

With millions of installations around the world, Windows 2000 represents a significant percentage of all Windows servers running today. eEye strongly recommends that these organizations upgrade to Windows 2003, which is a more secure OS. For those organizations that do not have the ability to upgrade, they should evaluate an endpoint security product that can protect against such vulnerabilities.

eEye is committed to enhancing security for the Internet community and helping companies maintain a safe computing environment by offering a free scanning tool to facilitate the discovery of vulnerable machines. The Retina® MSDTC Scanner audit tool scans networked systems and detects if any are vulnerable to the critical MSDTC vulnerability announced today, allowing administrators to take steps to protect their networks. This audit tool is based on eEye's award-winning Retina Network Security Scanner product. While this particular tool allows for a quick audit for this vulnerability, the complete Retina product detects thousands of vulnerabilities to provide ongoing, comprehensive vulnerability assessments for any network. Existing Retina customers have already received their updated audit package and can scan for all of the vulnerabilities announced today. To download the free tool please visit: http://www.eeye.com/html/resources/downloads/audits/index.html

eEye Digital Security, a leading contributor to network security research, regularly identifies vulnerabilities and provides specific advisories on how enterprises can secure them. For more information about upcoming advisories, please visit: http://www.eeye.com/html/research/upcoming/index.html

About eEye's Security Research Team
Over the last five years, eEye has been recognized by industry experts as the preeminent organization in the discovery of the most critical vulnerabilities in various platforms and applications, including the vulnerabilities subsequently leveraged by the Sasser, Witty, Code Red and Sapphire worms, as well as the Microsoft ASN vulnerability and hundreds of other important discoveries. This expertise gives eEye a distinct advantage in designing services and software solutions for the assessment, remediation and prevention of vulnerabilities and the attacks that leverage them.

As a service to the network security community, eEye's Research Team - headed by Marc Maiffret, eEye's co-founder and chief hacking officer - conducts a Vulnerability Expert Forum web seminar during the second week of every month. Due to the number of vulnerabilities being released this month, eEye is hosting two sessions. These Vulnerability Expert Forums enable participants to stay current on the potential risks and remediation requirements, such as those announced today, by exploring the effect that high-risk vulnerabilities and exploits have on network environments and infrastructures. To register for the October Vulnerability Expert Forums, visit: http://www.eeye.com/html/company/events.

eEye's integrated family of vulnerability management solutions helps IT and security professionals confidently safeguard their valuable digital assets. Working in conjunction with popular tools such as firewalls and intrusion detection systems, eEye's products include: Retina® Network Security Scanner, REM™ Security Management Console, Iris® Network Traffic Analyzer, SecureIIS™ Web Server Protection, and Blink® Endpoint Intrusion Prevention System.

About eEye Digital Security

eEye Digital Security® is pioneering a new class of security products:integrated threat management. This next-generation of security detects vulnerabilities and threats, prevents intrusions, protects all of an enterprise’s key computing resources, from endpoints to network assets to web sites and web applications, all while providing a centralized point of security management and network visibility.eEye’s research team is consistently the first to identify new threats in the wild, and our products leverage that research to deliver on the goal of making network security as easy to use and reliable as networking itself. Founded in 1998 and headquartered in Orange County, California, eEye Digital Security protects more than 9,000 corporate and government organizations worldwide, including half of the Fortune 100. For more information, please visit www.eeye.com

About eEye Digital Security

Primary Agency Contact

EMEA Agency Contact

Corporate Contact