Menu
 Home
 Local News    
 Global News
 Technical & Product News
 Opinions
 Contact Us
 Subscribe/Unsubscribe
 
 Publications
 ICT World
 Cable Talk
 Computing S.A.
 Network World
 The Channel
 IT users handbook
 
 Sponsors
 ICT World Company Directory
 
 Partners
 CareerJunction
 Johnnic Mag Division
 
 Privacy Policy
 Privacy Policy
 
   
   

CA's eTRUST software protects against MS vulnerabilities

Date: 11 February 2005
Issue: One Hundred and Twenty One (17/01/05 - 24/01/05)
(ICT World)
Category: Global News
Computer Associates International today announced that it is providing users of eTrust Vulnerability Manager, its rack-mountable security management appliance, with complete, automated discovery and remediation for vulnerabilities associated with the 12 new security advisories published by Microsoft.

These 12 new advisories cover 18 vulnerabilities that range from critical to moderate risk, and affect some of the most commonly used platforms and applications in both the commercial and home user environments, including Microsoft Windows NT Server 4.0, Microsoft Exchange, Microsoft Windows 2000, Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Internet Explorer, Microsoft Office, Microsoft Windows Messenger and Microsoft MSN Messenger, Microsoft SharePoint, and Microsoft Windows Media Player.

If left unaddressed, remote attackers can exploit these vulnerabilities to gain administrative privileges, execute arbitrary code, and/or launch denial of service attacks against organisations. Customers relying upon CA's eTrust Vulnerability Manager can automatically identify and remedy these vulnerabilities, and document remediation in accordance with security management best practices.

eTrust Vulnerability Manager is designed to leverage validated security information from CA's global Security Advisory Team to ensure that customers can respond to all known vulnerabilities as soon as they are discovered. Microsoft released the following advisories today:

Critical
* MS05-005 Vulnerability in Microsoft Office XP could allow remote code execution (873352);
* MS05-009 Vulnerability in PNG Processing could allow remote code execution (890261);
* MS05-010 Vulnerability in the LicenCe Logging Service could allow code execution (885834);
* MS05-011 Vulnerability in Server Message Block could allow remote code execution (885250);
* MS05-012 Vulnerability in OLE and COM could allow remote code execution (873333);
* MS05-013 Vulnerability in the DHTML Editing Component ActiveX Control could allow remote code execution (891781);
* MS05-014 Cumulative Security Update for Internet Explorer (867282);
* MS05-015 Vulnerability in Hyperlink Object Library could allow remote code execution (888113).


Important
* MS05-004 ASP.NET Path Validation Vulnerability (887219);
* MS05-007 Vulnerability in Windows could allow information disclosure (888302);
* MS05-008 Vulnerability in Windows shell could allow remote code execution (890047).


Moderate
* MS05-006 Vulnerability in Windows SharePoint Services and SharePoint Team Services could allow cross-site scripting and spoofing attacks (887981).

In addition to the advisories listed above, Microsoft has updated a critical security bulletin, MS04-035, which addresses an SMTP vulnerability that could allow remote code execution.
This advisory was initially issued on October 12, 2004. Additional information on these vulnerabilities is available at securityadvisor/vulninfo/ and at .