Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search


New MS Vulnerabilities Information from Symantec

New MS Vulnerabilities Information from Symantec

Symantec currently provides system and network protection for three new vulnerabilities announced today by Microsoft: MS ASN.1 Integer Overflow, Cumulative Security Update for Internet Explorer and Windows Internet Naming Service (WINS) Buffer Overflow.

These vulnerabilities have been reviewed by Symantec Security Response, and Symantec recommends that users update the services affected, via the Microsoft windows update Website. Symantec also recommends that users implement best security practices such as restricting external access to all ports and services that are not explicitly intended to be accessible by remote parties. This action will limit exposure to these and other latent vulnerabilities. If appropriate, firewalls should also be deployed on individual systems to restrict access and network intrusion detection systems (NIDS) should be deployed to monitor network traffic for any suspicious or anomalous activity.

Microsoft Vulnerabilities Overview

· MS ASN.1 Integer Overflow (828028) -- Critical Rating The buffer overflow vulnerability in Microsoft ASN.1 could allow an attacker who successfully exploited this vulnerability to execute code with system privileges on an affected system. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.

· Cumulative Security Update for Internet Explorer (832894) -- Critical Rating For the Internet Explorer vulnerability, systems administrators should apply the security update immediately.

· Windows Internet Naming Service (WINS) Buffer Overflow (830352) -- Important Rating The vulnerability in Windows Internet Naming Service (WINS) could allow an attacker who sent a series of specially-crafted packets to a WINS server to cause the service to fail on Windows Server 2003. This could potentially cause a denial of service, and the service would have to be manually restarted to restore functionality. An attack on Windows 2000 and Windows NT 4.0 could cause a degradation in performance. WINS will then return to normal levels of functionality. A number of mitigating factors exist for this vulnerability. For example, the WINS service is not installed by default. In addition, when running on Windows Server 2003, WINS will automatically restart if attacked.

More information can be found at

Symantec Solutions Protecting Against New Microsoft Vulnerabilities Symantec Security Solutions

* Symantec DeepSight Threat Management System/Symantec DeepSight Alert Services - For Symantec DeepSight Threat Management System, the vulnerabilities have been summarized on the Daily Summary Reports sent to customers. Symantec is closely monitoring global activity for signs of attack and will deliver additional notifications as required. For Symantec DeepSight Alert Services, a notification has been distributed on the new vulnerabilities.

* Symantec Managed Security Services - MSS Managed Systems running Windows Operating Systems are not susceptible to the WINS vulnerability as those components & services are disabled as part of our standard baseline and system hardening process. MSS Managed Systems running Windows Operating Systems are vulnerable to the ASN.1 vulnerability. Due to the potential impact of this vulnerability, all affected systems are currently being updated via MSS emergency patch rollout procedures. MSS has contacted managed customers about this vulnerability and will continue to update customers on the status of this vulnerability via the MSS Secure Internet Interface.

* Symantec Gateway Security/Symantec Enterprise Firewall -- By default, Symantec's full application inspection firewall technology protects against the Microsoft ASN.1 and WINS vulnerabilities.

* Symantec Client Security/AntiVirus Solutions - Symantec has created heuristic detection for the Microsoft ASN.1 vulnerability.

* Symantec ManHunt - Symantec has released a signature to protect against the WINS vulnerability. ends

© Scoop Media

Business Headlines | Sci-Tech Headlines


Onetai Station: Overseas Investment Office Puts Ceol & Muir On Notice

The Overseas Investment Office (OIO) has issued a formal warning to Ceol & Muir and its owners, Argentinian brothers Rafael and Federico Grozovsky, for failing to provide complete and accurate information when they applied to buy Onetai Station in 2013. More>>


Tomorrow, The UN: Feds President Takes Reins At World Farming Body

Federated Farmers president Dr William Rolleston has been appointed acting president of the World Farmers’ Organisation (WFO) at a meeting in Geneva overnight. More>>


I Sing The Highway Electric: Charge Net NZ To Connect New Zealand

BMW is turning Middle Earth electric after today announcing a substantial contribution to the charging network Charge Net NZ. This landmark partnership will enable Kiwis to drive their electric vehicles (EVs) right across New Zealand through the installation of a fast charging highway stretching from Kaitaia to Invercargill. More>>


Watch This Space: Mahia Rocket Lab Launch Site Officially Opened

Economic Development Minster Steven Joyce today opened New Zealand’s first orbital launch site, Rocket Lab Launch Complex 1, on the Mahia Peninsula on the North Island’s east coast. More>>


Marketing Rocks!
Ig Nobel Award Winners Assess The Personality Of Rocks

A Massey University marketing lecturer has received the 2016 Ig Nobel Prize for economics for a research project that asked university students to describe the “brand personalities” of three rocks. More>>


Nurofen Promotion: Reckitt Benckiser To Plead Guilty To Misleading Ads

Reckitt Benckiser (New Zealand) intends to plead guilty to charges of misleading consumers over the way it promoted a range of Nurofen products, the Commerce Commission says. More>>


Get More From Scoop

Search Scoop  
Powered by Vodafone
NZ independent news