Week in Security: Windows Server 2003 Support, Cisco And Microsoft Flaws

%95 Security vendors chimed in on Microsoft's Windows Server 2003 launch with supporting products, including antivirus supplier Trend Micro, which introduced ServerProtect version 5.56. Biometrics vendors also weighed in with Saflink unveiling the availability of SAFsolution Enterprise Edition biometrics software for Windows Server 2003 and DigitalPersona offering fingerprint authentication for the new operating system with its U.are.U Pro for Active Directory product.

%95 Cisco Systems said Cisco Secure Access Control Server for Windows is vulnerable to a buffer overflow on the administration service that runs on TCP port 2002. An attacker could exploit the flaw to launch a denial-of-service or obtain system administrator access. Cisco is offering fixed software and recommending that customers install patches or upgrade quickly. In another alert, Cisco said its Catalyst software allows unauthorized access to the enable mode in the 7.5 (1) release. The problem is fixed in version 7.6 (1) and customers should upgrade as soon as possible, according to Cisco. The flaws are documented in Cisco Bug ID CSCea51366 and CSCea42030.

%95 Microsoft issued a cumulative patch that includes all previously released patches for Internet Explorer 5.01, 5.5 and 6.0, and also fixes four new vulnerabilities. Microsoft described the patch as critical in Microsoft Security Bulletin MS03-015. In Microsoft Security Bulletin MS03-014, the vendor issued a cumulative patch for Outlook Express, and in bulletin MS03-007 it issued a revised patch for an unchecked buffer in a component of Windows 2000 and NT 4.0.

%95 Symantec beat Wall Street expectations for its fourth quarter, posting net income of $68 million on $390 million in sales. Symantec's pro forma income of $78 million, or 47 cents per share, excluding amortization and one-time charges, topped the 46 cents per share that analysts had forecast, according to Thomson Financial/First Call consensus estimates. Revenue for fiscal year 2003 was $1.4 billion, up 31 percent over $1.07 billion in fiscal 2002.

%95 NetScreen Technologies posted second-quarter income of $5.9 million on $58.3 million in sales, compared with a loss of $3.3 million on $32 million in sales the same quarter a year ago.

%95 Websense, a supplier of Internet filtering software, launched Websense Enterprise for Small and Medium Businesses, targeting companies with 1,000 or fewer employees. The product operates on a single server without a firewall, cache or proxy device and allows administrators to control employee access to instant messaging and file sharing programs in addition to the Web.

%95 Fortinet, a supplier of ASIC-based antivirus firewall systems, launched its U.S. Fortinet Partner Program and said it has signed more than 50 solution providers. Program benefits include maintenance annuities, sales and support assistance, training, sales tools and marketing programs.

%95 Spectrum Systems, a Fairfax, Va.-based solution provider specializing in security and network management, said it was awarded a California Multiple Award Schedule Contract, which allows California state and local government agencies to procure IT solutions from Spectrum's more than 20 vendor partners. The contract runs through Sept. 28, 2007.

%95 GFI, a supplier of security products for Windows-based networks, released a white paper for network administrators on patch management. The document is available for download.