The advisory, issued late last week by the New York State Office of Cyber Security and Critical Infrastructure Coordination (CSCIC), cautions businesses, government entities and home users. IIABNY’s member agency warning came in the form of an e-mail message sent across the state as well as a Web site posting at www.iiabny.org.
According to CSCIC’s advisory, “A new vulnerability has been discovered in the Microsoft Server Service that could allow a remote attacker to take complete control of the vulnerable system.” The advisory also warned that, “The attacker could then install programs; view, change, or delete data; or create new accounts with full privileges.” Microsoft on Oct. 24 updated the CSCIC advisory, identifying the “attacker” as a Trojan virus.
Possibly affected are the following Microsoft systems:
* Windows 2000
* Windows XP
* Windows Server 2003
* Windows Vista
* Windows Server 2008
Kathy Glahn, IIABNY assistant vice president of Information Systems, is concerned that member agencies could “accidentally pass on the virus, placing sensitive and proprietary information at risk.” Glahn suggests that IIABNY members visit the security section on the Web site of the Agents Council for Technology.
Established by the Big “I,” ACT provides technology information for agencies and brokerages, while collaborating with companies, vendors, user groups and other associations. Access ACT's secutity section page by visiting http://www.iiaba.net/na/16_AgentsCouncilForTechnology/NA20070710103244?ContentPreference=NA&ActiveState=AZ&ContentLevel1=ACT&ContentLevel2=&ContentLevel3=&ActiveTab=NA&StartRow=0
The CSCIC Web site offers this high-risk advisory, in its entirety, including technical recommendations and further Microsoft references. Visit http://www.cscic.state.ny.us/advisories/2008/2008-034b.cfm .
No comments:
Post a Comment