SANS issues 'critical' patching recommendations

Microsoft, backup and security software top the list of critical to address flaws.

Six Microsoft flaws and assorted vulnerabilities in Veritas backup software, Computer Associates' and Zone Alarm products topped the SANS Institute's quarterly list of the most critical flaws to patch.

"Individuals and organizations that do not correct these problems face a heightened threat that remote, unauthorized hackers will take control of their computers and use them for identity theft, for industrial espionage or for distributing spam or pornography," SANS warned in a statement. "Particularly worrisome this quarter are the extensive vulnerabilities found in the most popular data backup products. Backup products are designed to prevent catastrophes by recording copies of important data and allowing those copies to be stored in a safe place. Unfortunately, those products have become easy targets for attackers and since they have access to substantially all data, their weaknesses create real danger."

Drawn from 422 new vulnerabilities reported during the second quarter of 2005, the flaws must meet five requirements according to SANS: (1) they affect a large number of users; (2) they have not been patched on a substantial number of systems; (3) they allow computers to be taken over by a remote, unauthorized user; (4) sufficient details are available to enable attackers to exploit them; and (5) they were discovered or first patched during the second three months of 2005. Topping the list are:

  • Microsoft Internet Explorer Multiple Vulnerabilities [MS05-020 and MS05-025];
  • Microsoft Exchange Server Extended Verb Overflow [MS05-021];
  • Windows Message Queuing Service Overflow [MS05-017];
  • Windows SMB Protocol Processing Overflow [MS05-027];
  • Windows HTML Help File Parsing Overflow [MS05-026];
  • Windows Shell Remote Code Execution [MS05-016];
  • Computer Associates BrightStor ARCServe Backup Overflow;
  • Veritas Backup Software Multiple Vulnerabilities;
  • Computer Associates and Zone Alarm Vet Library Overflow;
  • Oracle Cumulative Update April 2005;
  • RealNetworks RealPlayer Multiple Vulnerabilities;
  • Apple iTunes MPEG4 File Processing Overflow;
  • Mozilla and Firefox Browsers Multiple Vulnerabilities; and
  • Apple Cumulative Security Update 2005-005 and 2005-006.

"These critical vulnerabilities are widespread and many of them are being exploited, right now, in our homes and in our offices," Alan Paller, SANS' director of research, said in a statement. "We're publishing this list as a red flag for individuals as well as IT departments. Too many people are unaware of these vulnerabilities, or mistakenly believe their computers are protected."

SANS reports that the 422 new vulnerabilities discovered or reported this quarter represent an increase of 10.8% from the first quarter of 2005 [381] and an increase of nearly 20% from the second quarter of 2004 [352].

This article originally appeared on

Dig Deeper on Patches, alerts and critical updates



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: