Security Bytes: ISS warns of new Microsoft Windows flaw

Symantec fixes Brightmail AntiSpam flaw
Cupertino, Calif.-based antivirus giant Symantec Corp. has fixed multiple flaws in its Brightmail AntiSpam product. Attackers could exploit the flaws to read or modify confidential system information, Symantec said in an advisory.

"Symantec Brightmail AntiSpam fails to fully sanitize file names passed to the DATABLOB-GET / DATABLOB-SAVE requests of directory traversal sequences," Symantec said. "This directory traversal vulnerability could result in confidential system information being exposed."

During the installation of email scanners, Symantec said three options are given for identifying the Brightmail AntiSpam control center that will control the scanner. The first option is a local control center. The second option is to identify the control center by its IP address, and the third option allows the control center to connect from any computer.

Symantec said the third option could allow an attacker to impersonate the control center, exposing the following vulnerabilities:

The solution is to upgrade to Symantec Brightmail AntiSpam version 6.0.4 or to Symantec Mail Security (SMS) for SMTP version 5.0.

Tags: Security Patch Management,  Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Patch Management Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat How to manage patches for Adobe When is it suitable to remove Java updates? Email and Messaging Threats (spam, phishing, instant messaging) Messaging security risks have upper hand on solutions Web-based attacks skyrocket, pirating sites surge, security firms say Pushdo botnet uses Facebook to spread malicious email attachment Scareware report highlights successful business model How to prevent phishing attacks with social engineering tests Phishing protection begins with training, antiphishing evangelist Phishing attacks to remain a major problem, say security experts Barracuda acquires Purewire expanding Web security reach FBI raids phishing crime ring, nearly 100 arrested Massive phishing scheme affects Microsoft Hotmail accounts Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary attack vector  (SearchSecurity.com) back door  (SearchSecurity.com) ethical worm  (SearchSecurity.com) Patch Tuesday  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary