All ISS RealSecure and BlackICE users should be aware of a new worm that attacks the BlackICE IDS engine within the following ISS Products: BlackICE(tm) Agent for Server 3.6 ebz, ecd, ece, ecf BlackICE PC Protection 3.6 cbz, ccd, ccf BlackICE Server Protection 3.6 cbz, ccd, ccf RealSecure(r) Network 7.0, XPU 22.4 and 22.10 RealSecure Server Sensor 7.0 XPU 22.4 and 22.10 RealSecure Desktop 7.0 ebf, ebj, ebk, ebl RealSecure Desktop 3.6 ebz, ecd, ece, ecf RealSecure Guard 3.6 ebz, ecd, ece, ecf RealSecure Sentry 3.6 ebz, ecd, ece, ecf ISS is advising ALL users to update these products immediately to prevent spread of the worm. Updates are available from the ISS web site or via Site Protector. REFERENCES Symantec: http://securityresponse.symantec.com/avcenter/venc/data/w32.witty.worm.h tml ISS X-Force: http://xforce.iss.net/xforce/alerts/id/167 SANS Internet Storm Center: http://isc.incidents.org/diary.html?date=2004-03-20 Contact ISS support for additional help (Anitian customers can contact me if you need emergency on-site support.) ___________________________________ Andrew Plato, CISSP President/Principal Consultant ANITIAN ENTERPRISE SECURITY 3800 SW Cedar Hills Blvd, Suite 298 Beaverton, OR 97005 503-644-5656 Office 503-214-8069 Fax 503-201-0821 Mobile www.anitian.com ___________________________________ GPG fingerprint: 16E6 C5B0 B6CB F287 776E E9A9 AF47 9914 3582 633D GPG public key available at: http://www.anitian.com/corp/keys.htm
This archive was generated by hypermail 2b30 : Mon Mar 22 2004 - 12:34:53 PST