UK News Releases
QualysGuard Updated to Detect and Report Latest BIND Vulnerability Threat
Qualys delivers latest BIND vulnerability updates, within three days of discovery, via its hosted application QualysGuard
The new attack allows electronic intruders to seize on the vulnerability and gain control of domain name servers. Once in control of these devices, attackers could conceivably change and reroute the Protocol addresses. IT departments have been urged to update versions 4 and 8 of BIND immediately to BIND Version 9.1.0.
QualysGuard, a hosted application, detects and reports network vulnerabilities, and is accessed via a secure browser that requires no dedicated hardware or software. The application is updated by Qualys on a daily basis for new network vulnerabilities, which are made available to QualysGuard users automatically. In the instance of the latest BIND vulnerabilities, the process of discovery, coding, documentation and updating the application has taken Qualys just three days.
"The threat of this vulnerability cannot be understated," said Adil Pastakia, Qualys Managing Director of Northern Europe and Middle East Operations, "Any internet traffic relying on versions 4 and 8 of BIND can be seriously disrupted or even brought to a halt. The speed of Qualys' response to this new threat will become apparent to companies using traditional shrink-wrapped vulnerability auditing solutions. For these companies, not only is the onus on the user to initiate the process, but it could take anything up to 6 months to proliferate across the user base. This time-lag period will leave them open to attacks from hackers."
Notes to EditorsThe four BIND vulnerabilities reported on Monday 29th January by PGP Security, a unit of Network Associates Inc. in the US, are as follows:
- ISC Bind 8 Transaction Signatures Heap Overflow Vulnerability
- ISC Bind 8 Transaction Signatures Buffer Overflow Vulnerability
- ISC Bind 4 nslookupComplain() Buffer Overflow Vulnerability
- ISC Bind 4 nslookupComplain() Format String Vulnerability
About QualysGuardQualysGuard is a subscription-based, automated service that assesses on an ongoing basis the security of Internet entry points to corporate networks. Subscribers use the service to gain an enterprise-wide view of network security exposures, recommended fixes, and access to the most up-to-date resources, customised for their particular needs.
About QualysWith more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys' on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
Contact: Jane Folwell
+44 13 4484 5132