ServerWatch News Briefs for October 21, 2003
- Clearswift Releases New Version of E-Mail Management Solution
- Unisys ES7000 Sets Record Oracle 10g Benchmark
- CERT Advisory Issued for Windows, Exchange
Clearswift Releases New Version of E-Mail Management Solution
Clearswift Monday unveiled the latest iteration of Enterprisesuite, its e-mail management solution; Unisys released test results showing it had set a record TPC-C benchmark for Oracle 10g on an ES7000 server; and CERT warned of five Microsoft Windows and Exchange vulnerabilities.
Clearswift Monday unveiled Enterprisesuite (ES) 6.1, an e-mail management solution designed to help organizations address the potential legal and public ramifications of e-mail communication and assist them in meeting regulatory compliance standards, such as though set by the Sarbanes-Oxley Act of 2002 and the International Accounting Standards.
ES 6.1 combines content security tools with an umbrella-like management interface to enable organizations to enforce e-policies across the entire organization and thus ensure compliance with regulatory standards.
The cornerstone of the solution is protection from e-mail security threats, including spam, pornography, and viruses.
The five components of version 6.1 are:
- Anti-spam "Strata Solution" and Customization Services, which allows the transparent implementation of multilayered anti-spam tools
- Boundary Protection Solution, which protects the gateway from incoming threats and safeguards corporate assets while keeping communications accessible
- Privacy Solution, which applies consistent encryption to confidential communication without requiring e-mail recipients to install additional software
- Gatekeeper Solution, which enables organizations to meet compliance standards by enforcing best practices and enforcing compliance rules
- Enterprise Solution, which underpins the other solutions with consistent implementation, management, and e-policy enforcement
Also new in version 6.1 are improved versions of the ES ClearBase MS Exchange engine, ES ClearEdge SMTP engine, and the ES ClearSecure encryption engine. New to the fold is the ES ClearPoint Policy Management Infrastructure.
Unisys Monday announced that its ES7000 running Oracle Database 10g Enterprise Edition set a new record in price/performance for a high-end server (i.e., greater than 8-processors) based on TPC-C benchmarking tests. The test also found the ES7000 achieved the best price/performance of any server in the over 200,000 transactions per minute (tpmC) class.
The TPC-C benchmark is the IT industry's most widely consulted measure of server performance and price/performance.
The 16-way Unisys ES7000 Aries 420 Enterprise Server used for the benchmark recorded 291,410.61 tpmC at $5.28 per tpmC. The server was equipped with 16 Intel Itanium 2 processors running at 1.5 GHz, each with 6 MB of Level 3 (iL3) cache and 128 GB of memory. It ran the Oracle Database 10g on Microsoft's Windows Server 2003, Datacenter Edition 64-bit for Itanium-Based Systems operating system.
The complete benchmark configuration will be made public on February 15, 2004.
The test was conducted using the Transaction Processing Performance Council's "C" methodology for measuring online transaction processing (OLTP) performance. The benchmark is modeled after actual transaction-intensive production environments and features multiple transaction types against a complex database structure typical of real-world, large-scale enterprise applications.
Affected are multiple versions of Microsoft Windows (ME, NT 4.0, NT 4.0 TSE, 2000, XP, and Server 2003) and Microsoft Exchange Server (versions 5.5 and 2000).
Microsoft acknowledged the vulnerabilities last week in its monthly HotFix & Security Bulletin Service. In an effort to release security patches on a predictable schedule, the software company recently changed how it distributes patches. Going forward, monthly advisories will be issued on the second Tuesday of each month.
The two most egregious vulnerabilities CERT cited were VU#575892, a buffer overflow in Microsoft Windows Messenger Service that could allow an attacker to execute arbitrary code, and VU#422156, a vulnerability in Microsoft Exchange Server in which the server fails to properly handle specially crafted SMTP extended verb requests. In Exchange 5.5, this can lead to a denial-of-service condition; in Exchange 2000, this could permit an attacker to run arbitrary code.
Vulnerabilities that may permit an attacker to execute arbitrary code if the attacker can convince the victim to take some specific action (e.g., viewing a Web page or an HTML e-mail message) were also cited.
Another vulnerability was identified in the ListBox and ComboBox controls that could allow a local user to gain elevated privileges.
The impact of these vulnerabilities ranges from denial of service to the ability to execute arbitrary code.
To remove the vulnerabilities, Microsoft recommends first disabling the Messenger service (in the case of the buffer overflow in Microsoft Windows Messenger Service) and evaluating the need to apply the patch. If Messenger service is not required, it should be left in the disabled state.Patches for all of these problems are available in this month's Microsoft Security Bulletin. In many cases, the easiest way to obtain these patches will be by running Windows Update.