Vulnerability Advisory: McAfee, Inc. Solutions Protect Against 11 Newly Disclosed Microsoft Windows Vulnerabilities

McAfee, Inc. (NYSE: MFE) announced that it provides coverage for the 11 security vulnerabilities disclosed by Microsoft Corporation today. These vulnerabilities have been reviewed by McAfee(R) Avert(R) Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee. This includes deploying solutions to ensure protection against the vulnerabilities outlined in this advisory.

"Today Microsoft patched a variety of components and applications but has yet to patch the zero-day Word vulnerabilities that surfaced last week. The latter event confirms the trend of malware writers releasing zero-day exploits within a week of Patch Tuesday to maximize their exposure," said Dave Marcus, security research and communications manager, McAfee Avert Labs. "Users running Windows 2000 with the Remote Installation Service should be particularly concerned about this update because the vulnerability allows anonymous users to remotely change operating system installs."

Microsoft Vulnerability Overview:

-- MS06-072 -- Cumulative Security Update for Internet Explorer

-- MS06-073 -- Vulnerability Visual Studio 2005 Could Allow Remote Code

Execution

-- MS06-074 -- Vulnerability in SNMP Could Allow Remote Code Execution

-- MS06-075 -- Vulnerability in Windows Could Allow Elevation of Privilege

-- MS06-076 -- Cumulative Security Update for Outlook Express

-- MS06-077 -- Vulnerability in Remote Installation Service Could Allow

Remote Code Execution

-- MS06-078 -- Vulnerability in Windows Media Player Could Allow Remote

Code Execution

Scope of Potential Compromise

Today's seven security bulletins cover a total of 11 vulnerabilities. Among the vulnerabilities, five are rated critical by Microsoft due to their potential for remote code execution. The MS06-073 vulnerability in Visual Studio 2005 has been previously exploited and given a critical rating by Microsoft. Users of Visual Studio 2005 are at risk of drive-by installs from malicious Web sites that download harmful code.

For additional information on today's vulnerabilities as well as information on current threats, visit McAfee's Threat Center at http://www.mcafee.com/us/threat_center/default.asp where you will find blogs http://www.avertlabs.com/research/blog/ from McAfee Avert Labs researchers. More information on the vulnerabilities can also be found at http://www.microsoft.com/technet/security/current.aspx .

McAfee Solutions

With McAfee's security risk management approach, customers can effectively address business priorities and security realities. McAfee's award-winning solutions identify and block known and unknown attacks before they can cause damage. McAfee will continue to update its coverage as needed as new exploit vectors are discovered and as new threats emerge.

Out of the box, Host IPS protects against many buffer overflow exploits. McAfee Host IPS v6.0 and McAfee Entercept(R) protect users against code execution that may result from common classes of exploits targeted at the buffer overflow/overrun vulnerabilities in Internet Explorer, SNMP, Outlook Express, and Windows Media Player. This "out of the box" protection is provided without the need for security content updates for either product.

The McAfee Vulnerability Shield package for McAfee Host IPS v6.0 customers provides specific protection against common classes of exploits targeted at the vulnerabilities in Visual Studio 2005, Outlook Express, Remote Installation Service, and Windows Media Player. The Vulnerability Shield package is deployed through McAfee ePolicy Orchestrator(R) to agents, protecting systems without a reboot.

McAfee VirusScan(R) Enterprise 8.0i, McAfee VirusScan(R) Enterprise 8.5i and McAfee Managed VirusScan with AntiSpyware protects users against code execution that may result from common classes of exploits targeted at the buffer overflow/overrun vulnerabilities in Internet Explorer, Outlook Express and Windows Media Player.

McAfee IntruShield(R) provides coverage for Internet Explorer, Visual Studio 2005, SNMP, Outlook Express, Remote Installation Service and Windows Media Player vulnerabilities through signature sets released today. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.

The McAfee System Compliance Profiler, a component of McAfee ePolicy Orchestrator, is being updated for today's newly disclosed vulnerabilities to quickly assess compliance levels of the security patches announced today. The McAfee Foundstone(R) and McAfee Policy Enforcer checks are being created to detect the vulnerabilities announced today, and will be available in the packages released today and the day after tomorrow, respectively. These checks are expected to accurately identify vulnerable systems in many enterprise environments.

Avert DAT files with new detection will be added as new exploits are discovered. McAfee users can refer to http://www.mcafee.com/us/threat_center/default.asp for information regarding any new threats attempting to exploit these vulnerabilities. McAfee Avert Labs maintains one of the top-ranked security threat and research organizations in the world, employing researchers in 16 countries around the globe. Avert Labs combine world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise. McAfee protects customers by providing deep analysis and core technologies that are developed through the combined efforts of its researchers. McAfee Avert Labs continually monitors the Internet for new threats and attack vectors on a daily basis. Whenever possible, we will update our security technologies and coverage as these new threats and vectors emerge.

About McAfee, Inc.

McAfee Inc., the leading dedicated security technology company, headquartered in Santa Clara, California, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security. http://www.mcafee.com .

NOTE: McAfee is a registered trademark of McAfee, Inc. and/or its affiliates in the United States and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

Author:  

Email:    

Topic:    

Content: