Vulnerability Advisory: McAfee, Inc. Solutions Protect Against 25 Newly Disclosed Microsoft Windows Vulnerabilities6 November 2006
McAfee, Inc. (NYSE: MFE), announced that it provides coverage for the 25 Windows security vulnerabilities disclosed by Microsoft Corporation today. These vulnerabilities have been reviewed by McAfee(R) Avert(R) Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee. This includes deploying solutions to ensure protection against the vulnerabilities outlined in this advisory.
"Today we are seeing a record high number of vulnerabilities being patched in a single month," said Monty Ijzerman, senior manager of the Global Threat Group for McAfee Avert Labs. "Among the 26 vulnerabilities being patched, 15 are rated critical by Microsoft, and 16 target applications. This continues the trend toward applications-based malware and application-targeted vulnerabilities."
Microsoft Vulnerability Overview:
-- MS06-056 -- Vulnerability in ASP.NET 2.0 Could Allow Information
Disclosure
-- MS06-057 -- Vulnerability in Windows Shell Could Allow Remote Code
Execution
-- MS06-058 -- Vulnerabilities in Microsoft PowerPoint Could Lead to
Remote Code Execution
-- MS06-059 -- Vulnerabilities in Microsoft Excel Could Allow Remote Code
Execution
-- MS06-060 -- Vulnerability in Microsoft Word Could Allow Remote Code
Execution
-- MS06-061 -- Vulnerabilities in Microsoft XML Core Services Could Allow
Remote Code Execution
-- MS06-062 -- Vulnerabilities in Microsoft Office Could Lead to Remote
Code Execution
-- MS06-063 -- Vulnerability in Server Service Could Result in Denial of
Service
-- MS06-064 -- Vulnerability in TCP-IP IPv6 Could Result in Denial of
Service
-- MS06-065 -- Vulnerability in Windows Object Packager Could Allow Remote
Execution
Scope of Potential Compromise
Today's 10 security bulletins cover a total of 25 Windows vulnerabilities and one Mac vulnerability. Among the vulnerabilities, 15 are rated critical by Microsoft due to their potential for remote code execution. The MS06-057 vulnerability in Windows Shell has a rating of critical and has been exploited in so-called "drive by installs" and "drive by downloads" attacks through Internet Explorer. In addition the vulnerabilities in Word and PowerPoint have been used in targeted attacks.
For additional information on today's vulnerabilities as well as information on current threats, visit McAfee's Threat Center at http://www.mcafee.com/us/threat_center/default.asp where you will find blogs http://www.avertlabs.com/research/blog/ from McAfee Avert Labs researchers. More information on the vulnerabilities can also be found at http://www.microsoft.com/technet/security/current.aspx .
McAfee Solutions
With McAfee's Security Risk Management approach, customers can effectively address business priorities and security realities. McAfee's award-winning solutions identify and block known and unknown attacks before they can cause damage. McAfee will continue to update its coverage as needed as new exploit vectors are discovered and as new threats emerge.
Out of the box, Host IPS protects against many buffer overflow exploits. McAfee Host IPS v6.0 and McAfee Entercept(R) protect users against code execution that may result from common classes of exploits targeted at the buffer overflow/overrun vulnerabilities in Microsoft PowerPoint, XML Core Services, Microsoft Excel, Microsoft Word, Windows Shell, and Microsoft Office. This "out of the box" protection is provided without the need for security content updates for either product.
The McAfee Vulnerability Shield package for McAfee Host IPS v6.0 customers provides specific protection against common classes of exploits targeted at the vulnerabilities in the Microsoft Word and Windows Shell. The Vulnerability Shield package is deployed through McAfee ePolicy Orchestrator(R) to agents, protecting systems without a reboot.
McAfee VirusScan(R) Enterprise 8.0i and McAfee Managed VirusScan with AntiSpyware protect users against code execution that may result from common classes of exploits targeted at the buffer overflow/overrun vulnerabilities in Microsoft PowerPoint, XML Core Services, Microsoft Excel, and Microsoft Office.
McAfee IntruShield(R) provides coverage for ASP.NET 2.0, Microsoft PowerPoint, Microsoft Excel, Microsoft Word, Windows Shell, Microsoft Office and Server Service vulnerabilities through signature sets released today. Coverage was provided in previous signature sets for Microsoft Excel, Microsoft Word, Microsoft PowerPoint, Windows Shell, and Server Service vulnerabilities. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.
The McAfee System Compliance Profiler, a component of McAfee ePolicy Orchestrator, is being updated for today's newly disclosed vulnerabilities to quickly assess compliance levels of the security patches announced today.
The McAfee Foundstone(R) and McAfee Policy Enforcer checks are being created to detect the vulnerabilities announced today, and will be available in the packages released today and tomorrow, respectively. These checks are expected to accurately identify if a system is vulnerable in many enterprise environments.
Avert DAT files with new detection will be added as new exploits are discovered. McAfee users can refer to http://www.mcafee.com/us/threat_center/default.asp for information regarding any new threats attempting to exploit these vulnerabilities.
McAfee Avert Labs maintains one of the top-ranked security threat and research organizations in the world, employing researchers in 16 countries around the globe. The Labs combine world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise. McAfee protects customers by providing deep analysis and core technologies that are developed through the combined efforts of its researchers. McAfee Avert Labs continually monitors the Internet for new threats and attack vectors on a daily basis. Whenever possible, we will update our security technologies and coverage as these new threats and vectors emerge.
About McAfee, Inc.
McAfee Inc., headquartered in Santa Clara, California and the global leader in Intrusion Prevention and Security Risk Management, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security. http://www.mcafee.com
NOTE: McAfee, Avert, IntruShield, Entercept, Foundstone, ePolicy Orchestrator, VirusScan are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United States and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
Source: prnewswire
All trademarks and copyrighted information contained herein are the property of their respective owners.
The Shield Pro 2006
Related Articles
|
