contents

software
 
McAfee Reacts as Microsoft Discloses New Windows Vulnerabilities

McAfee provides coverage for the new 25 Microsoft Windows security vulnerabilities disclosed by Microsoft. These vulnerabilities have been reviewed by McAfee Avert Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee. This includes deploying solutions to ensure protection against the vulnerabilities outlined in this advisory.

Microsoft Vulnerability Overview:
- MS06-056 - Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure
- MS06-057 - Vulnerability in Windows Shell Could Allow Remote Code Execution
- MS06-058 - Vulnerabilities in Microsoft PowerPoint Could Lead to Remote Code Execution
- MS06-059 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
- MS06-060 - Vulnerability in Microsoft Word Could Allow Remote Code Execution
- MS06-061 - Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution
- MS06-062 - Vulnerabilities in Microsoft Office Could Lead to Remote Code Execution
- MS06-063 - Vulnerability in Server Service Could Result in Denial of Service
- MS06-064 - Vulnerability in TCP-IP IPv6 Could Result in Denial of Service
- MS06-065 - Vulnerability in Windows Object Packager Could Allow Remote Execution

The ten security bulletins cover a total of twenty five Windows vulnerabilities and one Mac vulnerability. Among the vulnerabilities, fifteen are rated critical by Microsoft due to their potential for remote code execution. The MS06-057 vulnerability in Windows Shell has a rating of critical and has been exploited in so-called "drive by installs" and "drive by downloads" attacks through Internet Explorer. In addition the vulnerabilities in Word and PowerPoint have been used in targeted attacks.

With McAfee's Security Risk Management approach, customers can effectively address business priorities and security realities. McAfee's award-winning solutions identify and block known and unknown attacks before they can cause damage. McAfee will continue to update its coverage as needed as new exploit vectors are discovered and as new threats emerge. Out of the box, Host IPS protects against many buffer overflow exploits. McAfee Host IPS v6.0 and McAfee Entercept protect users against code execution that may result from common classes of exploits targeted at the buffer overflow/overrun vulnerabilities in Microsoft PowerPoint, XML Core Services, Microsoft Excel, Microsoft Word, Windows Shell, and Microsoft Office. This "out of the box" protection is provided without the need for security content updates for either product. The McAfee Vulnerability Shield package for McAfee Host IPS v6.0 customers provides specific protection against common classes of exploits targeted at the vulnerabilities in the Microsoft Word and Windows Shell. The Vulnerability Shield package is deployed through McAfee ePolicy Orchestrator to agents, protecting systems without a reboot.

McAfee VirusScan Enterprise 8.0i and McAfee Managed VirusScan with AntiSpyware protect users against code execution that may result from common classes of exploits targeted at the buffer overflow/overrun vulnerabilities in Microsoft PowerPoint, XML Core Services, Microsoft Excel, and Microsoft Office. McAfee IntruShield provides coverage for ASP.NET 2.0, Microsoft PowerPoint, Microsoft Excel, Microsoft Word, Windows Shell, Microsoft Office and Server Service vulnerabilities through the released signature sets. Coverage was provided in previous signature sets for Microsoft Excel, Microsoft Word, Microsoft PowerPoint, Windows Shell, and Server Service vulnerabilities. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks. The McAfee System Compliance Profiler is being updated for the newly disclosed vulnerabilities to quickly assess compliance levels of the announced security patches.

The McAfee Foundstone and McAfee Policy Enforcer checks are being created to detect the "fresh" vulnerabilities, and will be available in the packages released today and tomorrow, respectively. These checks are expected to accurately identify if a system is vulnerable in many enterprise environments.



write your comments about the article :: 2006 Computing News :: home page