contents | software | |||||||
| McAfee Protects Against Newly Disclosed Microsoft Vulnerabilities McAfee provides coverage for the seven new security vulnerabilities disclosed by Microsoft Corporation. These vulnerabilities have been reviewed by McAfee AVERT Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee, Inc. This includes deploying solutions to ensure protection against the exploits outlined in this advisory. Microsoft Vulnerability Overview: * MS06-011 - Permissive Windows Services DACLs Could Allow Elevation of Privilege * MS06-012 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution * Scope of Potential Compromise The bulletins cover a total of seven vulnerabilities-one vulnerability affecting Microsoft Windows Services and six vulnerabilities affecting Microsoft Office. If a user is logged on to vulnerable versions of Office with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An attacker who successfully exploited the Windows Services vulnerability would be able to elevate their privileges and could take complete control of an affected system. In both cases, the attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. With McAfee's Security Risk Management approach, customers can effectively address business priorities and security realities. McAfee's award-winning solutions identify and block known and unknown attacks before they can cause damage. By default, McAfee Host IPS v6.0 and McAfee Entercept protect users against code execution that may result from exploitation of the buffer overflow/overrun vulnerabilities in Microsoft Word, Microsoft Outlook, Microsoft PowerPoint and Microsoft Excel reported in MS06-012. This "out of the box" protection is provided with no need for security content updates for either product. McAfee will also release the first Vulnerability Shield package for McAfee Host IPS v6.0 customers providing specific protection against the vulnerability reported in MS06-011. This package will protect against non buffer overflow vulnerabilities and reduce the possibility of a denial-of- service as a result of buffer overflow attacks. The Vulnerability Shield package is deployed through McAfee ePolicy Orchestrator to agents, protecting systems without a reboot. McAfee VirusScan Enterprise 8.0i and McAfee Managed VirusScan with AntiSpyware protect against attacks targeting the buffer overflow/overrun vulnerabilities in Microsoft Word, Microsoft Outlook, Microsoft PowerPoint and Microsoft Excel reported in MS06-012. McAfee IntruShield will add protection against the vulnerability reported in MS06-11 and certain vulnerabilities reported in MS06-012. The updated signatures are included in signature sets 3.1.9, 2.1.36, 1.9.53, and 1.8.70, and will be available for download today. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks. McAfee Foundstone checks have been created that will detect all of these vulnerabilities, and will be available in the package. The McAfee System Compliance Profiler, a component of McAfee ePolicy Orchestrator, is being updated for MS06-012 to quickly assess compliance levels of the Microsoft Office security patches announced. write your comments about the article :: © 2006 Computing News :: home page |