contents | technologies | |||||||
| Newly disclosed Microsoft Windows vulnerabilities McAfee, Inc., the leader in Intrusion Prevention and Security Risk Management, has announced that it provides coverage for all five security vulnerabilities released by Microsoft Corporation today. These vulnerabilities have been reviewed by McAfee AVERT Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee, Inc. This includes deploying solutions to ensure protection against the exploits outlined in this advisory. Microsoft Vulnerability Overview: -- MS05-054 -- Cumulative Security Update for Internet Explorer (905915) -- MS05-055 -- Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523) Scope of Potential Compromise Today's bulletin covers four vulnerabilities in Internet Explorer and one vulnerability in the Windows kernel. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. More information on the vulnerabilities can be found athttp://vil.nai.com/vil/newly-discovered-viruses.aspandhttp://www.microsoft.com/technet/security/current.aspx. McAfee Solutions With McAfee's Security Risk Management approach, customers can effectively address business priorities and security realities. McAfee's award-winning solutions identify and block known and unknown attacks before they can cause damage. McAfee Entercept, by default, protects users against code execution that may result from exploitation of the buffer overflow/overrun vulnerabilities reported in MS05-054. This protection functions regardless of whether the latest McAfee Entercept security content has been updated. In addition, both McAfee VirusScan(R) Enterprise 8.0i and McAfee Managed VirusScan also protect against attacks targeting the buffer overflow vulnerabilities reported in MS05-054. McAfee IntruShield will add protection against all of the MS05-054 vulnerabilities disclosed by Microsoft today. The updated signatures are included in signature sets 3.1.4, 2.1.31, 1.9.48, 1.8.65 and will be available for download today. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks. McAfee Foundstone checks have been created that will detect all of these vulnerabilities and will also be available in the package released today, including MS05-055. The McAfee System Compliance Profiler, a component of McAfee ePolicy Orchestrator, has been updated to quickly assess compliance levels of Microsoft security patches for all of the vulnerabilities announced today, including MS05-055. The McAfee VirusScan DAT released 11/21/05 covers the known exploits that target the DOM Object Memory Corruption vulnerability in MS05-054. As new exploits are discovered, McAfee will add detection and removal capabilities to the DATs. McAfee users can refer tohttp://vil.nai.com/vil/newly-discovered-viruses.asp for information regarding any new threats attempting to exploit these vulnerabilities. McAfee AVERT Labs maintains one of the top-ranked security threat and research organizations in the world, employing researchers in thirteen countries on five continents. The Labs combine world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise from the McAfee IntruShield, McAfee Entercept and McAfee Foundstone Research and McAfee Foundstone Professional Services organizations. McAfee protects customers by providing deep analysis and core technologies that are developed through the combined efforts of its researchers. write your comments about the article :: © 2005 Networking News :: home page |