contents | products | |||||||
| McAfee solutions against newly disclosed Windows vulnerabilities McAfee, Inc., the leader in Intrusion Prevention and Security Risk Management, has announced that it provides coverage for the two security vulnerabilities released by Microsoft Corporation today. These vulnerabilities have been reviewed by McAfee AVERT Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee, Inc. This includes deploying solutions to ensure protection against the exploits outlined in this advisory. Microsoft Vulnerability Overview: -- MS06-002 -- Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519) -- MS06-003 -- Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412) Scope of Potential Compromise: Today's bulletin covers one vulnerability in Embedded Web fonts and one vulnerability in Microsoft Outlook and Microsoft Exchange. The most severe of these vulnerabilities, MS06-003, has two exploit scenarios involving both the client side, with vulnerable versions of Outlook, Office Language Interface Packs, Office MultiLanguage Packs or Office Multilingual User Interface Packs, and the server side, with vulnerable versions of Exchange. The most severe of these scenarios involves the server side, and is a potential candidate for a self-executing worm because it does not require any user interaction for a attacker to potentially exploit the vulnerability and take complete control of an affected system. An attacker could then install programs, view, change or delete data, or create new accounts with full user rights. More information on the vulnerabilities can be found athttp://vil.nai.com/vil/newly-discovered-viruses.aspandhttp://www.microsoft.com/technet/security/current.aspx. write your comments about the article :: © 2006 Networking News :: home page |