SANTA CLARA, Calif., April 11 /PRNewswire-FirstCall/ -- McAfee, Inc. , the global leader in Intrusion Prevention and Security Risk Management, has announced that it provides coverage for the 15 security vulnerabilities disclosed by Microsoft Corporation today. These vulnerabilities have been reviewed by McAfee(R) AVERT(R) Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee, Inc. This includes deploying solutions to ensure protection against the exploits outlined in this advisory.
"Among the Microsoft vulnerabilities announced today, two out of the ten Internet Explorer vulnerabilities have already been exploited and four more were previously disclosed," said Monty Ijzerman, senior manager of the Global Threat Group for McAfee AVERT Labs. "While there is the potential for further exploits targeting the Internet Explorer vulnerabilities, the vulnerability in the Microsoft Data Access Components (MDAC) also poses a serious concern. It can be exploited with minimal social engineering, requiring no user interaction other than simply visiting a malicious Web site."
Microsoft Vulnerability Overview:
-- MS06-013 -- Cumulative Security Update for Internet Explorer
-- MS06-014 -- Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution
-- MS06-015 -- Vulnerability in Windows Explorer Could Lead to Remote Code Execution
-- MS06-016 -- Cumulative Security Update for Outlook Express
-- MS06-017 -- Vulnerability Using Microsoft Front Page Server Extensions Could Allow Cross Site Scripting
Scope of Potential Compromise
Today's bulletins cover a total of 15 vulnerabilities -- 10 vulnerabilities affecting Microsoft Internet Explorer, two vulnerabilities in Microsoft Windows Explorer and one vulnerability in Microsoft Outlook Express, MDAC and Microsoft FrontPage. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of the client workstation. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
More information on the vulnerabilities can be found at http://www.mcafee.com/us/threat_center/default.asp and http://www.microsoft.com/technet/security/current.aspx .
McAfee Solutions
With McAfee's Security Risk Management approach, customers can effectively address business priorities and security realities. McAfee's award-winning solutions identify and block known and unknown attacks before they can cause damage.
By default, McAfee Host IPS v6.0 and McAfee Entercept(R) protect users against code execution that may result from exploitation of the buffer overflow/overrun vulnerabilities in Microsoft Outlook Express and Microsoft Internet Explorer. This "out of the box" protection is provided without the need for security content updates for either product.
The McAfee Vulnerability Shield package for McAfee Host IPS v6.0 customers provides specific protection against attacks that exploit the Microsoft MDAC vulnerability, the Internet Explorer createTextRange() vulnerability, and some of the other Internet Explorer vulnerabilities. This package will provide coverage for non-buffer overflow vulnerabilities and reduce the possibility of a denial-of-service as a result of buffer overflow attacks. The Vulnerability Shield package is deployed through McAfee ePolicy Orchestrator(R) to agents, protecting systems without a reboot.
McAfee VirusScan(R) Enterprise 8.0i and McAfee Managed VirusScan with AntiSpyware protect against attacks targeting the buffer overflow vulnerabilities in Microsoft Internet Explorer and Microsoft Outlook Express.
While McAfee IntruShield(R) already provides protection for Internet Explorer createTextRange() vulnerability, more coverage for both the Microsoft Internet Explorer and MDAC vulnerabilities will be provided today through signature set 3.1.11. The updated signatures for Microsoft FrontPage, Microsoft Windows Explorer and Microsoft Outlook Express are included in signature sets 1.8.72, 1.9.55, 2.1.38, 3.1.11 and will also be available for download today. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.
The McAfee System Compliance Profiler, a component of McAfee ePolicy Orchestrator(R), is being updated for the Microsoft Internet Explorer, MDAC, Microsoft Outlook Express and Microsoft Windows Explorer vulnerabilities to quickly assess compliance levels of the security patches announced today.
The McAfee Foundstone(R) and McAfee Policy Enforcer checks are being created to detect the vulnerabilities announced today, and will be available in the packages released today and tomorrow, respectively.
AVERT DAT files have already been released to detect known vulnerabilities and new detection will be added as new exploits are discovered. McAfee users can refer to http://www.mcafee.com/us/threat_center/default.asp for information regarding any new threats attempting to exploit these vulnerabilities.
McAfee AVERT Labs maintains one of the top-ranked security threat and research organizations in the world, employing researchers in 13 countries on five continents. The Labs combine world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise from the McAfee IntruShield, McAfee Entercept and McAfee Foundstone teams. McAfee protects customers by providing deep analysis and core technologies that are developed through the combined efforts of its researchers.
About McAfee, Inc.
McAfee Inc., headquartered in Santa Clara, California and the global leader in Intrusion Prevention and Security Risk Management, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security. http://www.mcafee.com/
NOTE: McAfee, AVERT, IntruShield, Entercept, Foundstone, ePolicy Orchestrator, VirusScan are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United States and/or other countries. The McAfee color Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. (C) 2006 McAfee, Inc. All Rights Reserved.
