SANTA CLARA, Calif., July 11 /PRNewswire-FirstCall/ -- McAfee, Inc. , the global leader in Intrusion Prevention and Security Risk Management, today announced that it provides coverage for the 18 security vulnerabilities disclosed by Microsoft Corporation today. These vulnerabilities have been reviewed by McAfee(R) Avert(R) Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee. This includes deploying solutions to ensure protection against the vulnerabilities outlined in this advisory.
"Microsoft continues to provide numerous patches for critical vulnerabilities as seen today in the widely deployed Microsoft Office and Excel applications which accounted for 70% of the patched vulnerabilities," said Monty Ijzerman, senior manager of the Global Threat Group for McAfee Avert Labs. "McAfee sees this as part of the trend to attack and target applications as well as base operating systems. To date this year, 31 patches have been issued for applications in contrast to 41 for operating systems. For 2005 these numbers are 13 and 73 respectively."
Microsoft Vulnerability Overview:
-- MS06-033 - .NET 2.0 Application Folder Information Disclosure
Vulnerability
-- MS06-034 - Vulnerability in Microsoft Internet Information Services
using Active Server Pages Could Lead to Remote Code Execution
-- MS06-035 - Vulnerability in Server Service Could Allow Remote Code
Execution
-- MS06-036 - Vulnerability in DHCP Client Service Could Allow Remote Code
Execution
-- MS06-037 - Vulnerability in Microsoft Excel Could Allow Remote Code
Execution (917285)
-- MS06-038 - Vulnerability in Microsoft Office Could Allow Remote Code
Execution (917284)
-- MS06-039 - Vulnerability in Microsoft Office Could Allow Remote Code
Execution (915384)
Scope of Potential Compromise
Today's bulletins cover a total of eighteen vulnerabilities -- fourteen of which are rated critical due to their potential for remote code execution. Among the critical vulnerabilities, 13 pertain to Microsoft Excel and Microsoft Office. The remaining critical vulnerability, MS06-035 Mailstop Heap Overflow is a worm candidate since it is remotely exploitable without the need for user interaction on Windows 2000 SP4 and Windows XP SP1. Additionally, McAfee Avert Labs worked with Microsoft to responsibly disclose and patch the CVE-2006-1315 SMB Information Disclosure Vulnerability.
For additional information on today's vulnerabilities as well as information on current threats, visit McAfee's Threat Center at http://www.mcafee.com/us/threat_center/default.asp where you will find blogs http://www.avertlabs.com/research/blog/ from McAfee Avert Labs researchers. More information on the vulnerabilities can also be found at http://www.microsoft.com/technet/security/current.aspx .
McAfee Solutions
With McAfee's Security Risk Management approach, customers can effectively address business priorities and security realities. McAfee's award-winning solutions identify and block known and unknown attacks before they can cause damage.
By default, McAfee Host IPS v6.0 and McAfee Entercept(R) protect users against code execution that may result from exploitation of the buffer overflow/overrun vulnerabilities in Microsoft Excel, Microsoft Office, Microsoft Internet Information Services and DCHP Client Service. This "out of the box" protection is provided without the need for security content updates for either product.
McAfee VirusScan(R) Enterprise 8.0i and McAfee Managed VirusScan with AntiSpyware protect against attacks targeting the buffer overflow vulnerabilities in Microsoft Excel, Microsoft Office, Microsoft Internet Information Services, and DHCP Client Service.
McAfee IntruShield(R) provides coverage for the Microsoft Excel, Microsoft Office, Microsoft Server Service, DHCP Client Service and .NET 2.0 vulnerabilities through signature sets 1.8.78, 1.9.6, 2.1.44, 3.1.17. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.
The McAfee System Compliance Profiler, a component of McAfee ePolicy Orchestrator, is being updated for today's newly disclosed vulnerabilities to quickly assess compliance levels of the security patches announced today.
The McAfee Foundstone(R) and McAfee Policy Enforcer checks are being created to detect the vulnerabilities announced today, and will be available in the packages released today and tomorrow, respectively.
Avert DAT files have already been released to detect known exploits and new detection will be added as new exploits are discovered. McAfee users can refer to http://www.mcafee.com/us/threat_center/default.asp for information regarding any new threats attempting to exploit these vulnerabilities.
McAfee Avert Labs maintains one of the top-ranked security threat and research organizations in the world, employing researchers in 13 countries on five continents. The Labs combine world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise from the McAfee IntruShield, McAfee Entercept and McAfee Foundstone teams. McAfee protects customers by providing deep analysis and core technologies that are developed through the combined efforts of its researchers.
About McAfee, Inc.
McAfee Inc., headquartered in Santa Clara, California and the global leader in Intrusion Prevention and Security Risk Management, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security. http://www.mcafee.com/ .
NOTE: McAfee, Avert, IntruShield, Entercept, Foundstone, ePolicy Orchestrator, VirusScan are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United States and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
