SANTA CLARA, Calif., April 3 /PRNewswire-FirstCall/ -- McAfee, Inc. , announced that it provides coverage for the security vulnerabilities disclosed by Microsoft Corporation today. This out-of-cycle patch contains seven security vulnerabilities, five of which were not previously disclosed. These vulnerabilities have been reviewed by McAfee(R) Avert(R) Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee. This includes deploying solutions to ensure protection against the vulnerabilities outlined in this advisory.
"Today Microsoft issued a rare out-of-cycle patch to fix vulnerabilities in GDI," said Dave Marcus, security research and communications manager, McAfee Avert Labs. "McAfee Avert Labs is always concerned when Microsoft releases an out-of-cycle patch. We urge our customers and the computing public to take this release seriously, as there has already been active exploitation of at least one of these vulnerabilities in the wild. Consumers and enterprise users should immediately evaluate this patch as well as ensure that they have up-to-date proactive security technologies in place to mitigate and manage all risk."
Microsoft Vulnerability Overview:
-- MS07-017 - Vulnerabilities In GDI Could Allow Remote Code Execution
Microsoft released a security advisory last week, warning customers that a vulnerability in Windows ANI files was allowing hackers to break into computers and install malicious software. The files are used to change the mouse cursor into an hourglass icon or another animated option while a program is busy. The so-called zero-day attack is aimed at PCs running Windows. McAfee was first to discover the ANI exploit and worked with Microsoft to proactively disclose this vulnerability. McAfee has rated the exploit "highly critical" and suggests that users download the patch as soon as Microsoft releases it.
McAfee has been actively updating its partners, customers and the public on this Microsoft issue via its Avert Labs security research blog available at http://www.avertlabs.com/research/blog/.
With McAfee's security risk management approach, customers can effectively address business priorities and security realities. McAfee will continue to update its coverage as needed, as new exploit vectors are discovered and new threats emerge. For a complete description of McAfee's individual product coverage for the vulnerabilities announced today by Microsoft, visit http://vil.nai.com/vil/newly_discovered_vulnerabilities.aspx.
McAfee Avert Labs maintains one of the top-ranked security threat and research organizations in the world, employing security researchers in 16 countries around the globe. The Labs combines world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise. McAfee protects customers by providing deep analysis and core technologies that are developed through the combined efforts of its researchers. McAfee Avert Labs continually monitors the Internet for new threats and attack vectors on a daily basis. Whenever possible, we will update our security technologies and coverage as these new threats and vectors emerge.
About McAfee, Inc.
McAfee Inc., the leading dedicated security technology company, headquartered in Santa Clara, California, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security. http://www.mcafee.com/.
NOTE: McAfee is a registered trademark of McAfee, Inc. and/or its affiliates in the United States and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. (C) 2006 - 2007 McAfee, Inc. All Rights Reserved.
