Vulnerability Advisory: McAfee, Inc. Solutions Protect against 13 Newly Disclosed Microsoft Windows Vulnerabilities
(Archive News Story - Products mentioned in this Archive News Story may or may not be available from the manufacturer.)
3965 Freedom Circle
Santa Clara, CA, 95054
Press release date: November 14, 2006
McAfee Intrusion Prevention and Security Risk Management Solutions Provide Protection to Identify and Block Potential New Attacks
SANTA CLARA, Calif., Nov. 14 -- McAfee, Inc. (NYSE:MFE), announced that it provides coverage for the 13 security vulnerabilities disclosed by Microsoft Corporation today. These vulnerabilities have been reviewed by McAfee® Avert Labs, and based on its findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee. This includes deploying solutions to ensure protection against the vulnerabilities outlined in this advisory.
"Among the vulnerabilities patched by Microsoft today, the Internet Explorer DirectAnimation Path ActiveX Control and XML Core Service vulnerabilities have been exploited in drive-by attacks through Internet Explorer," said Monty Ijzerman, senior manager of the Global Threat Group for McAfee Avert Labs. "Of the other vulnerabilities patched, the one in the Workstation Service stands out, as it can be used to create a fully automated worm which could cripple Internet traffic and compromise Windows 2000 systems on a global scale."
Microsoft Vulnerability Overview: o MS06-066 -- Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution o MS06-067 -- Cumulative Security Update for Internet Explorer o MS06-068 -- Vulnerability in Microsoft Agent Could Allow Remote Code Execution o MS06-069 -- Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution o MS06-070 -- Vulnerability in Workstation Service Could Allow Remote Code Execution o MS06-071 -- Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
Scope of Potential Compromise
Today's six security bulletins cover a total of 13 vulnerabilities. Among the vulnerabilities, 11 are rated critical by Microsoft due to their potential for remote code execution. The MS06-070 vulnerability in Workstation Service has a rating of critical due to its potential for remote code execution. In addition, the vulnerabilities in Internet Explorer and XML have been used in targeted attacks. McAfee Avert Labs worked with Microsoft to responsibly disclose and patch the MS06-066 Vulnerabilities in Client Service for NetWare.
For additional information on today's vulnerabilities, as well as information on current threats, visit McAfee's Threat Center at http://www.mcafee.com/us/threat_center/default.asp , where you will find blogs http://www.avertlabs.com/research/blog/ from McAfee Avert Labs researchers. More information on the vulnerabilities can also be found at http://www.microsoft.com/technet/security/current.aspx .
With McAfee's security risk management approach, customers can effectively address business priorities and security realities. McAfee's award-winning solutions identify and block known and unknown attacks before they can cause damage. McAfee will continue to update its coverage as needed as new exploit vectors are discovered and as new threats emerge.
Out of the box, Host IPS protects against many buffer overflow exploits. McAfee Host IPS v6.0 and McAfee Entercept® protect users against code execution that may result from common classes of exploits targeted at the buffer overflow/overrun vulnerabilities in Client Service for NetWare, Internet Explorer, Microsoft Agent, Macromedia Flash Player and Workstation Service. This "out of the box" protection is provided without the need for security content updates for either product.
The McAfee Vulnerability Shield package for McAfee Host IPS v6.0 customers provides specific protection against common classes of exploits targeted at the vulnerabilities in Client Service for NetWare, Internet Explorer DirectAnimation ActiveX Controls, Microsoft Agent, Workstation Service and Microsoft XML Core Services. The Vulnerability Shield package is deployed through McAfee ePolicy Orchestrator® to agents, protecting systems without a reboot.
McAfee VirusScan® Enterprise 8.0i and McAfee Managed VirusScan with AntiSpyware protect users against code execution that may result from common classes of exploits targeted at the buffer overflow/overrun vulnerabilities in Client Service for NetWare, Internet Explorer HTML Rendering Memory Corruption, Macromedia Flash Player and Workstation Service.
McAfee IntruShield® provides coverage for Client Service for NetWare, Internet Explorer, Microsoft Agent, Macromedia Flash Player, and Workstation Service vulnerabilities through signature sets released today. Coverage was provided in previous signature sets for Internet Explorer and Microsoft XML Core Services vulnerabilities. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.
The McAfee System Compliance Profiler, a component of McAfee ePolicy Orchestrator, is being updated for today's newly disclosed vulnerabilities to quickly assess compliance levels of the security patches announced today.
The McAfee Foundstone® and McAfee Policy Enforcer checks are being created to detect the vulnerabilities announced today, and will be available in the packages released today and the day after tomorrow, respectively. These checks are expected to accurately identify if a system is vulnerable in many enterprise environments.
Avert DAT files with new detection will be added as new exploits are discovered. McAfee users can refer to http://www.mcafee.com/us/threat_center/default.asp for information regarding any new threats attempting to exploit these vulnerabilities.
McAfee Avert Labs maintains one of the top-ranked security threat and research organizations in the world, employing researchers in 16 countries around the globe. The Labs combine world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise. McAfee protects customers by providing deep analysis and core technologies that are developed through the combined efforts of its researchers. McAfee Avert Labs continually monitors the Internet for new threats and attack vectors on a daily basis. Whenever possible, we will update our security technologies and coverage as these new threats and vectors emerge.
About McAfee, Inc.
McAfee Inc., the leading dedicated security technology company, headquartered in Santa Clara, California, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security. http://www.mcafee.com/ .
FCMN Contact: email@example.com
Source: McAfee, Inc.
CONTACT: Erica Coleman McAfee, Inc. +1-408-346-5624 firstname.lastname@example.org
Mindy Whittington Red Consultancy +1-415-618-8811 email@example.com
Web site: http://www.mcafee.com/