Vulnerability Advisory: McAfee, Inc. Solutions Protect Against Newly Disclosed Microsoft Windows Vulnerabilities


McAfee Intrusion Prevention and Security Risk Management Solutions Provide Protection to Identify and Block Potential New Attacks

SANTA CLARA, Calif., March 14 -- McAfee, Inc. (NYSE:MFE), the leading dedicated security technology company, has announced that it provides coverage for the seven security vulnerabilities disclosed by Microsoft Corporation today. These vulnerabilities have been reviewed by McAfee® AVERT® Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee, Inc. This includes deploying solutions to ensure protection against the exploits outlined in this advisory.

"Based on the MS06-012 vulnerabilities announced today, McAfee believes that an exploit targeting these vulnerabilities could surface as early as this week. Additionally, exploits targeting MS06-011 are already present that allow authenticated users to escalate their privileges remotely on affected systems," said Monty Ijzerman, manager of security content for McAfee AVERT Labs. "Customers using McAfee products can identify and block potential exploits before they cause damage."

Microsoft Vulnerability Overview:

MS06-011 -- Permissive Windows Services DACLs Could Allow Elevation of Privilege

MS06-012 -- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

Scope of Potential Compromise

Today's bulletins cover a total of seven vulnerabilities-one vulnerability affecting Microsoft Windows Services and six vulnerabilities affecting Microsoft Office. If a user is logged on to vulnerable versions of Office with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An attacker who successfully exploited the Windows Services vulnerability would be able to elevate their privileges and could take complete control of an affected system. In both cases, the attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

More information on the vulnerabilities can be found at vil.nai.com/vil/newly-discovered-viruses.asp and www.microsoft.com/technet/security/current.aspx .

McAfee Solutions

With McAfee's Security Risk Management approach, customers can effectively address business priorities and security realities. McAfee's award-winning solutions identify and block known and unknown attacks before they can cause damage.

By default, McAfee Host IPS v6.0 and McAfee Entercept® protect users against code execution that may result from exploitation of the buffer overflow/overrun vulnerabilities in Microsoft Word, Microsoft Outlook, Microsoft PowerPoint and Microsoft Excel reported in MS06-012. This "out of the box" protection is provided with no need for security content updates for either product.

Today McAfee will release the first Vulnerability Shield package for McAfee Host IPS v6.0 customers providing specific protection against the vulnerability reported in MS06-011. This package will protect against non buffer overflow vulnerabilities and reduce the possibility of a denial-of- service as a result of buffer overflow attacks. The Vulnerability Shield package is deployed through McAfee ePolicy Orchestrator to agents, protecting systems without a reboot.

McAfee VirusScan® Enterprise 8.0i and McAfee Managed VirusScan with AntiSpyware protect against attacks targeting the buffer overflow/overrun vulnerabilities in Microsoft Word, Microsoft Outlook, Microsoft PowerPoint and Microsoft Excel reported in MS06-012.

McAfee IntruShield® will add protection against the vulnerability reported in MS06-11 and certain vulnerabilities reported in MS06-012. The updated signatures are included in signature sets 3.1.9, 2.1.36, 1.9.53, and 1.8.70, and will be available for download today. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.

McAfee Foundstone® checks have been created that will detect all of these vulnerabilities, and will be available in the package released today.

The McAfee System Compliance Profiler, a component of McAfee ePolicy Orchestrator®, is being updated for MS06-012 to quickly assess compliance levels of the Microsoft Office security patches announced today.

As new exploits are discovered, McAfee will add detection and removal capabilities to DATs. McAfee users can refer to vil.nai.com/vil/newlydiscovered-viruses.asp for information regarding any new threats attempting to exploit these vulnerabilities.

McAfee AVERT Labs maintains one of the top-ranked security threat and research organizations in the world, employing researchers in 13 countries on five continents. The Labs combine world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise from the McAfee IntruShield, McAfee Entercept and McAfee Foundstone teams. McAfee protects customers by providing deep analysis and core technologies that are developed through the combined efforts of its researchers.

About McAfee, Inc.

McAfee, Inc., headquartered in Santa Clara, California and the leading dedicated security technology company, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security. www.mcafee.com

Source: McAfee, Inc.

CONTACT: Tracy Ross of McAfee, Inc., +1-408-346-5965, or
Tracy_ross@mcafee.com; or Michael Azzano of Red Consultancy, +1-415-596-1978,
or michael.azzano@redconsultancy.com, for McAfee, Inc.

Web site: www.mcafee.com/

All Topics