Vulnerability Advisory: McAfee, Inc. Solutions Protect Against Twenty One Newly Disclosed Microsoft Windows Vulnerabilities
McAfee Intrusion Prevention and Security Risk Management Solutions Provide Protection to Identify and Block Potential New Attacks
SANTA CLARA, Calif., June 13 / - McAfee, Inc. (NYSE:MFE), the global leader in Intrusion Prevention and Security Risk Management, today announced that it provides coverage for the 21 security vulnerabilities disclosed by Microsoft Corporation today. These vulnerabilities have been reviewed by McAfee® Avert® Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee. This includes deploying solutions to ensure protection against the vulnerabilities outlined in this advisory.
"Today we are seeing a high number of vulnerabilities announced by Microsoft, many of which are rated critical," said Monty Ijzerman, senior manager of the Global Threat Group for McAfee Avert Labs. "In the first half of 2006, Microsoft patched 70 percent more critical vulnerabilities compared to the same period last year. The vulnerabilities in Microsoft Exchange and in the Routing and Remote Access Service released today could be exploited to create worms."
Microsoft Vulnerability Overview:
o MS06-021 - Cumulative Security Update for Internet Explorer
o MS06-022 - Vulnerability in ART Image Rendering Could Allow Remote Code
Execution
o MS06-023 - Vulnerability in Microsoft JScript Could Allow Remote Code
o MS06-024 - Vulnerability in Windows Media Player Could Allow Remote Code
Execution
o MS06-025 - Vulnerability in Routing and Remote Access Could Allow Remote
Code Execution
o MS06-026 - Vulnerability in Graphics Rendering Engine Could Allow Remote
Code Execution
o MS06-027 - Vulnerability in Microsoft Word Could Allow Remote Code
Execution
o MS06-028 - Vulnerability in Microsoft PowerPoint Could Allow Remote Code
Execution
o MS06-029 - Vulnerability in Microsoft Exchange Server Running Outlook
Web Access Could Allow Script Injection
o MS06-030 - Vulnerability in Server Message Block Could Allow Elevation
of Privilege
o MS06-031 - Vulnerability in RPC Mutual Authentication Could Allow
Spoofing
o MS06-032 - Vulnerability in TCP/IP Could Allow Remote Code Execution
Scope of Potential Compromise
Today's bulletins cover a total of twenty one vulnerabilities - twelve of which are rated critical or important and eight pertaining to Microsoft Internet Explorer. Three of the vulnerabilities are worm candidates. The MS06-025 vulnerabilities affecting Routing and Remote Access can be exploited on Windows 2000 and Windows XP Service Pack 1 without authentication, resulting in an anonymous remote user sending malicious traffic. The other vulnerability, MS06-029, affecting client systems using Microsoft Exchange Servers running Outlook Web Access, could result in a mass mailing worm.
More information on the vulnerabilities can be found at www.mcafee.com/us/threat_center/default.asp and http://www.microsoft.com/technet/security/current.aspx.
McAfee Solutions
With McAfee's Security Risk Management approach, customers can effectively address business priorities and security realities. McAfee's award-winning solutions identify and block known and unknown attacks before they can cause damage.
By default, McAfee Host IPS v6.0 and McAfee Entercept® protect users against code execution that may result from exploitation of the buffer overflow/overrun vulnerabilities in Microsoft Internet Explorer, ART, JScript, Windows Media Player, Routing and Remote Access Service, and PowerPoint. This "out of the box" protection is provided without the need for security content updates for either product.
The McAfee Vulnerability Shield package for McAfee Host IPS v6.0 customers provides specific protection against attacks that exploit the Microsoft Word vulnerability, and some of the Internet Explorer vulnerabilities. This package will provide coverage for non-buffer overflow vulnerabilities and reduce the possibility of a denial-of-service as a result of buffer overflow attacks. The Vulnerability Shield package is deployed through McAfee ePolicy Orchestrator® to agents, protecting systems without a reboot.
McAfee VirusScan® Enterprise 8.0i and McAfee Managed VirusScan with AntiSpyware protect against attacks targeting the buffer overflow vulnerabilities in Microsoft Internet Explorer, ART, JScript, Windows Media Player, Routing and Remote Access Service, and PowerPoint.
McAfee IntruShield® provides coverage for the Microsoft Internet Explorer and JScript vulnerabilities through signature set 3.1.15. The updated coverage for Microsoft Windows Media Player, Routing and Remote Access Service, Graphics Device Interface, Word and PowerPoint vulnerabilities is included in signature sets 1.8.76, 1.9.59, 2.1.42, 3.1.15. Coverage for the TCP/IP Protocol driver vulnerability is included in signature sets 2.1.42, 3.1.15. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.
The McAfee System Compliance Profiler, a component of McAfee ePolicy Orchestrator, is being updated for the Microsoft Internet Explorer, ART, JScript, Windows Media Player, Routing and Remote Access Service, Word, PowerPoint, Outlook Web Access, Server Message Block, and Transmission Control Protocol vulnerabilities to quickly assess compliance levels of the security patches announced today.
The McAfee Foundstone® and McAfee Policy Enforcer checks are being created to detect the vulnerabilities announced today, and will be available in the packages released today and tomorrow, respectively.
Avert DAT files have already been released to detect known vulnerabilities and new detection will be added as new exploits are discovered. McAfee users can refer to www.mcafee.com/us/threat_center/default.asp for information regarding any new threats attempting to exploit these vulnerabilities.
McAfee Avert Labs maintains one of the top-ranked security threat and research organizations in the world, employing researchers in 13 countries on five continents. The Labs combine world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise from the McAfee IntruShield, McAfee Entercept and McAfee Foundstone teams. McAfee protects customers by providing deep analysis and core technologies that are developed through the combined efforts of its researchers.
About McAfee, Inc.
McAfee Inc., headquartered in Santa Clara, California and the global leader in Intrusion Prevention and Security Risk Management, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security. http://www.mcafee.com/
NOTE: McAfee, Avert, IntruShield, Entercept, Foundstone, ePolicy Orchestrator, VirusScan are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United States and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
Source: McAfee, Inc.
CONTACT: Erica Coleman of McAfee, Inc., +1-408-346-5624, or erica_coleman@mcafee.com; or Andrew Miller of Red Consultancy, +1-415-618-8811, or andrew.miller@redconsultancy.com
Web site: http://www.mcafee.com/
