McAfee Reacts as Microsoft Discloses New Windows VulnerabilitiesBest Security Tips offers daily news, information, advices and tips about spyware, adware, viruses, trojans, web vulnerabilities, hackers, other threats    | Register now | Login
   
TIPS NEWS TOOLS DOWNLOADS MALWARE FORUM BOOKS FREE MAGAZINES FREE WEBCASTS & VIDEOS
GFI LANguard Network Security Scanner - Dld 30-day trial! del.icio.us  digg  Furl  NewsVine  Spurl  Blinklist  Ma.gnolia  Reddit  Tailrank  YahooMyWeb 
Best Tips
Web Applications Attacks
Top 10 Current Security ...
How to Secure Wireless N...
How To Detect Identity T...
You Must Increase Intern...
Safety Tips for Fighting...
PHPSecInfo
5 Security Threats You M...
Zero Day Attacks and Pre...
Network and Other Device...
Security Scanner
Security Categories
 1. Adware/Spyware
 2. Antivirus
 3. Firewall
 4. Phishing
 5. Linux Security
 6. Windows Security
 7. Security Incidents
 8. Web Security
 9. P2P Security
Advertise With Us!
Latest Viruses / Threats
Bugtraq: [Advisory] Invision Power Board <= 2.3.5 Multiple Vulnerabilities and Security Bypass
2008/8/29 15:09:40
Bugtraq: [ MDVSA-2008:181 ] ipsec-tools
2008/8/29 15:09:40
Bugtraq: [Exploit] Invision Power Board <= 2.3.5 Multiple Vulnerabilities
2008/8/29 15:09:40
Do You Know Where Your Baby Is?
2008/8/29 12:58:00
Bugtraq: [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service
2008/8/29 10:43:26
Downloads
 0.Fx MPEG Suite
 1.Daniusoft Video to MP4 Converter
 2.iProtectYou
 3.Deep Ball Defender
 4.Amazing Parrots Screensaver
 5.FlashCam Rebroadcasting server
 6.MysqlDataBackupTool
 7.Photo-Paint 9 script converter
 8.Fast PDF converter
 9.Apex iPod Video Converter Home Edition
RSS / Atom Feeds
Windows Security : McAfee Reacts as Microsoft Discloses New Windows Vulnerabilities
Posted by Max on 2006/10/11 9:33:38 (958 reads)
Windows Security

McAfee provides coverage for the new 25 Microsoft Windows security vulnerabilities disclosed by Microsoft. These vulnerabilities have been reviewed by McAfee Avert Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee. This includes deploying solutions to ensure protection against the vulnerabilities outlined in this advisory.


Microsoft Vulnerability Overview:
- MS06-056 - Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure
- MS06-057 - Vulnerability in Windows Shell Could Allow Remote Code Execution
- MS06-058 - Vulnerabilities in Microsoft PowerPoint Could Lead to Remote Code Execution
- MS06-059 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
- MS06-060 - Vulnerability in Microsoft Word Could Allow Remote Code Execution
- MS06-061 - Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution
- MS06-062 - Vulnerabilities in Microsoft Office Could Lead to Remote Code Execution
- MS06-063 - Vulnerability in Server Service Could Result in Denial of Service
- MS06-064 - Vulnerability in TCP-IP IPv6 Could Result in Denial of Service
- MS06-065 - Vulnerability in Windows Object Packager Could Allow Remote Execution

The ten security bulletins cover a total of twenty five Windows vulnerabilities and one Mac vulnerability. Among the vulnerabilities, fifteen are rated critical by Microsoft due to their potential for remote code execution. The MS06-057 vulnerability in Windows Shell has a rating of critical and has been exploited in so-called "drive by installs" and "drive by downloads" attacks through Internet Explorer. In addition the vulnerabilities in Word and PowerPoint have been used in targeted attacks.



With McAfee's Security Risk Management approach, customers can effectively address business priorities and security realities. McAfee's award-winning solutions identify and block known and unknown attacks before they can cause damage. McAfee will continue to update its coverage as needed as new exploit vectors are discovered and as new threats emerge. Out of the box, Host IPS protects against many buffer overflow exploits. McAfee Host IPS v6.0 and McAfee Entercept protect users against code execution that may result from common classes of exploits targeted at the buffer overflow/overrun vulnerabilities in Microsoft PowerPoint, XML Core Services, Microsoft Excel, Microsoft Word, Windows Shell, and Microsoft Office. This "out of the box" protection is provided without the need for security content updates for either product. The McAfee Vulnerability Shield package for McAfee Host IPS v6.0 customers provides specific protection against common classes of exploits targeted at the vulnerabilities in the Microsoft Word and Windows Shell. The Vulnerability Shield package is deployed through McAfee ePolicy Orchestrator to agents, protecting systems without a reboot.

McAfee VirusScan Enterprise 8.0i and McAfee Managed VirusScan with AntiSpyware protect users against code execution that may result from common classes of exploits targeted at the buffer overflow/overrun vulnerabilities in Microsoft PowerPoint, XML Core Services, Microsoft Excel, and Microsoft Office. McAfee IntruShield provides coverage for ASP.NET 2.0, Microsoft PowerPoint, Microsoft Excel, Microsoft Word, Windows Shell, Microsoft Office and Server Service vulnerabilities through the released signature sets. Coverage was provided in previous signature sets for Microsoft Excel, Microsoft Word, Microsoft PowerPoint, Windows Shell, and Server Service vulnerabilities. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks. The McAfee System Compliance Profiler is being updated for the newly disclosed vulnerabilities to quickly assess compliance levels of the announced security patches.

The McAfee Foundstone and McAfee Policy Enforcer checks are being created to detect the "fresh" vulnerabilities, and will be available in the packages released today and tomorrow, respectively. These checks are expected to accurately identify if a system is vulnerable in many enterprise environments.



Other articles
2008/8/21 15:52:01 - BitRoll and Torrent101 Used to Distribute the Lop Adware
2008/8/20 15:06:33 - FRAUDFacts Helps You Fight Identity Theft and Fraud for Life
2008/8/13 16:42:03 - 10 Million Zombies Are Spreading Spam and Malware Every Day
2008/8/11 9:03:35 - Nearly $8.5 Billion Lost by US Consumers because of Online Threats
2008/8/8 6:35:36 - EDS' Eight Tips for Consumers to Protect Themselves from Identity Theft

The comments are owned by the poster. We aren't responsible for their content.



 

HOME | NEWS | SECURITY BLOG | TOOLS | DOWNLOADS | SECURITY BOOKS | TIPS | SITEMAP | TERMS AND CONDITIONS | INTERNET SECURITY SEARCH ENGINE | ADVERTISE ON THIS SITE | CONTACT
Nov '07 | Dec '07 | Jan '08 | Feb '08 | Mar '08 | Apr '08 | May '08 | Jun '08 
Best Security Downloads offers 4000+ free and free to try security downloads