McAfee Intrusion Prevention and Security Risk Management Solutions Provide
Protection to Identify and Block Potential New Attacks
SANTA CLARA, Calif., Dec. 11 /PRNewswire-FirstCall/ -- McAfee, Inc.
(NYSE: MFE) today announced that it provides coverage for the 11 security
vulnerabilities disclosed by Microsoft Corporation today. These
vulnerabilities have been reviewed by McAfee(R) Avert(R) Labs, and based on
their findings, McAfee recommends that users confirm the Microsoft product
versioning outlined in the bulletins and update as recommended by Microsoft
and McAfee. This includes deploying solutions to ensure protection against
the vulnerabilities outlined in this advisory.
"Today's Microsoft patches emphasize the need for proactive browser
protection and the risk of surfing the Web unprotected," said Dave Marcus,
security research and communications manager, McAfee Avert Labs. "The
vulnerability in the Windows Media File Format is another warning that
media files are potentially unsafe and people should use caution when
opening or playing media files."
Microsoft Vulnerabilities Overview:
* MS07-063 - Vulnerability in SMBv2 Could Allow Remote Code Execution
* MS07-064 - Vulnerabilities in DirectX Could Allow Remote Code Execution
* MS07-065 - Vulnerability in Message Queuing Could Allow Remote Code
Execution
* MS07-066 - Vulnerability in Windows Kernel Could Allow Elevation of
Privilege
* MS07-067 - Vulnerability in Macrovision Driver Could Allow Local
Elevation of Privilege
* MS07-068 - Vulnerability in Windows Media File Format Could Allow Remote
Code Execution
* MS07-069 - Cumulative Security Update for Internet Explorer
Scope of Potential Compromise
Today's seven security bulletins cover a total of 11 vulnerabilities.
Three of the bulletins are rated critical by Microsoft due to their
potential for remote code execution. The remaining four bulletins are
deemed important, a notch lower on Microsoft's severity scale.
For additional information on today's vulnerabilities, including the
McAfee Avert Labs Patch Tuesday webinar, as well as information on current
threats, visit McAfee's Threat Center at
http://www.mcafee.com/us/threat_center/default.asp. McAfee recommends users
sign up to receive the McAfee Avert Labs Security Advisory, describing
detailed McAfee product coverage on the set of vulnerabilities described in
this document, as well as McAfee product coverage for other threats. To
sign- up visit:
http://www.mcafee.com/us/threat_center/securityadvisory/signup.aspx. More
information on the vulnerabilities can also be found at
http://www.microsoft.com/technet/security/current.aspx
McAfee Solutions
With McAfee's Security Risk Management approach, customers can
effectively address business priorities and security realities. McAfee's
award-winning solutions identify and block known and unknown attacks before
they can cause damage. McAfee will continue to update its coverage as
needed as new exploit vectors are discovered and as new threats emerge.
Out of the box, Host IPS protects against many buffer overflow
exploits. McAfee Host IPS and McAfee Entercept(R) protect users against
code execution that may result from common classes of exploits targeted at
the buffer overflow/overrun vulnerabilities in Microsoft DirectX, Message
Queuing, Windows Media File Format and Internet Explorer. This "out of the
box" protection is provided without the need for security content updates
for either product.
The McAfee Vulnerability Shield package for McAfee Host IPS customers
provides specific protection against common classes of exploits targeted at
the vulnerabilities in Message Queuing. The Vulnerability Shield package is
deployed through McAfee ePolicy Orchestrator(R) to agents, protecting
systems without a reboot.
McAfee VirusScan(R) Enterprise and McAfee Managed VirusScan with
AntiSpyware protects users against code execution that may result from
common classes of exploits targeted at the buffer overflow/overrun
vulnerabilities in Microsoft DirectX, Windows Media File Format and
Internet Explorer.
McAfee IntruShield(R) provides coverage for Microsoft Direct X, Message
Queuing, Windows Media File Format and Internet Explorer vulnerabilities
through signature sets released today. McAfee IntruShield sensors deployed
in in-line mode can be configured with a response action to drop such
packets for preventing these attacks.
The McAfee System Compliance Profiler, a component of McAfee ePolicy
Orchestrator, is being updated for today's newly disclosed vulnerabilities
in Microsoft SMBv2, DirectX, Message Queuing, Windows Kernel, Macrovision
Driver, Windows Media File Format and Internet Explorer to quickly assess
compliance levels of the security patches announced today.
The McAfee Foundstone(R) and McAfee Network Access Control (previously
known as McAfee Policy Enforcer) checks are being created to detect the
vulnerabilities announced today, and will be available in the packages
released today and the day after tomorrow, respectively. These checks are
expected to accurately identify if a system is vulnerable in many
enterprise environments.
McAfee Policy Auditor compliance checks and McAfee Remediation Manager
remediations are being created to identify unpatched systems and apply the
necessary patches to affected systems for the vulnerabilities in Microsoft
SMBv2, DirectX, Message Queuing, Windows Kernel, Macrovision Driver,
Windows Media File Format and Internet Explorer. Updates will be available
in the next V-Flash package.
Avert DAT files have already been released to detect known exploits and
new detection will be added as new exploits are discovered. DAT files are
used by McAfee GroupShield(R), PortalShield(TM), Secure Internet Gateway
appliances, Secure Messaging Gateway appliances, Secure Web Gateway
appliances, Total Protection suites, VirusScan Enterprise, VirusScan
Command Line, VirusScan Online and other McAfee scanners. McAfee users can
refer to http://www.mcafee.com/us/threat_center/default.asp for information
regarding any new threats attempting to exploit these vulnerabilities.
McAfee Avert Labs maintains one of the top-ranked security threat and
research organizations in the world, employing researchers around the
globe. The Labs combine world-class malicious code and anti-virus research
with intrusion prevention and vulnerability research expertise. McAfee
protects customers by providing deep analysis and core technologies that
are developed through the combined efforts of its researchers. McAfee Avert
Labs continually monitors the Internet for new threats and attack vectors
on a daily basis. Whenever possible, we will update our security
technologies and coverage as these new threats and vectors emerge.
About McAfee, Inc.
McAfee, Inc., the leading dedicated security technology company,
headquartered in Santa Clara, California, delivers proactive and proven
solutions and services that secure systems and networks around the world.
With its unmatched security expertise and commitment to innovation, McAfee
empowers home users, businesses, the public sector, and service providers
with the ability to block attacks, prevent disruptions, and continuously
track and improve their security. http://www.mcafee.com.
NOTE: McAfee, Avert, IntruShield, Entercept, Foundstone, ePolicy
Orchestrator, VirusScan, GroupShield, and PortalShield are registered
trademarks or trademarks of McAfee, Inc. and/or its affiliates in the
United States and/or other countries. McAfee Red in connection with
security is distinctive of McAfee brand products. All other registered and
unregistered trademarks herein are the sole property of their respective
owners. (C) 2007 McAfee, Inc. All Rights Reserved.
SOURCE McAfee, Inc.
 back to top
Related links:
http://www.mcafee.com
CONTACT:
Joris Evers of McAfee, Inc., +1-408-346-3310,
joris_evers@mcafee.com; or Diana Williams of Red Consultancy,
+1-415-618-8812, diana.williams@redconsultancy.com, for McAfee,
Inc.
|
