McAfee Intrusion Prevention and Security Risk Management Solutions Provide
Protection to Identify and Block Potential New Attacks
SANTA CLARA, Calif., Feb. 12 /PRNewswire-FirstCall/ -- McAfee, Inc.
(NYSE: MFE), announced that it provides coverage for the 17 security
vulnerabilities disclosed by Microsoft Corp. today. These vulnerabilities
have been reviewed by McAfee(R) Avert(R) Labs, and based on their findings,
McAfee recommends that users confirm the Microsoft product versioning
outlined in the bulletins and update as recommended by Microsoft and
McAfee. This includes deploying solutions to ensure protection against the
vulnerabilities outlined in this advisory.
"Today's Microsoft patches underline the need for users to be aware
when opening files and the risk of surfing the Web unprotected," said Craig
Schmugar, threat researcher at McAfee Avert Labs. "Many of the
vulnerabilities addressed by today's fixes could be exploited if a Windows
user simply opens a file or visits a malicious or compromised Web site,
favorite attack methods among cybercriminals."
Microsoft Vulnerabilities Overview:
-- MS08-003 - Active Directory Vulnerability
-- MS08-004 - Windows TCP/IP Vulnerability
-- MS08-005 - Internet Information Services Vulnerability
-- MS08-006 - Internet Information Services Vulnerability
-- MS08-007 - WebDAV Mini-Redirector Vulnerability
-- MS08-008 - OLE Automation Vulnerability
-- MS08-009 - Microsoft Word Vulnerability
-- MS08-010 - Internet Explorer Vulnerabilities
-- MS08-011 - Microsoft Works Vulnerabilities
-- MS08-012 - Microsoft Publisher Vulnerabilities
-- MS08-013 - Microsoft Word Vulnerability
Scope of Potential Compromise
Today's 11 security bulletins cover a total of 17 vulnerabilities. Six
of the bulletins are rated critical by Microsoft due to their potential for
remote code execution. The remaining five are deemed important, a notch
lower on Microsoft's severity scale.
For additional information on today's vulnerabilities, including the
McAfee Avert Labs Patch Tuesday webinar, as well as information on current
threats, visit McAfee's Threat Center. McAfee recommends users sign up to
receive the McAfee Avert Labs Security Advisory, describing detailed McAfee
product coverage on the set of vulnerabilities described in this document,
as well as McAfee product coverage for other threats. To sign-up visit:
http://www.mcafee.com/us/threat_center/securityadvisory/signup.aspx. More
information on the vulnerabilities can also be found at:
http://www.microsoft.com/technet/security/current.aspx.
McAfee Solutions
With McAfee's Security Risk Management approach, customers can
effectively address business priorities and security realities. McAfee's
award-winning solutions identify and block known and unknown attacks before
they can cause damage. McAfee will continue to update its coverage as new
exploit vectors are discovered and new threats emerge.
Out of the box, Host IPS protects against many code execution exploits.
McAfee Host IPS(R) and McAfee Entercept(R) protect users against attacks
that may result from exploits targeted at the vulnerabilities in Microsoft
Internet Information Services (MS08-005/MS08-006), OLE Automation, Word,
Internet Explorer, Works, Publisher and Office. This "out of the box"
protection is provided without the need for security content updates for
either product.
McAfee VirusScan(R) Enterprise and McAfee Managed VirusScan with
AntiSpyware protect users against code execution that may result from
common classes of exploits targeted at the vulnerabilities in Microsoft
Internet Information Services (MS08-005/MS08-006), OLE Automation, Word,
Internet Explorer and Works.
McAfee IntruShield(R) provides coverage for Microsoft Active Directory,
Windows TCP/IP, WebDAV Mini-Redirector, OLE Automation, Word, Internet
Explorer, Works, and Publisher vulnerabilities through signature sets
released today. McAfee IntruShield sensors deployed in in-line mode can be
configured with a response action to drop such packets for preventing these
attacks.
The McAfee Foundstone(R) and McAfee Network Access Control checks are
being created to detect the vulnerabilities announced today, and will be
available in the packages released today and the day after tomorrow,
respectively. These checks are expected to accurately identify if a system
is vulnerable in many enterprise environments.
McAfee Policy Auditor compliance checks and McAfee Remediation Manager
remediations are being created to identify unpatched systems and apply the
necessary patches to affected systems for all of the vulnerabilities
addressed by today's Microsoft patches. Updates will be available in the
next V-Flash package.
Avert DAT files have already been released to detect known exploits and
new detection will be added as new exploits are discovered. DAT files are
used by McAfee GroupShield(R), PortalShield(TM), Secure Internet Gateway
appliances, Secure Messaging Gateway appliances, Secure Web Gateway
appliances, Total Protection suites, VirusScan Enterprise, VirusScan
Command Line, VirusScan Online and other McAfee scanners. McAfee users can
refer to http://www.mcafee.com/us/threat_center/default.asp for information
regarding any new threats attempting to exploit these vulnerabilities.
McAfee Avert Labs maintains one of the top-ranked security threat and
research organizations in the world, employing researchers in 16 countries
around the globe. The Labs combine world-class malicious code and
anti-virus research with intrusion prevention and vulnerability research
expertise. McAfee protects customers by providing deep analysis and core
technologies that are developed through the combined efforts of its
researchers. McAfee Avert Labs continually monitors the Internet for new
threats and attack vectors on a daily basis. Whenever possible, we will
update our security technologies and coverage as these new threats and
vectors emerge.
About McAfee, Inc.
McAfee, Inc., the leading dedicated security technology company,
headquartered in Santa Clara, California, delivers proactive and proven
solutions and services that secure systems and networks around the world.
With its unmatched security expertise and commitment to innovation, McAfee
empowers home users, businesses, the public sector, and service providers
with the ability to block attacks, prevent disruptions, and continuously
track and improve their security. http://www.mcafee.com.
NOTE: McAfee, Avert, IntruShield, Entercept, Foundstone, ePolicy
Orchestrator, VirusScan, GroupShield, and PortalShield are registered
trademarks or trademarks of McAfee, Inc. and/or its affiliates in the
United States and/or other countries. McAfee Red in connection with
security is distinctive of McAfee brand products. All other registered and
unregistered trademarks herein are the sole property of their respective
owners. (C) 2008 McAfee, Inc. All Rights Reserved.
|
