McAfee Security for Windows Vulnerabilities

by CXOtoday Staff    May 11, 2007

McAfee now provides coverage for the 19 security vulnerabilities disclosed by Microsoft. McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee.

Dave Marcus, security research and communications manager of McAfee Avert Labs said, “Of particular concern is the large number of Microsoft Office, Word, Excel and Internet Explorer vulnerabilities being patched today. These applications are most frequently targeted by malware writers, so we recommend that all customers evaluate their security coverage and policies to insure they have adequate protection in place.”

Microsoft Vulnerabilities Overview:
ExecutionMS07-023 - Vulnerabilities in Microsoft Excel Could Allow Remote Code
ExecutionMS07-024 - Vulnerabilities in Microsoft Word Could Allow Remote Code
ExecutionMS07-025 - Vulnerability in Microsoft Office Could Allow Remote Code
ExecutionMS07-026 - Vulnerabilities in Microsoft Exchange Could Allow Remote Code
ExecutionMS07-027 - Cumulative Security Update for Internet Explorer
ExecutionMS07-028 - Vulnerability in CAPICOM Could Allow Remote Code
ExecutionMS07-029 - Vulnerability in Windows DNS RPC Interface Could Allow Remote Code

Today’s seven security bulletins cover a total of 19 vulnerabilities. Among the vulnerabilities, 15 are rated critical due to their potential for remote code execution, while the remaining 4 have been rated important.

McAfee will continue to update its coverage as and when new exploit vectors are discovered and new threats emerge.

Out of the box, Host IPS protects against many buffer overflow exploits. McAfee Host IPS v6.0 and McAfee Entercept protects users against code execution that may result from common classes of exploits targeted at the buffer overflow/overrun vulnerabilities in Microsoft Excel, Word, Office, Explorer, CAPICOM and DNS RPC.

McAfee VirusScan Enterprise 8.0i and McAfee Managed VirusScan with AntiSpyware protect users against code execution that may result from common classes of exploits targeted at the buffer overflow/overrun vulnerabilities in Microsoft Excel, Word, Office, Internet Explorer and CAPICOM.

McAfee IntruShield provides coverage for Microsoft Excel, Word, Office, Exchange, Internet Explorer and CAPICOM vulnerabilities through signature sets.

The McAfee System Compliance Profiler, a component of McAfee ePolicy Orchestrator, is being updated for today’s newly disclosed vulnerabilities in Microsoft Excel, Word, Office, Exchange, Internet Explorer, CAPICOM and Windows DNS RPC to quickly assess compliance levels of the security patches announced today.

The McAfee Foundstone and McAfee Policy Enforcer checks are being created to detect the vulnerabilities, and will be available in the packages released.

McAfee Policy Auditor compliance checks and McAfee Remediation Manager are being created to identify unpatched systems and apply the necessary patches to affected systems for the vulnerabilities. Updates will be available in the next V-Flash package.

DAT files are used by McAfee GroupShield, PortalShield, Secure Internet Gateway appliances, Secure Messaging Gateway appliances, Secure Web Gateway appliances, Total Protection suites, VirusScan Enterprise, VirusScan Command Line, VirusScan Online and other McAfee scanners.