 "McAfee Protects Against 17 New MS Vulnerabilities")
McAfee announced that it provides coverage for the 17 security vulnerabilities disclosed by Microsoft. These vulnerabilities have been reviewed by McAfee Avert Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee.
“Today’s Microsoft patches underline the need for users to be aware when opening files and the risk of surfing the Web unprotected,” said Craig Schmugar, threat researcher at McAfee Avert Labs. “Many of the vulnerabilities addressed by today’s fixes could be exploited if a Windows user simply opens a file or visits a malicious or compromised Web site, favorite attack methods among cybercriminals.”
Microsoft Vulnerabilities Overview
-- MS08-003 - Active Directory Vulnerability
-- MS08-004 - Windows TCP/IP Vulnerability
-- MS08-005 - Internet Information Services Vulnerability
-- MS08-006 - Internet Information Services Vulnerability
-- MS08-007 - WebDAV Mini-Redirector Vulnerability
-- MS08-008 - OLE Automation Vulnerability
-- MS08-009 - Microsoft Word Vulnerability
-- MS08-010 - Internet Explorer Vulnerabilitie
-- MS08-011 - Microsoft Works Vulnerabilitie
-- MS08-012 - Microsoft Publisher Vulnerabilitie
-- MS08-013 - Microsoft Word Vulnerability
The 11 security bulletins cover a total of 17 vulnerabilities. Six of the bulletins are rated critical by Microsoft due to their potential for remote code execution. The remaining five are deemed important, a notch lower on Microsoft’s severity scale.
With McAfee’s Security Risk Management approach, customers can address business priorities and security realities. McAfee Host IPS and McAfee Entercept protect users against attacks that may result from exploits targeted at the vulnerabilities in Microsoft Internet Information Services (MS08-005/MS08-006), OLE Automation, Word, Internet Explorer, Works, Publisher and Office. McAfee VirusScanEnterprise and McAfee Managed VirusScan with AntiSpyware protect users against code execution that may result from common classes of exploits targeted at the vulnerabilities in Microsoft Internet Information Services (MS08-005/MS08-006), OLE Automation, Word, Internet Explorer and Works.