Vulnerability Advisory: McAfee, Inc. Solutions Protect Against Three Newly
Disclosed Microsoft Vulnerabilities
McAfee Intrusion Prevention and Security Risk Management Solutions Provide
Protection to Identify and Block Potential New Attacks
SANTA CLARA, Calif., Jan. 8 /PRNewswire-FirstCall/ -- McAfee, Inc.
(NYSE: MFE) today announced that it provides coverage for the three security
vulnerabilities disclosed by Microsoft Corporation. These vulnerabilities have
been reviewed by McAfee(R) Avert(R) Labs, and based on their findings, McAfee
recommends that users confirm the Microsoft product versioning outlined in the
bulletins and update as recommended by Microsoft and McAfee. This includes
deploying solutions to ensure protection against the vulnerabilities outlined
in this advisory.
"Microsoft is kicking off 2008 with a pair of serious security bulletins,"
said Dave Marcus, security research and communications manager at McAfee Avert
Labs. "The vulnerability in Windows TCP/IP in particular should be taken
seriously as it could allow a remote attacker to compromise a Windows system
without any user interaction."
Microsoft Vulnerabilities Overview:
-- MS08-001 - Vulnerabilities in Windows TCP/IP Could Allow Remote Code
Execution
-- MS08-002 - Vulnerability in LSASS Could Allow Local Elevation of
Privilege
Scope of Potential Compromise
Today's two security bulletins cover a total of three vulnerabilities. One
of the bulletins is rated critical by Microsoft due to the potential for
remote code execution. The second bulletin is deemed important, a notch lower
on Microsoft's severity scale.
For additional information on today's vulnerabilities, including the
McAfee Avert Labs Patch Tuesday webinar, as well as information on current
threats, visit McAfee's Threat Center at
http://www.mcafee.com/us/threat_center/default.asp. McAfee recommends users
sign up to receive the McAfee Avert Labs Security Advisory, describing
detailed McAfee product coverage on the set of vulnerabilities described in
this document, as well as McAfee product coverage for other threats. To
sign-up visit:
http://www.mcafee.com/us/threat_center/securityadvisory/signup.aspx. More
information on the vulnerabilities can also be found at
http://www.microsoft.com/technet/security/current.aspx.
McAfee Solutions
With McAfee's Security Risk Management approach, customers can effectively
address business priorities and security realities. McAfee's award-winning
solutions identify and block known and unknown attacks before they can cause
damage. McAfee will continue to update its coverage as needed as new exploit
vectors are discovered and as new threats emerge.
Out of the box, Host IPS protects against many code execution exploits.
McAfee Host IPS and McAfee Entercept(R) protect users against code execution
that may result from common classes of exploits targeted at the vulnerability
in Microsoft LSASS. This "out of the box" protection is provided without the
need for security content updates for either product.
McAfee VirusScan(R) Enterprise and McAfee Managed VirusScan with
AntiSpyware protects users against code execution that may result from common
classes of exploits targeted at the vulnerability Microsoft LSASS.
McAfee IntruShield(R) provides coverage for Microsoft Windows TCP/IP
vulnerabilities through signature sets released today. McAfee IntruShield
sensors deployed in in-line mode can be configured with a response action to
drop such packets for preventing these attacks.
The McAfee System Compliance Profiler, a component of McAfee ePolicy
Orchestrator, is being updated for today's newly disclosed vulnerabilities in
Microsoft TCP/IP and LSASS to quickly assess compliance levels of the security
patches announced today.
The McAfee Foundstone(R) and McAfee Network Access Control (previously
known as McAfee Policy Enforcer) checks are being created to detect the
vulnerabilities announced today, and will be available in the packages
released today and the day after tomorrow, respectively. These checks are
expected to accurately identify if a system is vulnerable in many enterprise
environments.
McAfee Policy Auditor compliance checks and McAfee Remediation Manager
remediations are being created to identify unpatched systems and apply the
necessary patches to affected systems for the vulnerabilities in Microsoft
Windows TCP/IP and LSASS. Updates will be available in the next V-Flash
package.
Avert DAT files will be updated as new exploits are discovered. DAT files
are used by McAfee GroupShield(R), PortalShield(TM), Secure Internet Gateway
appliances, Secure Messaging Gateway appliances, Secure Web Gateway
appliances, Total Protection suites, VirusScan Enterprise, VirusScan Command
Line, VirusScan Online and other McAfee scanners. McAfee users can refer to
http://www.mcafee.com/us/threat_center/default.asp for information regarding
any new threats attempting to exploit these vulnerabilities.
McAfee Avert Labs maintains one of the top-ranked security threat and
research organizations in the world, employing researchers around the globe.
The Labs combine world-class malicious code and anti-virus research with
intrusion prevention and vulnerability research expertise. McAfee protects
customers by providing deep analysis and core technologies that are developed
through the combined efforts of its researchers. McAfee Avert Labs continually
monitors the Internet for new threats and attack vectors on a daily basis.
Whenever possible, we will update our security technologies and coverage as
these new threats and vectors emerge.
About McAfee, Inc.
McAfee Inc., the leading dedicated security technology company,
headquartered in Santa Clara, California, delivers proactive and proven
solutions and services that secure systems and networks around the world. With
its unmatched security expertise and commitment to innovation, McAfee empowers
home users, businesses, the public sector, and service providers with the
ability to block attacks, prevent disruptions, and continuously track and
improve their security. http://www.mcafee.com.
NOTE: McAfee, Avert, IntruShield, Entercept, Foundstone, ePolicy
Orchestrator, VirusScan, GroupShield, and PortalShield are registered
trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United
States and/or other countries. McAfee Red in connection with security is
distinctive of McAfee brand products. All other registered and unregistered
trademarks herein are the sole property of their respective owners. (C) 2008
McAfee, Inc. All Rights Reserved.
SOURCE McAfee, Inc.
Joris Evers of McAfee, Inc., +1-408-346-3310, joris_evers@mcafee.com; or Diana
Williams of Red Consultancy, +1-415-618-8812,
diana.williams@redconsultancy.com, for McAfee, Inc.
