McAfee, Inc., the leader in Intrusion Prevention and Security Risk Management, announced that it provides protection for the fourteen security vulnerabilities announced by Microsoft Corporation today. These vulnerabilities have been reviewed by McAfee AVERT (Anti-virus and Vulnerability Emergency Response Team) security research teams at McAfee, Inc., and based on its findings, McAfee AVERT recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee, Inc. This includes deploying solutions to ensure protection against the exploits outlined in this advisory.

Microsoft Vulnerability Overview:

  • MS05-044 — Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)
  • MS05-045 — Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)
  • MS05-046 — Vulnerability in the Client Services for Netware Could Allow Remote Code Execution (899589)
  • MS05-047 — Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749)
  • MS05-048 — Vulnerability in the Microsoft Collaboration Objects Could Allow Remote Code Execution (907245)
  • MS05-049 — Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)
  • MS05-050 — Vulnerability in DirectShow Could Allow Remote Code Execution (904706)
  • MS05-051 — Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)
  • MS05-052 — Cumulative Security Update for Internet Explorer (896688)

Scope of Potential Compromise

These nine bulletins cover fourteen vulnerabilities in total and range in scope from a vulnerability in the Windows FTP client, which could allow an attacker to tamper with the file transfer location on the client during an FTP file transfer session, to a vulnerability in Internet Explorer, which could allow remote code execution. More information on the vulnerabilities can be found at http://vil.nai.com/vil/newly-discovered-viruses.asp and http://www.microsoft.com/technet/security/bulletin/ms05-oct.mspx.

McAfee Solutions

With McAfee’s Security Risk Management approach, customers can effectively address business priorities and security realities. McAfee’s award-winning solutions identify and block known and unknown attacks before they can cause damage.

McAfee Entercept, by default, protects users against code execution that may result from exploitation of the buffer overflow/overrun vulnerabilities reported in MS05-046, MS05-047, MS05-048, MS05-050, MS05-051 and MS05-052. This protection functions regardless of whether the latest McAfee Entercept security content has been updated. Additionally, both McAfee VirusScan Enterprise 8.0i and McAfee Managed VirusScan protect against attacks targeting the buffer overflow vulnerabilities reported in MS05-046, MS05-047, MS05-050 and MS05-052.

McAfee IntruShield will add protection against the vulnerabilities disclosed in MS05-044, MS05-046, MS05-047, MS05-048, MS05-050, MS05-051, MS05-052 and certain vulnerabilities disclosed in MS05-049. The updated signatures are included in signature sets 1.8.61, 1.9.44, 2.1.27 and later, which will be available for download on October 11, 2005. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.

McAfee Foundstone checks have been created that will detect these vulnerabilities and will be available in the package released on October 11, 2005.

The McAfee System Compliance Profiler, a component of McAfee ePolicy Orchestrator, is being updated to quickly assess compliance levels of Microsoft security patches for MS05-044, MS05-045 and MS05-047 through
MS05-052 announced today.

As new exploits are discovered, McAfee AVERT will add detection and removal to the DATs. The 4562 DAT files protect against known attacks against MS05-052. McAfee users can refer to http://vil.nai.com/vil/newly-discovered-viruses.asp for information regarding any new threats attempting to exploit these vulnerabilities.

McAfee AVERT is one of the top-ranked anti-virus and vulnerability research organizations in the world, employing researchers in thirteen countries on five continents. McAfee AVERT combines world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise from the McAfee IntruShield, McAfee Entercept and McAfee Foundstone Professional Services organizations. McAfee AVERT protects customers by providing analysis and core technologies that are developed through the combined efforts of McAfee AVERT researchers and McAfee AVERT AutoImmune technology, which applies advanced heuristics, generic detection with repair, and ActiveDAT technology to deliver those technologies for previously undiscovered viruses.