McAfee, Inc., the leader in Intrusion Prevention and Security Risk Management, announced that it provides protection for the security vulnerabilities announced by Microsoft Corporation today. These vulnerabilities have been reviewed by McAfee(R) AVERT(TM) (Anti-virus and Vulnerability Emergency Response Team) security research teams at McAfee, Inc., and based on its findings, McAfee AVERT recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee, Inc. This includes deploying solutions to ensure protection against the exploits outlined in this advisory.

Microsoft Vulnerability Overview

  • — MS05-038 — Cumulative Security Update for Internet Explorer (896727)
  • — MS05-039 — Vulnerability in Plug and Play Could Allow Remote Code
    Execution and Elevation of Privilege (899588)
  • — MS05-040 — Vulnerability in Telephony Service Could Allow Remote Code
    Execution (893756)
  • — MS05-041 — Vulnerability in Remote Desktop Protocol Could Allow Denial
    of Service (899591)
  • — MS05-042 — Vulnerabilities in Kerberos Could Allow Denial of Service,
    Information Disclosure, and Spoofing (899587)
  • — MS05-043 — Vulnerability in Print Spooler Service Could Allow Remote
    Code Execution (896423)

Scope of Potential Compromise

The six bulletins cover nine vulnerabilities in total and range in scope from a vulnerability in the Remote Desktop Protocol (RDP) that could allow an attacker to cause a system to stop responding, to a vulnerability in the Print Spooler service that could allow remote code execution. More information on the vulnerabilities can be found at and .

McAfee Solutions

With McAfee’s Security Risk Management approach, customers can effectively address business priorities and security realities. McAfee’s award-winning solutions identify and block known and unknown attacks before they can cause damage.

McAfee Entercept(R), by default, protects users against code execution that may result from exploitation of the buffer overflow/overrun vulnerabilities reported in MS05-038, MS05-039, MS05-040 and MS05-043. This protection functions regardless of whether the latest McAfee Entercept security content has been updated. Additionally, both McAfee VirusScan(R) Enterprise 8.0i and McAfee Managed VirusScan protect against attacks targeting the buffer overflow vulnerabilities reported in MS05-038, MS05-039 and MS05-040.

McAfee IntruShield(R) will add protection against the vulnerabilities disclosed in MS05-039, MS05-040, MS05-041 and MS05-043, and certain vulnerabilities disclosed in MS05-038. The updated signatures are included in signature sets 2.1.23, 1.9.40, 1.8.57, and later, which will be available for download on August 9, 2005. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.

McAfee Foundstone(R) checks have been created that will detect these vulnerabilities and will be available in the package released on August 9, 2005.

The McAfee System Compliance Profiler, a component of McAfee ePolicy Orchestrator(R), is being updated to quickly assess compliance levels of Microsoft security patches for all vulnerabilities announced today.

As new exploits are discovered, McAfee AVERT will add detection and removal to the DATs. McAfee users can refer to for information regarding any new threats attempting to exploit these vulnerabilities.

McAfee AVERT is one of the top-ranked anti-virus and vulnerability research organizations in the world, employing researchers in thirteen countries on five continents. McAfee AVERT combines world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise from the McAfee IntruShield(R), McAfee Entercept(R) and McAfee Foundstone(R) Professional Services organizations. McAfee AVERT protects customers by providing analysis and core technologies that are developed through the combined efforts of McAfee AVERT researchers and McAfee AVERT AutoImmune technology, which applies advanced heuristics, generic detection with repair, and ActiveDAT technology to deliver those technologies for previously undiscovered viruses.