Vulnerability Advisory: McAfee, Inc. Solutions Protect Against Last Week's Microsoft Windows Vulnerability

SANTA CLARA, Calif., Jan. 5 /PRNewswire-FirstCall/ -- McAfee, Inc. , the leader in Intrusion Prevention and Security Risk Management, today announced that it provides proactive zero-day protection against exploitation of a vulnerability in the Windows Meta File (WMF) in the Windows operating system. This vulnerability was reviewed by McAfee(R) AVERT(TM) Labs last week, shortly after exploit code was publicly announced on December 27, 2005. McAfee, which has offered protection since December 27, recommends that users confirm the Microsoft product versioning outlined in the emergency bulletin announced by Microsoft today, and update as recommended by Microsoft and McAfee, Inc. This includes deploying solutions to ensure protection against the exploits outlined in this advisory.

Microsoft Vulnerability Overview:

MS06-001-Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

Scope of Potential Compromise

Today's bulletin covers a vulnerability in the Graphics Rendering Engine. An attacker could exploit the vulnerability by constructing a specially crafted WMF image that could potentially allow remote code execution if a user visited a malicious Web site or opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Exploit WMF files are currently being hosted on many known Web sites. The exploit code attacks a vulnerability in the way in which Windows handles Windows Meta Files, resulting in execution of arbitrary code.

McAfee has reported spam attacks that result in the installation of a new Backdoor-CEP Trojan variant since the source code for a tool that creates malicious WMF files was publicly released. For more information on this vulnerability, please visit http://vil.nai.com/vil/newly-discovered-viruses.asp and http://www.microsoft.com/technet/security/current.aspx .

McAfee Solutions

With McAfee's Security Risk Management approach, customers can effectively address business priorities and security realities. McAfee's award-winning solutions identify and block known and unknown attacks before they can cause damage.

By default, McAfee Entercept(R) protects users against code execution that may result from exploitation of the vulnerability reported in MS06-001. This protection functions regardless of whether the latest McAfee Entercept security content has been updated. In addition, both McAfee VirusScan(R) Enterprise 8.0i and McAfee Managed VirusScan may also protect against attacks targeting this vulnerability in certain scenarios.

McAfee IntruShield(R) also protects against the Microsoft vulnerability. The updated signatures are included in signature sets 2.1.32.3, 1.9.49.3, 1.8.66.3 and 3.1.5.4, and are currently available for download. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.

A McAfee Foundstone(R) check has already been released that detects this vulnerability and an update of this check will also be available in the package released today. The McAfee System Compliance Profiler, a component of McAfee ePolicy Orchestrator(R), is being updated to quickly assess compliance levels of the Microsoft security patch announced today.

The McAfee VirusScan 4666 DATs cover the known exploits. As new exploits are discovered, McAfee will add detection and removal capabilities to the DATs. McAfee users can refer to http://vil.nai.com/vil/newly-discovered-viruses.asp for information regarding any new threats attempting to exploit this vulnerability.

McAfee AVERT Labs maintains one of the top-ranked security threat and research organizations in the world, employing researchers in thirteen countries on five continents. The Labs combine world class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise from the McAfee IntruShield, McAfee Entercept, and McAfee Foundstone Research and McAfee Foundstone Professional Services organizations. McAfee protects customers by providing deep analysis and core technologies that are developed through the combined efforts of its researchers.

About McAfee, Inc.

McAfee, Inc., headquartered in Santa Clara, California and the global leader in Intrusion Prevention and Security Risk Management, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security. http://www.mcafee.com/.

NOTE: McAfee, AVERT, IntruShield, Entercept, Foundstone, ePolicy Orchestrator, VirusScan are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United States and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.