McAfee, Inc. provides coverage for the 10 security vulnerabilities disclosed by Microsoft Corporation this week. These vulnerabilities have been reviewed by McAfee Avert Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee. This includes deploying solutions to ensure protection against the vulnerabilities outlined in this advisory.
"Business applications continue to be a prime target for malicious code writers, which is evident in today's vulnerabilities patched by Microsoft," said Dave Marcus, security research and communications manager, McAfee Avert Labs. "Coverage for this vector of threats continues to be a primary area of research for McAfee. McAfee recommends that users of these applications take extra precaution to protect their systems. McAfee Host Intrusion Prevention Solution provides proactive coverage for these vulnerabilities, greatly reducing the user's risk."
Microsoft Vulnerability Overview:
- MS07-001 -- Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker That Could Allow Remote Code Execution
- MS07-002 -- Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
- MS07-003 -- Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution
- MS07-004 -- Vulnerability in Vector Markup Language Could Allow Remote Code Execution Scope of Potential Compromise
the four security bulletins cover a total of 10 vulnerabilities, all of which are remotely exploitable and seven of which have been rated critical by Microsoft. The five vulnerabilities in bulletin MS07-002 pertaining to Microsoft Excel are particularly noteworthy, and each has been rated critical by Microsoft.
For additional information on the vulnerabilities as well as information on current threats, visit McAfee's Threat Center at http://www.mcafee.com/us/threat_center/default.asp where you will find blogs http://www.avertlabs.com/research/blog/ from McAfee Avert Labs researchers. More information on the vulnerabilities can also be found at http://www.microsoft.com/technet/security/current.aspx .