McAfee, Inc. provides coverage for the 18 security vulnerabilities disclosed by Microsoft Corporation this week. These vulnerabilities have been reviewed by McAfee Avert Labs, and based on its findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee. This includes deploying solutions to ensure protection against the vulnerabilities outlined in this advisory.
"Microsoft continues to provide numerous patches for critical vulnerabilities as seen today in the widely deployed Microsoft Office and Excel applications which accounted for 70% of the patched vulnerabilities," said Monty Ijzerman, senior manager of the Global Threat Group for McAfee Avert Labs. "McAfee sees this as part of the trend to attack and target applications as well as base operating systems. To date this year, 31 patches have been issued for applications in contrast to 41 for operating systems. For 2005 these numbers are 13 and 73, respectively."Microsoft Vulnerability Overview:
-- MS06-033 - .NET 2.0 Application FolderInformation Disclosure Vulnerability
-- MS06-034 - Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Lead to Remote Code Execution
-- MS06-035 - Vulnerability in Server Service Could Allow Remote Code Execution
-- MS06-036 - Vulnerability in DHCP Client Service Could Allow Remote Code Execution
-- MS06-037 - Vulnerability in Microsoft Excel Could Allow Remote Code Execution (917285)
-- MS06-038 - Vulnerability in Microsoft Office Could Allow Remote Code Execution (917284)
-- MS06-039 - Vulnerability in Microsoft Office Could Allow Remote Code Execution (915384) Scope of Potential Compromise
These bulletins cover a total of 18 vulnerabilities -- 14 of which are rated critical due to their potential for remote code execution. Among the critical vulnerabilities, 13 pertain to Microsoft Excel and Microsoft Office. The remaining critical vulnerability, MS06-035 Mailstop Heap Overflow is a worm candidate since it is remotely exploitable without the need for user interaction on Windows 2000 SP4 and Windows XP SP1. Additionally, McAfee Avert Labs worked with Microsoft to responsibly disclose and patch the CVE-2006-1315 SMB Information Disclosure Vulnerability.