McAfee, Inc. provides coverage for the three security vulnerabilities disclosed by Microsoft Corporation this week. These vulnerabilities have been reviewed by McAfee Avert Labs, and based on its findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee. This includes deploying solutions to ensure protection against the vulnerabilities outlined in this advisory.
"This year, Microsoft has already patched more critical vulnerabilities than they have patched in 2004 and 2005 combined," said Monty Ijzerman, senior manager of the Global Threat Group for McAfee Avert Labs. "Of the three vulnerabilities announced today, the PGM vulnerability stands out due to the fact that it can be remotely exploited without user interaction. However only Windows XP systems that have the non-default Microsoft Message Queuing Service installed are vulnerable."
-- MS06-052 - Vulnerability in Pragmatic General Multicast (PGM) Could Result in Remote Code Execution
-- MS06-053 - Vulnerability in Indexing Service Could Allow Cross-Site Scripting
-- MS06-054 - Vulnerability in Microsoft Publisher Could Allow Remote Code Execution Scope of Potential Compromise
These three security bulletins cover vulnerabilities ranging from moderate to critical in ranking. The MS06-054 Vulnerability in Microsoft Office Publisher is rated critical as it allows for remote code execution after user interaction. The MS06-052 Vulnerability in Pragmatic General Multicast is remotely exploitable by an anonymous user but is rated important by Microsoft since the vulnerable service is not default installed.