Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

McAfee Responds to Patch Tuesday

SANTA CLARA, Calif. -- McAfee, Inc. (NYSE: MFE), today announced that it provides coverage for the eight security vulnerabilities disclosed by Microsoft Corporation. These vulnerabilities have been reviewed by McAfee Avert Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee. This includes deploying solutions to ensure protection against the vulnerabilities outlined in this advisory.

"Of particular concern are CVE-2007-0938, the Microsoft Content Management Service Remote Code Execution Vulnerability of MS07-018 and MS07-021, and the MsgBox (CSRSS) Remote Code Execution Vulnerability," said David Marcus, security research and communications manager, McAfee Avert Labs. "Both of these can result in remote code execution on affected systems. Combined with the popularity of browser or Web-based attack vectors, these vulnerabilities can be particularly dangerous. Consumers and enterprises should take these vulnerabilities very seriously and employ a risk-based management approach to make sure they are properly protected."

Microsoft Vulnerability Overview:

  • MS07-018 - Vulnerabilities in Microsoft Content Management Server
    Could Allow Remote Code Execution
  • MS07-019 - Vulnerability in Universal Plug and Play Could Allow
    Remote Code Execution
  • MS07-020 - Vulnerability in Microsoft Agent Could Allow Remote Code
    Execution
  • MS07-021 - Vulnerability in CSRSS Could Allow Remote Code Execution
  • MS07-022 - Vulnerability in Windows Kernel Could Result in Elevation
    of Privilege

    McAfee Inc. (NYSE: MFE)