McAfee provides coverage for the four security vulnerabilities disclosed by Microsoft. These vulnerabilities have been reviewed by McAfee Avert Labs, and based on their findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee. This includes deploying solutions to ensure protection against the vulnerabilities outlined in this advisory.
"Compared to last month, Patch Tuesday in September is almost anticlimactic," says Dave Marcus, security research and communications manager at McAfee Avert Labs. "Users of Windows Server 2000 Service Pack 4 should be paying most attention to Microsoft's patches. The MSN Messenger and Windows Live Messenger vulnerability is also serious, but since Microsoft pushes the updates there is little chance of successful attacks exploiting this vulnerability."
Microsoft Vulnerabilities Overview:
* MS07-051 – Vulnerability in Microsoft Agent could allow remote code execution;
* MS07-052 – Vulnerability in Crystal Reports for Visual Studio could allow remote code execution;
* MS07-053 – Vulnerability in Windows Services for Unix could allow elevation of privilege; and
* MS07-054 – Vulnerability in MSN Messenger and Windows Live Messenger could allow remote code execution
The four security bulletins cover a total of four vulnerabilities. One of the bulletins is rated critical by Microsoft due to the potential for remote code execution. The three remaining bulletins are deemed important.