These vulnerabilities have been reviewed by McAfee Avert Labs, and based ontheir findings, McAfee recommends that users confirm the Microsoft product versioning outlined in the bulletins and update as recommended by Microsoft and McAfee. This includes deploying solutions to ensure protection against the vulnerabilities outlined in this advisory.

"Today's Microsoft patches emphasize the need for proactive browser protection and the risk of surfing the Web unprotected," said Dave Marcus, security research and communications manager at McAfee Avert Labs. "Many of the vulnerabilities addressed by the fixes could be exploited if a Windows user simply clicks a malicious Web link, a favorite attack method among cybercriminals. Users need to be more careful than ever when surfing the Internet."

Microsoft Vulnerabilities Overview:

• MS07-055 - Vulnerability in Kodak Image Viewer could allow remote code execution
• MS07-056 - Security update for Outlook Express and Windows Mail
• MS07-057 - Cumulative security update for Internet Explorer
• MS07-058 - Vulnerability in RPC could allow denial of service
• MS07-059 - Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 could result in elevation of privilege within the SharePoint Site
• MS07-060 - Vulnerability in Microsoft Word could allow remote code execution

Scope of Potential Compromise

Today's six security bulletins cover a total of nine vulnerabilities. Four of the bulletins are rated critical by Microsoft due to their potential for remote code execution. Two bulletins are deemed important.

For additional information on today's vulnerabilities as well as information on current threats, visit McAfee's Threat Center at
http://www.mcafee.com/us/threat_center/default.asp. McAfee recommends users sign up to receive the McAfee Avert Labs Security Advisory, describing detailed McAfee product coverage on the set of vulnerabilities described in this document, as well as McAfee product coverage for other threats.

To sign-up visit:
http://www.mcafee.com/us/threat_center/securityadvisory/signup.aspx. More information on the vulnerabilities can also be found at http://www.microsoft.com/technet/security/current.aspx

With McAfee's security risk management approach, customers can effectively address business priorities and security realities. McAfee's award-winning solutions identify and block known and unknown attacks before they can cause damage. McAfee will continue to update its coverage as needed as new exploit vectors are discovered and as new threats emerge.

Out of the box, Host IPS protects against many buffer overflow exploits. McAfee Host IPS and McAfee Entercept protect users against code execution that may result from common classes of exploits targeted at the buffer overflow/overrun vulnerabilities in Kodak Image Viewer, Microsoft Outlook Express, Internet Explorer and Microsoft Word. This "out of the box" protection is provided without the need for security content updates for either product.

The McAfee Vulnerability Shield package for McAfee Host IPS customers provides specific protection against common classes of exploits targeted at the vulnerabilities in Kodak Image Viewer. The Vulnerability Shield package is deployed through McAfee ePolicy Orchestrator to agents, protecting systems without a reboot.

McAfee VirusScan Enterprise 8.5i and McAfee Managed VirusScan with AntiSpyware protects users against code execution that may result from common classes of exploits targeted at the buffer overflow/overrun vulnerabilities in Microsoft Outlook Express, Internet Explorer and Microsoft Word.

McAfee IntruShield provides coverage for Kodak Image Viewer, Microsoft Outlook Express and Windows Mail, Internet Explorer, RPC, Windows SharePoint Services and Office SharePoint Server 2007 and Microsoft Word vulnerabilities through signature sets released today. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.

The McAfee System Compliance Profiler, a component of McAfee ePolicy Orchestrator, is being updated for today's newly disclosed vulnerabilities in Kodak Image Viewer, Microsoft Outlook Express and Windows Mail, Internet Explorer, RPC, Windows SharePoint Services and Office SharePoint Server 2007 and Microsoft Word to quickly assess compliance levels of the security patches announced today.

The McAfee Foundstone and McAfee Network Access Control (previously known as McAfee Policy Enforcer) checks are being created to detect the vulnerabilities announced today, and will be available in the packages released today and the day after tomorrow, respectively. These checks are expected to accurately identify if a system is vulnerable in many enterprise environments.

McAfee Policy Auditor compliance checks and McAfee Remediation Manager remediations are being created to identify unpatched systems and apply the necessary patches to affected systems for the vulnerabilities in Kodak Image Viewer, Microsoft Outlook Express and Windows Mail, Internet Explorer, RPC, Windows SharePoint Services and Office SharePoint Server 2007 and Microsoft Word. Updates will be available in the next V-Flash package.

Avert DAT files have already been released to detect known exploits and new detection will be added as new exploits are discovered. DAT files are used by McAfee GroupShield, PortalShield, Secure Internet Gateway appliances, Secure Messaging Gateway appliances, Secure Web Gateway appliances, Total Protection suites, VirusScan Enterprise, VirusScan Command Line, VirusScan Online and other McAfee scanners. McAfee users can refer to http://www.mcafee.com/us/threat_center/default.asp for information regarding any new threats attempting to exploit these vulnerabilities.

McAfee Avert Labs maintains one of the top-ranked security threat and research organizations in the world, employing researchers in 16 countries around the globe. The Labs combine world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise. McAfee protects customers by providing deep analysis and core technologies that are developed through the combined efforts of its researchers. McAfee Avert Labs continually monitors the Internet for new threats and attack vectors on a daily basis. Whenever possible, we will update our security technologies and coverage as these new threats and vectors emerge.