AVISO DE FALSO POSITIVO CON EL PARCHE MS10-090 de MICROSOFT de esta semana

McAfee nos advierte de este falso positivo:
_____________

McAfee has been notified of potential false positive signature detections after applying MS2416400, which is included in the MS10-090 security update released by Microsoft on December 15, 2010. 

For additional information, see KnowledgeBase article KB70810:

https://kc.mcafee.com/corporate/index?page=content&id=KB70810
Corporate KnowledgeBase ID:    KB70810
Last Modified:    December 16, 2010

  Environment
McAfee Host Intrusion Prevention 7.0 (Signature 3776)
For details of all supported operating systems, see KB51109.
Problem
False positive detections for Signature 3776 – Microsoft Internet Explorer Vector Markup Language Vulnerability (2).

This issue occurs after you apply the December 14th Microsoft security update MS10-090 (KB 2416400).

http://support.microsoft.com/kb/2416400

NOTE: This signature has been enabled for the past three years to block VML related vulnerabilities (CVE-2006-4868 and CVE-2007-1749).
Cause
This issue is currently under investigation to determine what changes in the Microsoft security patch might have caused the false positive detections.

Solution
Workaround 1
If you have already installed Microsoft Security Update MS10-090, McAfee Labs recommends that you disable signature 3776.

If you experience new signature violations other than 3776, please contact McAfee support.
For contact details:
•Go to: http://www.mcafee.com/us/about/contact/index.html
_____________
Simplemente si tras aplicar el parche MS10-090 se detecta esta anomalía con el McAfee Host Intrusion Prevention 7.0 (cortafuegos), se debe excluir la regla  3776
Si alguien tiene problemas con ello, aplicar dicha solucion.

saludos

ms, 17-12-2010