»Top Protections

Microsoft SharePoint XSS Vulnerability
(Microsoft Security Advisory 983438, CVE-2010-0817)

A zero-day Cross-Site Scripting (XSS) vulnerability has been identified in Microsoft SharePoint by Switzerland-based security research lab High Tech Bridge in advisory HTB22350 on April 28th. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code within the SharePoint Site. Check Point provides pre-emptive and immediate protection against exploits that use this vulnerability through its integrated IPS offerings. More information.

Microsoft Outlook Express and Windows Mail Vulnerability
(MS10-030, CVE-2010-0816)

A remote code execution vulnerability has been reported in the way that Outlook Express, Windows Mail, and Windows Live Mail handle specially crafted mail responses. An attacker may exploit this issue via a specially crafted POP3 or IMAP response to execute arbitrary code on a vulnerable system. Check Point provides immediate protection against exploits that use this vulnerability through its integrated IPS offerings. More information.

Critical Linux Kernel Vulnerability

A critical buffer overflow vulnerability exists in the Linux Kernel Organization's Linux kernels prior to 2.6.34-rc6. A remote attacker may exploit this vulnerability to cause a DoS against or remote code execution on an affected system. Check Point provides immediate protection against this exploit through its integrated IPS Software Blade products. More information.
May 11, 2010
In This Advisory» Top ProtectionsMicrosoft SharePoint XSS VulnerabilityMicrosoft Outlook Express and Windows Mail VulnerabilityCritical Linux Kernel Vulnerability» Deployment TipSchedule an IPS Update» Highlighted ProtectionsIncluding Patch Tuesday

Deployment Tip
Best Practice: Schedule an IPS Update
Check Point’s global Research and Response Centers provide regular updates to ensure you have the most up-to-date defenses to protect you from the latest exploits, but if the update isn’t installed, you’re not protected. In R71 you can configure a schedule to download and install IPS protections reducing the time that your systems are vulnerable to threats.

To schedule IPS updates:
  1. In the IPS tab, select Download Updates and click Scheduled Update
  2. Select Enable IPS scheduled update
  3. Click Edit Schedule to create a schedule for the updates
    1. In the Scheduled Event Properties window enter the name of the schedule and the time of the update. Choose either;
      • a specific time
      • or a time interval like every 12 hours
  4. Click User Center credentials to enter your User Center credentials
  5. Enable On Successful update perform Install Policy
The resulting schedule is shown in the Scheduled Update window.

» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

SeverityVulnerability DescriptionCheck Point Protection
Industry ReferenceCheck Point Reference
CriticalMicrosoft Outlook Express and Windows Mail Integer Overflow 11-May-10MS10-030
CVE-2010-0816CPAI-2010-076CriticalLinux Kernel sctp_process_unk_param SCTPChunkInit Buffer Overflow11-May-10CVE-2010-1173
CPAI-2010-077CriticalMicrosoft Visual Basic VBE6.DLL Stack Memory Corruption 11-May-10MS10-031
CVE-2010-0815CPAI-2010-075CriticalAdobe Reader CFF Heap-Based Overflow 15-Apr-10APSB10-09
CVE-2010-1241CPAI-2010-071CriticalAdobe Reader Malformed RichMedia Annotation 14-Apr-10APSB10-09
CVE-2010-0197CPAI-2010-069CriticalAdobe Reader Overly Complex U3D Base Mesh Memory Corruption 13-Apr-10APSB10-09
CVE-2010-0194CPAI-2010-068CriticalAdobe Reader TTF Cmap Buffer Overflow 14-Apr-10APSB10-09
CVE-2010-0195CPAI-2010-067CriticalIBM Informix Dynamic Server librpc.dll Multiple Buffer Overflows26-Jun-02CVE-2009-2753
CPAI-2010-122CriticalNovell iPrint Client ienipp.ocx target-frame Stack Buffer Overflow23-Apr-10CVE-2009-1568
CPAI-2010-127CriticalMultiple Vendors librpc.dll Stack Buffer Overflow23-Apr-10CVE-2009-2754
CPAI-2010-121HighMicrosoft SharePoint Server 2007 Cross-Site Scripting (XSS) 29-Apr-10CVE-2010-0817CPAI-2010-074HighGhostScript PostScript Parser Stack Overflow11-May-10CVE-2010-1869CPAI-2010-078
More Updates > Have questions about IPS?
Participate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.Know someone who should be getting the Advisories?

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its NGX products through SmartDefense subscriptions, and to Check Point Software Blades products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.
Read Check Point's Privacy Policy
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065