»Top Protections

Microsoft Office Excel Vulnerabilities

Multiple vulnerabilities have been identified in Microsoft Excel. A remote attacker could exploit these issues via a malformed Excel file. Successful exploitation of these vulnerabilities may allow execution of arbitrary code on a target system. Check Point provides immediate protection against exploits that use these vulnerabilities through its integrated IPS offerings. Check Point SmartDefense and IPS Software Blade detect and block the transferring of malformed Excel files. More information.

Internet Explorer VBScript Vulnerability
(Security Advisory 981169, CVE-2010-0483)

A zero-day remote code execution vulnerability has been discovered in the way that VBScript interacts with Windows Help files when using Internet Explorer. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted Web page. Successful exploitation could result in execution of arbitrary code on the affected system. Microsoft publicly disclosed information on the exploit in a Security Advisory on March 1st and one day later Check Point provided immediate protection against this exploit in the integrated and dedicated IPS products, IPS Software Blade, SmartDefense, and IPS-1. More information.

Botnets: Kneber/Zeus and Pushdo
(Industry Coverage: Network World, TrendMicro)

Kneber and Pushdo are command–and-control botnets, primarily targeting Microsoft Windows operating systems that are able to make constant changes to their code making these botnets hard to detect. Kneber has affected more than 74,000 PCs in 2,400 business and government systems around the world. The Pushdo botnet is reportedly the second largest spam botnet on the planet, believed to be responsible for 1 out of every 25 spam emails sent worldwide. Check Point provides immediate protection against these botnets through its integrated and dedicated IPS offerings. Check Point SmartDefense, IPS Software Blade, and IPS-1 detect and block attempts to connect to the Kneber/Zeus and Pushdo botnets. More information.
March 9, 2010
In This Advisory» Top ProtectionsMicrosoft Office Excel VulnerabilitiesInternet Explorer VBScript VulnerabilityBotnets: Kneber/Zeus and Pushdo» Deployment TipUse IPS Event Analysis Maps to Create a Geo Protection Policy» Highlighted ProtectionsIncluding Patch Tuesday

Deployment Tip
Best Practice: Use IPS Event Analysis Maps to Create a Geo Protection Policy
Some companies require monitoring traffic from certain countries to satisfy regulatory requirements. Maps in the IPS Event Analysis client is a graphical representation of events by source and destination countries that accomplishes this task.

Geo Protection in the IPS Software Blade takes this one step further, providing a means to block or allow traffic to or from specific countries. Whether you need to satisfy a regulatory requirement or not you may find the data in the IPS Event Analysis Maps is a valuable source of information for creating a Geo Protection policy that limits your exposure to outside threats. Within the policy you can create exceptions to allow legitimate traffic.

The country information is derived from IP addresses in the packet by means of an IP-to-country database that is regularly updated and automatically downloaded to the Security Gateway from a Check Point data center.

To block, allow or monitor traffic by country:
  1. In the SmartDashboard IPS tab, select Geo Protection from the navigation tree.
  2. In the Geo Protection page, choose an IPS Profile.
  3. Define a Policy for Specific Countries: Click Add; the Geo Protection window opens.
  4. Configure a Policy for Other Countries. These settings apply to all countries and IP addresses that are not included in the Policy for specific Countries.
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

SeverityVulnerability DescriptionCheck Point Protection
Industry ReferenceCheck Point Reference
CriticalMicrosoft windows VBScript MsgBox Call with Malicious HLP File 02-Mar-10981169
CVE-2010-0483CPAI-2010-049CriticalKneber/Zeus Botnet24-Feb-10Network WorldCPAI-2010-038CriticalPushdo Botnet Denial of Service Attacks18-Feb-10TrendMicroSBP-2010-10CriticalAdobe Flash Player Subvert Domain Sandbox24-Feb-10APSB10-06
CVE-2010-0186CPAI-2010-039CriticalSun Java System Web Server Digest Authorization Buffer Overflow19-Feb-10BugTraq ID: 37896CPAI-2010-109CriticalSun Java System Web Server WEBDAV Stack Buffer Overflow19-Feb-10Secunia Advisory SA38260CPAI-2010-106HighMicrosoft Excel DbOrParamQry Record Parsing Code Execution 09-Mar-10MS10-017
CVE-2010-0264CPAI-2010-047HighMicrosoft Excel FNGROUPNAME Record Uninitialized Memory 09-Mar-10MS10-017
CVE-2010-0262CPAI-2010-045HighMicrosoft Excel MDXSET Record Heap Overflow09-Mar-10MS10-017
CVE-2010-0260CPAI-2010-043HighMicrosoft Excel Sheet Object Type Confusion 09-Mar-10MS10-017
CVE-2010-0258CPAI-2010-042HighMicrosoft Excel XLSX File Parsing Code Execution09-Mar-10MS10-017
CVE-2010-0263CPAI-2010-046HighMicrosoft Excel EntExU2 Record Memory Corruption09-Mar-10MS10-017
CVE-2010-0257CPAI-2010-041HighMicrosoft Movie Maker Project File Handling Buffer Overflow 09-Mar-10 MS10-016
CVE-2010-0265CPAI-2010-048HighAdobe BlazeDS XML Processing Information Disclosure 14-Feb-10APSB10-05
More Updates > Have questions about IPS?
Participate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.Know someone who should be getting the Advisories?

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.
Read Check Point's Privacy Policy
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood