»Top Protections

Microsoft Windows SMB Server Vulnerabilities
(MS10-012)

Several vulnerabilities have been identified in Microsoft Server Message Block (SMB), a network file sharing protocol that enables the sharing of resources on the network. A remote attacker can exploit these vulnerabilities to execute malicious code or cause a system crash of an affected system. Check Point provides immediate protection against these exploits in the integrated and dedicated IPS products, IPS Software Blade, SmartDefense, and IPS-1. More information.

Critical Microsoft IE Vulnerabilities
(MS10-002, Microsoft Security Advisory 979352)

On January 21st Microsoft released an out-of-band cumulative security update to Internet Explorer to address zero-day vulnerabilities in IE including one used in the Operation Aurora attacks. Successful exploitation of these vulnerabilities enabled remote control of an affected system. Check Point provides preemptive and immediate protections against vulnerabilities in the MS10-002 bulletin through its integrated and dedicated IPS offerings; VPN-1 R65 and R70 Security Gateways, VPN-1 VSX R65, and IPS-1. More information.

Novell eDirectory Integer Overflow Vulnerability
(CVE-2009-0895)

A code execution vulnerability exists in Novell’s popular eDirectory LDAP server. Novell eDirectory is a Lightweight Directory Access Protocol (LDAP) server, part of an identity management solution that centralizes the management of user identities, access privileges and other network resources that is used in 80 percent of Fortune 1000 companies. The vulnerability is due to errors in Novell eDirectory when processing maliciously crafted service requests with an overly large integer value that could be used in a memory allocation resulting in a heap-based buffer overflow. Check Point provides immediate protection against this vulnerability through its integrated and dedicated IPS offerings, IPS Software Blade, SmartDefense, and IPS-1. More information.
February 09, 2010

IN THIS ADVISORY:

  • Microsoft Windows SMB Server Vulnerabilities
  • Critical Microsoft IE Vulnerabilities
  • Novell eDirectory Integer Overflow Vulnerability


  • Report Security Events to Check Point with IPS Event Analysis Software Blade


  • Including Patch Tuesday

DEPLOYMENT TIP
Best Practice: Report Security Events to Check Point with IPS Event Analysis Software Blade
The IPS Event Analysis Software Blade is a complete IPS event management system for your IPS Software Blade, providing situational visibility, and easy to use forensic and reporting tools. Recorded events are indicators of a security attack or vulnerability that needs to be addressed. In the IPS Event Analysis Client there is an option to send events to Check Point as an aid to improve IPS accuracy. From the Event Log, choose to send the event details directly to Check Point for further analysis.

To report an event to Check Point:
  1. Select the event in the Event Log.
  2. Right-click on the event, select Report Event to Check Point and choose whether you want to include just the Event Details or to also include the Packet Capture associated with the event. Event details are sent via a secure SSL connection.

Note: The data is kept confidential and viewed by a select group of IPS experts that use the information for the sole purpose of improving IPS accuracy. View Check Point’s Privacy Policy.
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

SeverityVulnerability DescriptionCheck Point Protection
Issued
Industry ReferenceCheck Point Reference
Number
CriticalHydraq Trojan/Aurora Attack 21-Jan-10MS10-002
CVE-2010-0249CPAI-2010-100CriticalMicrosoft Windows SMB Client Repeated Negotiation Responses 09-Feb-10MS10-006
CVE-2010-0017CPAI-2010-003CriticalMicrosoft Windows SMB Client Pool Corruption 09-Feb-10MS10-006
CVE-2010-0016CPAI-2010-002CriticalMicrosoft DirectShow AVI Parser Heap Overflow 09-Feb-10MS10-013
CVE-2010-0250CPAI-2010-032CriticalMicrosoft Windows Shell Handler URL Validation Code Execution 09-Feb-10MS10-007
CVE-2010-0027CPAI-2010-031CriticalMicrosoft Data Analyzer ActiveX Control Remote Code Execution 09-Feb-10MS10-008
CVE-2010-0252CPAI-2010-019CriticalMicrosoft Internet Explorer Uninitialized Memory Corruption 21-Jan-10MS10-002
CVE-2010-0245
CVE-2010-0246CPAI-2010-015CriticalMicrosoft Internet Explorer Invalid Pointer Reference Remote Code Execution 01-Sep-09MS10-002
CVE-2010-0249CPAI-2010-012CriticalAdobe Reader U3D DLL Loading Remote Code Execution13-Jan-10APSB10-02
CVE-2009-3954CPAI-2010-010CriticalAdobe Reader JPEG2000 Region of Interest Memory Corruption 13-Jan-10APSB10-02
CVE-2009-3955CPAI-2010-007CriticalNovell eDirectory NDS Verb Integer Overflow 28-Jan-10CVE-2009-0895CPAI-2010-014HighMicrosoft SMB Server Race Condition Denial of Service 09-Feb-10MS10-012
CVE-2010-0021CPAI-2010-023HighMicrosoft SMB Server Null Pointer Denial of Service 09-Feb-10MS10-012
CVE-2010-0022CPAI-2010-028HighMicrosoft SMB NTLM Authentication Lack of Entropy Vulnerability 09-Feb-10MS10-012
CVE-2010-0231CPAI-2010-029HighMicrosoft SMB COPY Command Pathname Overflow 09-Feb-10MS10-012
CVE-2010-0020CPAI-2010-022HighMicrosoft Internet Explorer Response Redirect Information Disclosure09-Feb-10980088
CVE-2010-0255CPAI-2010-033HighTLS and SSL Spoofing Vulnerability29-Nov-09977377
CVE-2009-3555CPAI-2010-020
More Updates >



Have SmartDefense feature questions?
Participate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?




» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.


You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065