»Top Protections
DLL Search Path Vulnerabilities in Microsoft Windows Applications
( MS10-096, MS10-093, MS10-097, MS10-094, MS10-095, CVE-2010-3147, CVE-2010-3967, CVE-2010-3144, CVE-2010-3965, CVE-2010-3966 )
Microsoft has identified additional Microsoft Windows applications that are vulnerable to "binary planting" or "DLL preloading attack" exploits that were initially reported in Security Advisory 2269637. Microsoft Office was patched earlier, as described in MS10-087. Successful exploitation of this vulnerability in these applications may allow execution of arbitrary code on a target system. Check Point IPS Software Blade, IPS-1, and NGX SmartDefense provide network protection in the latest IPS update by detecting and blocking suspicious DLL files over CIFS. Learn More .
Microsoft Office Graphics Filters Could Allow Remote Code Execution
( MS10-105, CVE-2010-3945, CVE-2010-3946, CVE-2010-3951, CVE-2010-3952 )
Four remote code execution vulnerabilities have been discovered in Microsoft Office when handling CGM, PICT, and FlashPix images. A remote attacker could exploit these issues by crafting malformed images and embedding them in an Office document file, and convincing a user to open that file. Successful exploitation of any of these vulnerabilities may allow execution of arbitrary code on a target system. Check Point IPS Software Blade, IPS-1, and NGX SmartDefense provide network protection in the latest IPS update by detecting and blocking malformed CGM, PICT, and FPX images over HTTP. Learn More .
MS Task Scheduler Vulnerability Used by Stuxnet Worm To Obtain Administrator System Privileges
( MS10-092, CVE-2010-3888 )
The Stuxnet worm, which has received extensive media coverage over the last few months, is one of the most sophisticated malware programs ever created. It uses a number of vulnerabilities in Microsoft Windows, some of which were unreported prior to the Stuxnet outbreak. One of those vulnerabilities is in the Windows Task Scheduler. Stuxnet exploits this issue in order to gain elevated system privileges on the system(s) under attack, ultimately resulting in Administrator privileges on the targeted system. Check Point recommends applying the patch for this issue as detailed in MS10-092 as soon as is practical. Learn More .
In This AdvisoryDecember 14, 2010
Top Protections
DLL Search Path Vulnerabilities in Microsoft Windows Applications
Microsoft Office Graphics Filters Could Allow Remote Code Execution
MS Task Scheduler Vulnerability Used by Stuxnet Worm To Obtain Administrator System Privileges
Deployment Tip
How Check Point Defeats IPS Evasion Attempts
Highlighted Protections
Including Patch Tuesday
Deployment Tip
Best Practice: How Check Point Defeats IPS Evasion Attempts
Hackers constantly try to avoid detection by IPS systems by changing various aspects of the traffic to make it more difficult to detect. They use various methods, including
The Check Point IPS engines try to mimic the packet destination behavior when analyzing it, in order to detect and block all evasion methods. Also, the Check Point IPS protections are layered in a way that all such attempts are detected by the underlying engines and resolved before searching for the actual vulnerability. This way, the IPS protections are in most cases indifferent to evasion attempts.
- fragmenting the IP packets
- segmenting the TCP stream
- fragmenting RPC traffic
- manipulation of the SMB protocol
- alterations in endianity
- encoding parts of the stream in various ways
» Highlighted Protections
This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.
SeverityVulnerability DescriptionCheck Point Protection
IssuedIndustry ReferenceCheck Point Reference
NumberCritical
Microsoft Internet Explorer HTML Object use after free Memory Corruption
CVE-2010-334014-Dec-10
MS10-090
CPAI-2010-332
Microsoft Internet Explorer 6 HTML Object Memory Corruption
CVE-2010-334314-Dec-10
MS10-090
CPAI-2010-331
Microsoft Office Publisher pubconv.dll Size Value Heap Corruption
CVE-2010-256914-Dec-10
MS10-103
CPAI-2010-322
Microsoft OpenType Font Format Driver Index Code Execution
CVE-2010-395614-Dec-10
MS10-091
CPAI-2010-321
Microsoft OpenType Font Format Driver CMAP Table Code Execution
CVE-2010-395914-Dec-10
MS10-091
CPAI-2010-333
Adobe Reader JavaScript printSeps Function Heap Corruption
CVE-2010-409116-Nov-10
APSB10-28
CPAI-2010-316
Adobe Flash Player DLL Loading Code Execution
CVE-2010-397616-Nov-10
APSB10-26
CPAI-2010-314
Microsoft Windows Address Book Insecure Library Loading
CVE-2010-314714-Dec-10
MS10-096
CPAI-2010-340
Microsoft Windows Media Encoder Insecure Library Loading
CVE-2010-396514-Dec-10
MS10-094
CPAI-2010-343
Microsoft Internet Connection Signup Wizard Insecure DLL Loading
CVE-2010-314414-Dec-10
MS10-097
CPAI-2010-344
Microsoft Windows Movie Maker Insecure Library Loading
CVE-2010-396714-Dec-10
MS10-093
CPAI-2010-341
Microsoft Windows Netlogon RPC Null dereference Denial of Service
CVE-2010-274214-Dec-10
MS10-101
CPAI-2010-338
Microsoft Graphics Filters CGM Image Converter Buffer Overrun
CVE-2010-394514-Dec-10
MS10-105
CPAI-2010-337
Microsoft Graphics Filters PICT Image Converter Integer Overflow
CVE-2010-394614-Dec-10
MS10-105
CPAI-2010-336
Microsoft Graphics Filters FlashPix Converter Buffer Overflow
CVE-2010-395114-Dec-10
MS10-105
CPAI-2010-335
Microsoft Graphics Filters FlashPix Converter Heap Corruption
CVE-2010-395214-Dec-10
MS10-105
CPAI-2010-334
Microsoft SharePoint Malformed Request Remote Code Execution
CVE-2010-396414-Dec-10
MS10-104
CPAI-2010-339
Microsoft Graphics Filters TIFF Image Converter Buffer Overflow
CVE-2010-394914-Dec-10
CVE-2010-3950
MS10-105
CPAI-2010-328
Microsoft Internet Explorer Table Handling Memory Corruption
CVE-2010-396204-Nov-10
MS10-090
CPAI-2010-310
More Updates >
Have questions about IPS?
Participate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?
» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its NGX products through SmartDefense subscriptions, and to Check Point Software Blades products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point's global Research and Response Centers. For more information, visit www.CheckPoint.com.
Results 1 to 1 of 1
-
2010-12-27 #1
Founder
- Join Date
- 2005-08-11
- Location
- San Francisco, CA
- Posts
- 1,395
- Rep Power
- 19
2010-12-14 Check Point Security Advisory
Barry J. Stiefel ("Stee-ful" or "Shtee-ful")
B.S., MBA, CCSA/CCSE/CCSE+/CCSI
Resilience RCSE/RCSI, Fortinet FCSE
CISSP, MCSE, NSA ISM
Founder of CPUG
Founder of CPUG University
Reply With QuoteSimilar Threads
-
2010-09-14 Check Point Security Advisory
By Barry J. Stiefel in forum Check Point Security Alerts And AdvisoriesReplies: 0Last Post: 2010-09-15, 16:02 -
2010-08-25 Check Point Security Advisory
By Barry J. Stiefel in forum Check Point Security Alerts And AdvisoriesReplies: 0Last Post: 2010-08-25, 23:04 -
2010-02-09 Check Point Security Advisory
By Barry J. Stiefel in forum Check Point Security Alerts And AdvisoriesReplies: 0Last Post: 2010-08-12, 01:49 -
2010-03-09 Check Point Security Advisory
By Barry J. Stiefel in forum Check Point Security Alerts And AdvisoriesReplies: 0Last Post: 2010-08-12, 01:48 -
2010-07-13 Check Point Security Advisory
By Barry J. Stiefel in forum Check Point Security Alerts And AdvisoriesReplies: 0Last Post: 2010-08-12, 01:43
Bookmarks