»Top Protections
Critical Microsoft Windows Media Player RTSP Vulnerability
(MS10-075, CVE-2010-3225)

A critical remote code execution vulnerability has been reported in Microsoft Windows Media Player network sharing service. An attacker may exploit this flaw and execute arbitrary code on a targeted machine. Check Point IPS Software Blade and NGX SmartDefense provide immediate network protection in the latest IPS update by detecting and blocking overly large requests made to the vulnerable service. Learn More.
Microsoft Secure Channel Denial of Service Vulnerability
(MS10-085, CVE-2010-3229)

A denial of service vulnerability has been reported in the way that Microsoft's SChannel security package processes client certificates in Microsoft Windows. A remote attacker could use this issue to create a denial of service condition, thus crashing the vulnerable service. Check Point IPS Software Blade and NGX SmartDefense provide immediate network protection in the latest IPS update by detecting and blocking malformed messages sent to a server that attempt to exploit this vulnerability. Learn More.
Check Point Protects Systems Against Stuxnet Worm
(CVE-2010-2772, MS08-067, MS10-046, MS10-061)
The Stuxnet worm is a sophisticated malware program that exploits several vulnerabilities in Microsoft Windows. Stuxnet's ultimate targets are Programmable Logic Controllers (PLCs) manufactured by Siemens. These systems, which are typically programmed via network-connected Windows computers, are used for automation and control in various industrial and scientific applications. Successful infection of PLCs could result in modification of their operation. Check Point Software Blade, IPS-1, and SmartDefense continue to provide immediate network protection against these vulnerabilities. Learn More.
October 12, 2010
In This Advisory
» Top Protections
Critical Microsoft Windows Media Player RTSP Vulnerability
Microsoft Secure Channel Denial of Service Vulnerability
Check Point Protects Systems Against Stuxnet Worm
» Deployment Tip
Using IPS Performance Counters
» Highlighted Protections
Including Patch Tuesday









Deployment Tip
Best Practice: Using IPS Performance Counters
IPS Performance Counters are used to provide information as to how well the IPS is performing. The counter data can help determine system bottlenecks and fine-tune IPS performance. The data can then be exported to a user-friendly Excel spreadsheet. To run Performance Counters:

1. type the following on the gateway CLI:
fw ctl zdebug >& output_file_name &
2. Now run your traffic generator. To stop counting, type:
fw ctl sdstat stop
3. Copy the output file to the management system and run the script:
$FWDIR/scripts/sdstat_analyse.csh input_file_name [Policy Name]
The resulting file (.csv) can opened with the spreadsheet application of your choice.
4. You can now analyze the results and fix any performance bottlenecks that are discovered.
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity
Vulnerability Description
Check Point Protection
Issued
Industry Reference
Check Point Reference
Number
Critical
Microsoft Windows Media Player RTSP Use after Free Code Execution
12-Oct-10
MS10-075
CVE-2010-3225

CPAI-2010-289
Critical
Microsoft Internet Explorer CSS Rule Handling Memory Corruption
12-Oct-10
MS10-071
CVE-2010-3328

CPAI-2010-287
Critical
Microsoft Internet Explorer Event Handling Memory Corruption
12-Oct-10
MS10-071
CVE-2010-3326

CPAI-2010-286
Critical
Microsoft Outlook Web Access Crafted POST Request Elevation of Privilege
14-Sep-10
Microsoft Security Advisory (2401593)
CVE-2010-3213

CPAI-2010-268
High
Microsoft SChannel TLSv1 Denial of Service
12-Oct-10
MS10-085
CVE-2010-3229

CPAI-2010-279
High
Blocking Multiple HTTP Error Responses (ASP.NET)
19-Sep-10
Microsoft Security Advisory (2416728)
MS10-070
CVE-2010-3332

SBP-2010-26
High
Microsoft Internet Explorer MSHTML Uninitialized Memory Corruption
12-Oct-10
MS10-071
CVE-2010-3331

CPAI-2010-271
High
Microsoft Browser Embedded Media Player Memory Corruption
12-Oct-10
MS10-082
CVE-2010-2745

CPAI-2010-283
High
Microsoft OpenType Font Validation Elevation of Privilege
12-Oct-10
MS10-078
CVE-2010-2741

CPAI-2010-281
High
Microsoft Word Index Value Parsing Memory Corruption
12-Oct-10
MS10-079
CVE-2010-3219

CPAI-2010-292
High
Microsoft Word LVL Structure Parsing Remote Code Execution
12-Oct-10
MS10-079
CVE-2010-3220

CPAI-2010-291
High
Microsoft Excel Ghost Record Type Parsing Code Execution
12-Oct-04
MS10-080
CVE-2010-3242

CPAI-2010-273
High
Microsoft Excel Formula BIFF Record Parsing Memory Corruption
12-Oct-10
MS10-080
CVE-2010-3231

CPAI-2010-274
High
Microsoft Excel Corrupted Table Records Code Execution
12-Oct-10
MS10-080
CVE-2010-3232

CPAI-2010-278
High
Synology Disk Station FTP Login Web Commands Injecti
30-Sep-10
CVE-2010-2453
CPAI-2010-270
High
'Here you have'/W32.VBMania Worm
16-Sep-10

CPAI-2010-269

More Updates >

Have questions about IPS?
Participate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?
» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its NGX products through SmartDefense subscriptions, and to Check Point Software Blades products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.