Check Point Provides Preemptive and Immediate Protections for Internet Explorer Vulnerabilities Announced in a January 21st Special out-of-band Microsoft Security Bulletin (MS10-002, Microsoft Security Advisory 979352)


On January 21st Microsoft released an out-of-band cumulative security update to Internet Explorer. This update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability including a patch for CVE-2010-0249, the vulnerability associated with the Operation Aurora attacks.
This tightly coordinated Operation Aurora attack affected Google and at least 20 other firms, including Adobe, Juniper Networks, Yahoo! and Symantec. The attack took advantage of the above mentioned zero-day vulnerability in Internet Explorer to drop malware onto compromised systems. The vulnerability allows for remote code execution but requires user interaction such as following a hyperlink to a website or opening an email attachment. When a user navigates to a malicious web page from a vulnerable Microsoft Windows system, malicious JavaScript code exploits the vulnerability. The infected system would then attempt to contact remote servers controlled by attackers, allowing these attackers to view, create, and modify information on the compromised system.
The flaws addressed in the cumulative security update affect widely used IE5, IE6, IE7, and IE8 running on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, and on Windows Server 2008 R2 systems. Microsoft released this special security update due to the severity of these vulnerabilities. The update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validates input parameters, and filters HTML attributes.
At the consumer end point level Check Point ZoneAlarm Extreme Security successfully protects customers who enable Browser Security virtualization against zero-day vulnerabilities, drive-by downloads and other Web-based threats. For more information or to download ZoneAlarm Extreme Security please visit: http://www.zonealarm.com/security/en-us/zonealarm-extreme-security.htm.
At the network level Check Point announced on 17 January that its Security Gateway R70 was preemptive against the CVE-2010-0249attack since September 2009 with its protections against obfuscation techniques of the kind employed in the Operation Aurora attack. In addition, Check Point provides preemptive and immediate protections against other vulnerabilities in the MS10-002 bulletin through its integrated and dedicated IPS offerings; VPN-1 R65 and R70 Security Gateways, VPN-1 VSX R65, and IPS-1. For more information, see CPAI-2010-012, CPAI-2010-013, CPAI-2010-015, CPAI-2010-016, CPAI-2010-017, and
CPAI-2010-018.