»Top Protections
Microsoft Patches Three Zero-Day Vulnerabilities
Microsoft reported three zero-day vulnerabilities in the closing days of 2010 and the first week of 2011 that have been patched in their monthly patch roundup released on February 8, 2011. Check Point customers have enjoyed network protection against these vulnerabilities since shortly after their announcement, and in one case pre-emptive protection has been in place since early 2006. Learn More .
Zero-Day Information Disclosure Vulnerability in Microsoft MHTML Protocol Handler
An information disclosure vulnerability has been reported in the Microsoft Windows MHTML protocol handler. This vulnerability could allow an attacker to cause malicious scripts to be run on the targeted machine when visiting various Web sites, resulting in information disclosure. No patch has been announced by Microsoft as of February 8, 2011. Until a patch is released, Check Point IPS Software Blade and SmartDefense provide network protection against these vulnerabilities in the latest IPS update by detecting and blocking attempts to exploit them. Learn More .
Security Best Practice: Blocking iPhone Web Browsing on the Enterprise Wireless Network
Some organizations prefer to prevent the use of their wireless networks by smartphones for browsing the Internet, since those connections can potentially take up a lot of bandwidth and also because this kind of use may circumvent the organizational security policy. The Check Point IPS Software Blade can block HTTP browsing from iPhones that are connected to the corporate network. Learn More .
February 8, 2011
In This Advisory
Top Protections
•
Microsoft Patches Three Zero-Day Vulnerabilities
•
Zero-Day Information Disclosure Vulnerability in Microsoft MHTML Protocol Handler
•
Security Best Practice: Blocking iPhone Web Browsing on the Enterprise Wireless Network
Deployment Tip
•
Use Identity Logging to Show User and Machine Names in IPS Logs
Highlighted Protections
•
Including Patch Tuesday









Deployment Tip
Best Practice: Use Identity Logging to Show User and Machine Names in IPS Logs
One of the first steps after identifying a significant even on the network is to understand WHO did it and WHERE it came from. Introduced in R70.2, Identity Logging aids in analyzing network traffic and security-related events by identifying the specific user by name that initiated the traffic. (Previously, source traffic was identified only by its URL or IP address.) It works by extracting user and computer name information from Active Directory (AD) logs and inserting that information into the Check Point logs.
You can configure user and computer identification settings using SmartDashboard on any Security Management Server or log server object.
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.
Severity
Vulnerability Description
Check Point Protection
Issued
Industry Reference
Check Point Reference
Number
Critical
Microsoft Graphics Rendering Engine Thumbnail Image Stack Buffer Overflow
09-Jan-2011
CVE-2010-3970
MS11-006

CPAI-2011-003
Critical
Microsoft IIS FTP Server Telnet IAC Buffer Overflow
26-Dec-2010
CVE-2010-3972
MS11-004
CPAI-2010-351
Critical
Microsoft OpenType CFF Driver Font Encoded Character Corruption
08-Feb-2011
CVE-2011-0033
MS11-007
CPAI-2011-007
Critical
Microsoft Internet Explorer Insert Document Object Memory Corruption
08-Feb-2011
CVE-2011-0036
MS11-003
CPAI-2011-008
Critical
Microsoft Internet Explorer onCellChange Event Memory Corruption
08-Feb-2011
CVE-2011-0035
MS11-003
CPAI-2011-011
High
Microsoft Internet Explorer MHTML Information Disclosure
31-Jan-2010
CVE-2011-0096
Microsoft 2501696
CPAI-2011-006
High
Microsoft Internet Explorer CSS Recursive Import Memory Corruption
27-Dec-2010
CVE-2010-3971
MS11-003
CPAI-2010-349
High
Blocking Apple iPhone Browsing Application Control
02-Feb-2011
IPS Research Center
SBP-2011-02
High
Microsoft Active Directory SPN Validation Denial of Service
08-Feb-2011
CVE-2011-0040
MS11-005
CPAI-2011-012
High
Microsoft Kerberos Implementation Spoofing Elevation of Privilege
08-Feb-2011
CVE-2011-0091
MS11-013
CPAI-2011-010
High
Opera Browser Document Writing Uninitialized Memory Access
31-Jan-2011
CVE-2010-1728
CPAI-2011-100

More Updates >
Have questions about IPS?
Participate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?
» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its NGX products through SmartDefense subscriptions, and to Check Point Software Blades products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point's global Research and Response Centers. For more information, visit www.CheckPoint.com.

Read Check Point's Privacy Policy
©2003-2011 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065