Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Microsoft JScript Remote Code Execution Vulnerability (MS06-023)

Subscribe

Check Point Reference: CPAI-2006-074
Date Published:
Severity:
Last Updated:
Source: Microsoft Security Bulletin MS06-023
Industry Reference(s): CVE-2006-1313
Protection Provided by: VPN-1
  • NGX R61
  • NGX R60
  • NG with Application Intelligence R55W
  • NG with Application Intelligence R55
VSX
  • NGX
InterSpect
  • NGX
  • 2.0 and 1.x
Who is Vulnerable?
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP SP1, SP2 
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Vulnerability Description
JScript is Microsoft's implementation of the ECMA 262 language specification (ECMAScript Edition 3). Microsoft JScript contains a memory corruption vulnerability. By convincing a user to visit a Web site or read an e-mail message containing a specially crafted JScript file, a remote attacker may be able to take complete control of an affected system.
Update/Patch Available
Apply patches:
http://www.microsoft.com/technet/security/bulletin/MS06-023.mspx
Vulnerability Details
The vulnerability is caused due to memory corruption error in Microsoft JScript when releasing certain objects early. To exploit this vulnerability, an attacker would have to entice a user to open an e-mail message or Web page containing a crafted JScript file.

Protection Overview
The update defends against the vulnerability by blocking the vulnerable JScript function. Depending on the traffic mix, applying this update may result in performance degradation.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
The Update released on July 5, 2006 includes the follwoing protections: 

Malformed SSH Init Message Protection (CPAI-2006-069)
Multiple IMAP Servers Directory Traversal Protection (CPAI-2006-070)
VNC Authentication Bypass Protection (CPAI-2006-071)
COM Object Instantiation Protection (MS06-013) - CPAI-2006-072
COM Object Instantiation Memory Corruption Vulnerability (MS06-021) - CPAI-2006-073
Microsoft JScript Remote Code Execution Protection (MS06-023) - CPAI-2006-074
Symantec Sygate SQL Injection Protection (CPAI-2006-075)
Horde Help Viewer Protection (CPAI-2006-076)
Virtual War (VWar) File Inclusion Protection (CPAI-2006-077)
AWStats Remote Command Execution Protection - CPAI-2006-078
Windows Media Player PNG Protection (MS06-024) - CPAI-2006-079
ART Image Rendering Protection (MS06-022) - CPAI-2006-080
MySQL Server str_to_date DoS Protection (CPAI-2006-081)
Enhanced Protection against AWStats "migrate" Shell Command Injection (CPAI-2006-053)
Additional Logs added to the FTP patterns engine (CPAI-2006-040)

VPN-1 NGX R61

How Can I Protect My Network?
1. Update SmartDefense: Click the SmartDefense Services tab, in the left pane click Download Updates and then click the Online Update button.
2. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer.
3. In the Microsoft Internet Explorer configuration pane, select

Block Microsoft JScript Remote Code Execution Vulnerability (MS06-023)

4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Internet Explorer - Microsoft JScript Remote Code Execution Vulnerability (MS06-023)

VPN-1 NGX R60, VPN-1 NG with Application Intelligence R55W

How Can I Protect My Network?

1. Update SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer.
3. In the Microsoft Internet Explorer configuration pane, click

Block Microsoft JScript Remote Code Execution Vulnerability (MS06-023)

4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Internet Explorer - Block Microsoft JScript Remote Code Execution Vulnerability (MS06-023)

VPN-1 NG with Application Intelligence R55

How Can I Protect My Network?
1. Update SmartDefense by clicking Update Now in the SmartDashboard General window.
2. In the SmartDefense tree, click Application Intelligence > Web > HTTP Client Protections and then click Microsoft Internet Explorer.
3. In the Microsoft Internet Explorer configuration page, select

Block Microsoft JScript Remote Code Execution Vulnerability (MS06-023)

4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
Rule #99817 will appear on the SmartView Tracker.

VPN-1 VSX NGX

How Can I Protect My Network?
1. Update SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer.
3. In the Microsoft Internet Explorer configuration pane, click

Block Microsoft JScript Remote Code Execution Vulnerability (MS06-023)

4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log rule #99817. 

InterSpect NGX

How Can I Protect My Network?
1. Update SmartDefense: In the left pane from the drop-down list, select Profiles > SmartDefense Service and click the Online Update button.
2.In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
3. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer.
4. In the Microsoft Internet Explorer configuration pane, select

Block Microsoft JScript Remote Code Execution Vulnerability (MS06-023)

5. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Internet Explorer - Microsoft JScript Remote Code Execution Vulnerability (MS06-023)

InterSpect 2.0

How Can I Protect My Network?
1. Update SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the SmartDefense tree, click Application Intelligence > Web > HTTP Client Protections and then click Microsoft Internet Explorer.
3. In the Microsoft Internet Explorer, select

Microsoft JScript Remote Code Execution Vulnerability (MS06-023)

4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Internet Explorer - Microsoft JScript Remote Code Execution Vulnerability (MS06-023)