Update Protection against Microsoft Universal Plug and Play Remote Code Execution Vulnerability (MS07-019)
| Check Point Reference: | CPAI-2007-052 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS07-019 | |
| Industry Reference(s): | CVE-2007-1204 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows XP SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional x64 Edition SP2 | ||
| Vulnerability Description The Universal Plug and Play (UPnP) service in Microsoft Windows is vulnerable to remote code execution. UPnP is a set of computer network protocols that extends Plug and Play to allow computers and devices to configure network services automatically. A remote attacker may exploit this issue to cause a denial of service condition or execute arbitrary code on a vulnerable system via a specially crafted HTTP request. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS07-019 |
|
|
Vulnerability Details The vulnerability is due to a buffer overflow in Microsoft Windows UPnP that fails to properly handle specially crafted HTTP requests. A remote attacker could specially craft a malicious HTTP request that will trigger memory corruption, creating a denial of service condition and allowing the attacker to execute arbitrary code on the target system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block the malicious HTTP requests.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The Update released on April 22, 2007 includes the following protections:
Microsoft Universal Plug and Play Vulnerability (MS07-019) CPAI-2007-052
Microsoft Windows DNS Server RPC Vulnerability (CPAI-2007-053)
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Microsoft Networks > Block UPnP Vulnerability (MS07-019).
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Microsoft UPnP Protection Violation
Attack Information: Microsoft UPnP vulnerability detected (MS07-019)
VPN-1 NGX R61, R60 & VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Microsoft Networks.
2. Select the following:
Block UPnP Vulnerability (MS07-019)
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Microsoft UPnP Protection Violation
Attack Information: Microsoft UPnP vulnerability detected (MS07-019)
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Microsoft Networks.
2. Select the following:
Block UPnP Vulnerability (MS07-019)
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99873 will appear on the SmartView Tracker.
VPN-1 VSX NGX
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Microsoft Networks.
2. Select the following:
Block UPnP Vulnerability (MS07-019)
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99873 will appear on the SmartView Tracker.
InterSpect NGX
How Can I Protect My Network?
1. In the lefthand menu, click Profiles > Default Protection > SmartDefense. The SmartDefense page opens.
2. In the SmartDefense tree, click Application Intelligence > Microsoft Networks and enable the following protection:
Block UPnP Vulnerability (MS07-019)
3. Install security policy.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Microsoft UPnP Protection Violation
Attack Information: Microsoft UPnP vulnerability detected (MS07-019)
InterSpect 2.0
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Microsoft Networks and enable the following protection:
Block UPnP Vulnerability (MS07-019)
2. Install security policy.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Microsoft UPnP Protection Violation
Attack Information: Microsoft UPnP vulnerability detected (MS07-019)