Update Protection against Microsoft Windows DNS Server RPC Management Interface Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2007-053 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Advisory (935964) | |
| Industry Reference(s): | CVE-2007-1748 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Server Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Storage Server | ||
| Vulnerability Description A buffer overflow vulnerability has been reported in the Microsoft Windows Domain Name System (DNS) Server services. The DNS server service is a component that provides name resolution services to a network. An attacker may exploit this vulnerability to execute arbitrary code on a target system via a specially crafted Remote Procedure Call (RPC) request. |
||
|
Vulnerability Details The vulnerability is due to a boundary error in the Microsoft Windows DNS service that fails to properly handle specially crafted RPC requests. A remote attacker can exploit this issue by specially crafting a malicious RPC request and sending it an affected system. Successful exploitation may allow execution of arbitrary code on a target system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block malformed RPC requests sent to the DNS server.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The Update released on April 22, 2007 includes the following protections:
Microsoft Universal Plug and Play Vulnerability (MS07-019) CPAI-2007-052
Microsoft Windows DNS Server RPC Vulnerability (CPAI-2007-053)
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence and select MS-RPC.
2. In the configuration pane, under Settings, select the following:
Enforce MS-RPC Protections on all TCP Ports
3. Under MS-RPC, click MS-RPC over CIFS > Block DNS Server RPC Management Vulnerability.
4. In the configuration pane, under Settings > Mode, check Active.
5. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: MS-RPC Enforcement Violation
Attack Information: DNS server RPC management vulnerability detected
VPN-1 NGX R61, R60 & VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network? Block DNS Server RPC Management Vulnerability
1. In the SmartDefense tree, click Application Intelligence and select MS-RPC.
2. In the configuration pane, select the following:
Enforce MS-RPC Protections on all TCP Ports
3. Under MS-RPC, click MS-RPC over CIFS and select the following:
4. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: MS-RPC Enforcement Violation
Attack Information: DNS server RPC management vulnerability detected
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network? Block DNS Server RPC Management Vulnerability
1. In the SmartDefense tree, click Application Intelligence and select MS-RPC.
2. In the configuration pane, select the following:
Enforce MS-RPC Protections on all TCP Ports
3. Under MS-RPC, click MS-RPC over CIFS and select the following:
4. Install policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99460 will appear on the SmartView Tracker.
VPN-1 VSX NGX
How Can I Protect My Network? Block DNS Server RPC Management Vulnerability
1. In the SmartDefense tree, click Application Intelligence and select MS-RPC.
2. In the configuration pane, select the following:
Enforce MS-RPC Protections on all TCP Ports
3. Under MS-RPC, click MS-RPC over CIFS and select the following:
4. Install policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99460 will appear on the SmartView Tracker.
InterSpect NGX
How Can I Protect My Network?
1. In the lefthand menu, click Profiles > Default Protection > SmartDefense. The SmartDefense page opens.
2. In the SmartDefense tree, click Application Intelligence > MS-RPC.
3. In the configuration pane, select the following:
Enforce MS-RPC Protections on all TCP Ports
4. Under MS-RPC, click MS-RPC over CIFS and enable the following protection:
Block DNS Server RPC Management Vulnerability
5. Install security policy.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: MS-RPC Enforcement Violation
Attack Information: DNS server RPC management vulnerability detected
InterSpect 2.0
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence and select RPC.
2. In the configuration pane, select the following:
Enforce MS-RPC Protections on all TCP Ports
3. Under RPC, click MS-RPC over CIFS and select the following:
Block DNS Server RPC Management Vulnerability
4. Install security policy.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: MS-RPC Enforcement Violation
Attack Information: DNS server RPC management vulnerability detected