Update Protection against Microsoft Windows Kernel NULL Pointer Dereferencing Vulnerability (MS09-058)
| Check Point Reference: | CPAI-2009-234 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS09-058 | |
| Industry Reference(s): | CVE-2009-2516 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Microsoft Windows 2000 SP4 Windows XP SP2 Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 Windows Server 2003 x64 Edition SP2 Windows Server 2003 with SP2 (Itanium) Windows Vista Windows Vista SP1 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Server 2008 for 32-bit Systems Windows Server 2008 for x64-based Systems Windows Server 2008 (Itanium) | ||
| Vulnerability Description An elevation of privilege vulnerability has been discovered in the Windows kernel. The Windows kernel is the core of the operating system. It provides system level services, allocates processor time to processes, and manages error handling. Successful exploitation of this vulnerability may allow execution of arbitrary code on an affected system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS09-058 |
|
|
Vulnerability Details The vulnerability is due to an error in the Windows kernel that fails to properly validate certain data passed from user mode. A remote attacker may trigger this issue by convincing a user to open a specially crafted PE file. By persuading a user to open a specially crafted PE file, an attacker could take complete control of an affected system. |
Protection Overview
This protection will detect and block the transferring of malformed Windows executable (PE) files over HTTP.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.