Zero-Day Microsoft Server Service Vulnerability
Check Point SmartDefense® Services protects customers using VPN-1® NGX R65 and R62, VSX NGX R65, and IPS-1 NGX R65 from a new Microsoft Server Service zero-day exploit. SmartDefense Services subscribers can gain immediate protection against the vulnerability well before deploying the patch provided by Microsoft.
The vulnerability (CVE-2008-4250) was announced October 23, 2008 in a special, out-of-band, Microsoft Security Bulletin MS08-067 and affects users of Microsoft Windows based desktops, laptops, and servers (for a full list of vulnerable products visit: www.microsoft.com/technet/security/Bulletin/MS08-067.mspx). When exploited, the vulnerability allows a hacker to execute arbitrary code on a target system.
The Windows Server service improperly handles specially crafted Remote Procedure Call (RPC) requests. A remote unauthenticated attacker could exploit the issue by creating a malicious RPC request and sending it to a vulnerable system, granting the attacker complete control of the system. The vulnerability could potentially be used to create an exploit that will propagate as a worm.
SmartDefense Protections are available immediately for this vulnerability. See CPAI-2008-158.