Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Breaking News Archive

 

  • 14-Jun-2013: June 2013's monthly product update rollup from Microsoft includes one Critical and four Important updates that affect Internet Explorer, Windows, and Office. The IE update addresses nineteen vulnerabilities in the browser; Windows gets two kernel-mode issues fixed; a privilege escalation vulnerability in the Windows Print Spooler is fixed; and a remote code execution issue in Office is addressed. Learn More.
  • 12-Apr-2013: Microsoft's update rollup for April fixes a critical remote code execution vulnerability in the Remote Desktop Client, a denial of service issue in Active Directory's LDAP functionality, as well as several other issues in Internet Explorer, Office, and other Microsoft applications. Learn More.
  • 12-Feb-2013: The February Microsoft product update set includes fixes for multiple "use after free" critical vulnerabilities in Internet Explorer, as well as security patches for several other Microsoft products. Learn More.
  • 11-Jan-2013: Microsoft's first patch rollup of the new year brings updates for Windows Print Spooler, XML Core Services, System Center Operations Manager, and the .NET framework, as well as fixes for a kernel-mode driver issue and an SSL/TLS protocol negotiation vulnerability. As of today, Microsoft has still not issued a fix for the previously reported zero-day issue in Internet Explorer, so Check Point customers should ensure that the IPS protection for that vulnerability is installed and enabled. Learn More.
  • 02-Jan-2013: A zero day remote code execution vulnerability has been disclosed in Microsoft's Internet Explorer (versions 6, 7, and 8). Microsoft has issued a bulletin that describes the issue,and has also created a "Fix It" solution for end users that will prevent exploitation of the vulnerability. Check Point's IPS Software Blade protects all Windows systems against this exploit at the network level in the latest IPS update. Learn More.
  • 06-Dec-2012: Check Point security evangelist Tomer Teller presents his view of the top security threats that will be faced in 2013 in a recent Forbes article. Learn More.
  • 05-Dec-2012: Check Point and Versafe, a private and independent vendor of online fraud prevention solutions, jointly published a detailed case study today that details the "Eurograbber" malware attack, which has resulted in more than 36 million Euros being stolen from approximately 30,000 corporate and personal bank accounts across Europe. Learn More.
  • 14-Nov-2012: Microsoft's November Security Bulletin Summary includes six vulnerability bulletins affecting Windows, Excel, Internet Explorer, the .NET framework, and IIS. Learn More.
  • 11-Oct-2012: Microsoft's product update set for October includes fixes for one vulnerability in Word that is marked as Critical in severity. Several other updates address Important vulnerabilities in Word, Works, and SQL Server. In addition, Adobe has issued updates for Acrobat and Reader that address a Critical remote code execution vulnerability. Learn More.
  • 12-Sep-2012: Microsoft has released an update for Windows that changes the minimum acceptable key length for certificates used in Public Key Infrastructure (PKI) to 1024 bits. This update can be downloaded and evaluated now. It will be distributed to all supported versions of Windows via Microsoft Update on October 9, 2012. Learn More.
  • 11-Sep-2012: September brings the smallest set of Microsoft monthly updates in recent memory, with only two patches issued for non-critical cross-site scripting vulnerabilities in Visual Studio and System Center Configuration Manager. The Check Point IPS Software Blade provides protection against both issues, as well as the recent and far more serious vulnerabilities discovered in the Java programming environment. IPS protections were also issued for two remote code execution vulnerabilities in Apple's Quicktime media player. Learn More.
  • 14-Aug-2012: Five critical and four Important security bulletins were released today by Microsoft as detailed in their August Security Bulletin Summary. Affected products are Microsoft Windows, Internet Explorer, Remote Desktop, Exchange Server, JavaScript, VBScript, Office, and Visio. Learn More.
  • 10-Jul-2012: The July 2012 Microsoft Security Bulletin Summary details three Critical and six Important security vulnerabilities affecting Microsoft Windows, Internet Explorer, Visual Basic for Applications, and Office. Learn More.
  • 12-Jun-2012: Microsoft's June 2012 "Patch Tuesday" includes security bulletins for 11 issues in Internet Explorer, as well as vulnerabilities in Visio, .NET, Microsoft Dynamics AX Enterprise Portal, and XML Core Services. Check Point provides immediate network protection for unpatched against these issues. Learn More.
  • 30-May-2012: A sophisticated malware suite known as "Flame" has recently been discovered that can propagate via network shares and removable devices, and then collect data from an infected machine including keyboard activity and network traffic, as well as audio and video. The Check Point IPS Software Blade provides immediate network protection against Flame. Learn More.
  • 08-May-2012: The month of May brings seven Microsoft security bulletins, with three being ranked Critical and the remaining four being Important. These address 23 issues in Windows, Office, Silverlight, and the .NET framework. Learn More.
  • 11-Apr-2012: Microsoft's set of patches for April includes several fixes for security vulnerabilities in its products. One of these issues, which is in the ActiveX applications framework, has been exploited in the wild; it affects several versions of Office, SQL Server, Visual FoxPro, Visual Basic, BizTalk Server, and Commerce Server. The Check Point IPS Software Blade protects unpatched systems against this and other vulnerabilities announced by Microsoft and Adobe. Learn More.
  • 14-Feb-2012: Microsoft's monthly patch rollup includes nine security bulletins that address 21 vulnerabilities in their products. Four of the bulletins are marked Critical and five are marked Important. Affected products include Windows, Internet Explorer, SharePoint, .NET, Silverlight, and the Indeo codec. Learn More.
  • 10-Jan-2012: Microsoft's January 2012 product patch rollup is a relatively small one, with one Critical and five Important issues being fixed in Windows and the Anti-Cross Site Scripting Library. Learn More.
  • 13-Dec-2011: Microsoft has released 13 Security Bulletins for December 2011. Three of these are considered Critical vulnerabilities, with the remainder being marked Important. The following products are affected: Windows, Windows Media Player and Media Center, Internet Explorer, Office, Publisher, PowerPoint, and Excel. Learn More.
  • 08-Nov-2011: A vulnerability in Microsoft Windows' TrueType font rendering engine is being exploited in the wild by the malware known as "Duqu". As of November 8, Microsoft has not announced availability of a patch that addresses the issue. In the meantime, the Check Point IPS Software Blade provides protection against this vulnerability at the network level. Learn More.
  • 11-Oct-2011: Microsoft's October patch rollup includes security updates for Windows, Internet Explorer, Forefront Unified Access Gateway, the .NET framework, and Silverlight. Learn More.
  • 13-Sep-2011: Microsoft releases its September 2011 Security Bulletins, all ranked Important. These address 15 vulnerabilities in Microsoft Excel, Microsoft Office, Microsoft SharePoint, Windows Components and Microsoft's Windows Internet naming service (WINS). Check Point IPS Services provide immediate coverage.      Learn More.
  • 08-Sep-2011: The Dutch SSL certificate vendor DigiNotar suffered a breach of its critical systems in July, resulting in the attackers successfully forging over 500 SSL certificates including google.com, yahoo.com, addons.mozilla.org, and torproject.org. The total number of forged certificates is unknown. Click on Learn More to read more details and analysis, as well as some immediate actions that may be required for your systems and network. Learn More.
  • 06-Sep-2011: The recently discovered "Morto" worm, which is already active in the wild, attacks Microsoft Windows systems that have the Remote Desktop Protocol enabled. The worm uses a list of weak and common passwords in attempts to log in to a targeted system via RDP. Check Point's IPS protects networks against Morto by blocking repeated login attempts from a single client in a short period of time. Learn More.
  • 01-Sep-2011: The Check Point IPS Software Blade provides preemptive protection against a critical issue in the Apache HTTP server that can be exploited to create a denial of service to the server. This vulnerability is already being exploited in the wild. Learn More.
  • 9-Aug-2011: Microsoft has released 13 security updates, two of which are ranked as Critical and nine marked as Important. These address 22 vulnerabilities in Windows, Internet Explorer, the .NET Framework, and Microsoft Developer Tools. Learn More.
  • 12-Jul-2011: Microsoft released one Critical and three Important security bulletins today that address vulnerabilities in Microsoft Windows and Microsoft Office Visio 2003. Learn More.
  • 06-Jul-2011: The latest "TDLv4" version of the TDSS rootkit malware has infected over 4.5M systems thus far in 2011. Check Point's IPS Software Blade provides immediate network protection against this trojan virus in the latest IPS update. Learn More.
  • 14-Jun-2011: Microsoft released 16 security bulletins today, nine of which are Critical, and six rated Important. These affect a number of Microsoft products including Windows, Office, Internet Explorer, SQL Server, Silverlight, Visual Studio, and the .NET Framework. Learn More.
  • 17-May-2011: Adobe has announced several vulnerabilities in their Flash Player product, all of which could allow a remote attacker to take control of a targeted system. Check Point provides immediate response. Learn More.
  • 10-May-2011: Microsoft's May security update includes a Critical security bulletin addressing a vulnerability in Windows' WINS service, as well as an Important bulletin addressing two vulnerabilities in Microsoft Office. Check Point provides same-day network protection against these issues. Learn More.
  • 05-May-2011: Microsoft has provided its advance notification on the release of a Critical security bulletin addressing a vulnerability in Windows and an Important bulletin addressing two vulnerabilities in Microsoft Office. Microsoft has also announced  an improved Exploitability Index starting this Tuesday. Read more about the values of the these improvements in this MSRC blog post. Learn More.
  • 21-Apr-2011: A critical vulnerability has been identified in Adobe Flash Player 10.2.153.1 and earlier versions. The vulnerability (CVE-2011-0611), as referenced in Security Advisory APSA11-02, could cause a crash and potentially allow an attacker to take control of the affected system. The vulnerability is being exploited in the wild in targeted attacks via a malicious Web page, or a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment. Check Point provides immediate protection against this issue. Learn More.
  • 12-Apr-2011: Microsoft released 17 security bulletins, nine of which are Critical, and eight rated Important. The release addresses 64 unique vulnerabilities in a number of Microsoft products including Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, SMB, .NET Framework and GDI+. Check Point provides immediate response to all network IPS vulnerabilities. Learn More.
  • 05-Apr-2011: A so-called "mass-injection" attack dubbed LizaMoon has managed to insert malicious code into websites by gaining access to the servers running the databases behind the Internet. Check Point users are preemptively protected against the LizaMoon attack with Check Point's SQL Injection protection. Learn More.
  • 24-Mar-2011: A remote attack on an affiliate of Comodo, a major issuer of SSL certificates, resulted in nine fraudulent digital certificates being acquired by the attacker for sites such as Google, Yahoo, and Skype. These certificates may be used by malicious parties to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all web browsers. Check Point provides immediate protection. Learn More.
  • 14-Mar-2011: Check Point provides immediate protection against a critical zero-day vulnerability in Adobe Flash Player, Acrobat, and Reader. There are reports that the vulnerability is being exploited in the wild via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment. Learn More.
  • 08-Mar-2011: Check Point provides same-day updates to Microsoft bulletins. For more info, view Check Point Security Advisory. Learn More.
  • 04-Mar-2011: Microsoft plans to ship three security updates on Tuesday to patch four vulnerabilities in Windows and its Office Groove 2007 collaboration software. According to the advance notification issued today for next week's Patch Tuesday, all the vulnerabilities can be exploited by attackers to hijack a personal computer or server and later infect those systems with malicious code. Learn More.
  • 23-Feb-2011: Check Point IPS provides network protection for several critical Adobe vulnerabilities, released in two Security Bulletins (APSB011-02; APSB11-03) and addressing vulnerabilities in Adobe Flash, Acrobat and Reader. Learn More.
  • 16-Feb-2011: A zero-day vulnerability has been identified in the Microsoft Windows SMB driver. The vulnerability could be exploited by remote attackers to crash an affected system or potentially execute arbitrary code with elevated privileges. Exploit code is publicly available. The Check Point IPS Software Blade and SmartDefense provide network protection against these vulnerabilities in the latest IPS update.  Learn More.
  • 08-Feb-2011: Microsoft today published 12 bulletins addressing 22 vulnerabilities in Microsoft Windows, Office, Internet Explorer, and IIS (Internet Information Services). The release also includes patches for three zero-day vulnerabilities Microsoft published Security Advisories for back in December and January. Check Point provides immediate protection against all NIPS vulnerabilities. Learn More.
  • 31-Jan-2011: Check Point IPS Update Service has provided an immediate protection against an information disclosure vulnerability reported in Microsoft Windows MHTML protocol. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites. Learn More.
  • 25-Jan-2011: Check Point released today protections against two Microsoft zero-days: A protection against a denial of service vulnerability in the way Microsoft Internet Explorer parses HTML pages (CVE-2009-2655) and a protection against a new attack vector related to the previously announced vulnerability in Microsoft Graphics Rendering engine (CVE-2010-3970). Learn More.
  • 11-Jan-2011: Check Point has provided immediate response to the two Network IPS vulnerabilities included with Microsoft January update. For more information, visit Microsoft Security Page and read Check Point Security Advisory. Learn More.
  • 07-Jan-2011: Microsoft today announced it would release two security updates next week to patch three vulnerabilities in Windows. Microsoft is not scheduled to patch either of the vulnerabilities that the company recently acknowledged and issued security advisories for, including  a critical bug in all versions of IE, and a serious flaw in Windows XP, Vista, Server 2003 and Server 2008. Learn More.
  • 30-Dec-2010: A remote unpatched code execution vulnerability (CVE-2010-3973) has been reported in the Microsoft WMI Administrative Tools ActiveX control.  Check Point IPS Software Blade and SmartDefense ahve provided immediate protection against this vulnerability. Learn More.
  • 27-Dec-2010: Check Point has provided protection against a 0-day vulnerability in Internet Explorer that could allow remote code execution. The vulnerability (Microsoft Security Advisory 2488013, CVE-2010-3971) is due to the creation of uninitialized memory during a CSS function within Internet Explorer. A remote attacker could exploit this issue by convincing a user to visit a specially crafted HTML document or open a malicious Web page. Learn More.
  • 26-Dec-2010: Check Point has provided preemptive protection against a vulnerability reported within the Microsoft Internet Information Services (IIS) FTP Service.  Users have been protected since March of 2006. Learn More.
  • 16-Dec-2010: Check Point has responded to CERT-FI announcement, following a report made by Stonesoft Corporation, a security company based in Finland. StoneSoft has reported 23 techniques for evading IPS/IDS detection to the CERT-FI organization. read more about Check Point solution. Learn More.
  • 14-Dec-2010: Microsoft has released a mega patch today with 17 bulletins addressing 38 vulnerabilities, covering Windows, Internet Explorer, Microsoft Office, and Publisher. Learn More.
  • 09-Dec-2010: Microsoft is intending to release a mega patch this coming Tuesday with 17 bulletins addressing 38 vulnerabilities. These vulnerabilities cover Windows, Internet Explorer, Microsoft Office, and Publisher. Learn More.
  • 25-Nov-2010: Today Check Point has provided protection against a critical vulnerability affecting Adobe Flash Media Server (CVE-2010-3634). A remote attacker could use this issue to create a denial of service condition and crash the vulnerable application. Learn More.
  • 16-Nov-2010: Today Adobe has posted APSB10-28 regarding security releases for Adobe Reader and Acrobat.  The updates address critical security issues in the products, including a patch for CVE-2010-3654 addressed in CPAI-2010-304 in November 1st and CVE-2010-4091 addressed in CPAI-2010-316. Check Point has also addressed CVE-2010-3976 vulnerability referenced in APSB10-26. Learn More.
  • 09-Nov-2010: Microsoft delivered 3 bulletins addressing 11 vulnerabilities. One of the bulletins has a Critical severity rating, while the other two are rated Important. These vulnerabilities cover Microsoft Office and the Unified Access Gateway (UAG), which is a component of Microsoft Forefront. See the November Check Point Monthly Bulletin for the Check Point protections available. Learn More.
  • 07-Nov-2010: A memory corruption vulnerability (CVE-2010-3962) has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. As of November 7, 2010 Microsoft has not announced a patch for this vulnerability. However, Check Point IPS Software Blade and NGX SmartDefense provide immediate network protection in the latest IPS update by detecting and blocking attempts to exploit this issue. Learn More.
  • 01-Nov-2010: A critical remote code execution vulnerability (APSA10-05) has been reported in the way Adobe Flash Player parses Flash content inside Acrobat Portable Document Format (PDF) files. A remote attacker may exploit this vulnerability to take complete control of the affected system. Check Point R70/71 IPS Software Blade provides immediate protection by detecting and blocking PDF files that contain malformed Flash content. Learn More.
  • 28-Oct-2010: Adobe has released a security advisory that details several critical vulnerabilities in Shockwave Player, four of which were discovered by the Check Point IPS Research Team.  A remote attacker can exploit these issues via specially crafted DIR files and potentially take complete control of an affected system. Check Point R70/71 IPS Software Blade provides immediate protection of unpatched systems by detecting malformed Adobe DIR files and blocking their transfer over HTTP. Learn More.
  • 27-Oct-2010: Check Point IPS Research Team has provided a protection against a memory corruption vulnerability identified in Adobe Shockwave Player (CVE-2010-3653). Shockwave Player is a multimedia application that allows animated content created in Adobe Director to viewed in a web browser that has the Shockwave plug-in installed. An attacker can exploit this issue via a specially crafted DIR file to take complete control of an affected system. The protection detects and blocks transferring of malformed Adobe DIR files over HTTP. Learn More.
  • 15-Oct-2010: A remote code execution vulnerability has been discovered by the Check Point IPS Research Team in the mshtml.dll component that is part of Microsoft Internet Explorer. This component is used by IE and other applications to render HTML content. A remote attacker could exploit this issue by convincing a user to access a maliciously crafted Word document, subsequently allowing remote code execution. Check Point IPS Software Blade , IPS-1, and NGX SmartDefense provide network protection in the latest IPS update by detecting and blocking attempts to exploit this vulnerability. Learn More.
  • 12-Oct-2010: Microsoft delivered 16 bulletins addressing 49 vulnerabilities. These vulnerabilities cover Windows, Internet Explorer, Microsoft Office, and the .NET Framework. Four of the bulletins carry a Critical rating, ten are Important and two are Moderate. The vulnerability described at CVE-2010-3331 was discovered by the Check Point IPS Research Team. See the October Check Point Monthly Bulletin for the Check Point protections available. Learn More.
  • 06-Oct-2010: Microsoft has released its Advance Notification for the October Security Bulletins, which are scheduled for release Tuesday, October 12, 2010. This month Microsoft will be releasing 16 bulletins addressing 49 vulnerabilities. These vulnerabilities cover Windows, Internet Explorer, Microsoft Office, and the .NET Framework. Four of the bulletins carry a Critical rating, ten are Important and two are Moderate.  Learn More.
  • 19-Sep-2010: Microsoft has released an advisory addressing an unpatched vulnerability in ASP.NET. ASP.Net uses encryption to hide sensitive data and protect it from tampering by the client. A vulnerability in the ASP.Net encryption implementation can allow an attacker to decrypt and tamper with this data. Check Point IPS Software Blade, IPS-1, and SmartDefense provide immediate protection against this vulnerability.
    30-Sep-2010 Update: An out-of-cycle patch has been released by Microsoft, as detailed in Security Bulletin MS10-070. Learn More.
  • 13-Sep-2010: Thousands of systems worldwide have been infected with an email-borne worm known by several names, including VBMania and Win32/Visal.B. The worm spreads both via mass emailing itself via users’ and corporate address books, and by copying itself to local and network shared drives. Check Point customers using the AV Software Blade are already protected against this worm as of September 9th .
    16-Sep-2010 Update: Check Point has provided immediate IPS protection.   Learn More.
  • 12-Sep-2010: Adobe has released a zero-day advisory (APSA10-02) addressing a critical vulnerability discovered in the cooltype.dll component of the Reader and Acrobat products. This flaw can allow attackers to execute arbitrary code on an affected machine via a maliciously crafted PDF document file. The Check Point R70/71 IPS Software Blade provides protection for unpatched systems by detecting and blocking transferal of specially crafted PDF files over HTTP. Learn More.
  • 01-Sep-2010: The Check Point IPS Research team has discovered a vulnerability in the CoreGraphics framework used by Mac OS X to render PDF files. A maliciously crafted PDF can cause an unexpected application termination or arbitrary code execution, allowing an attacker to take complete control of the affected system. The Check Point R70/71 IPS Software Blade provides protection against this flaw for unpatched systems. Learn More.
  • 25-Aug-2010: Adobe has released a patch that addresses several vulnerabilities in the Shockwave Player application, six of which were discovered by the Check Point IPS Research Team. Some of the flaws can allow attackers to create a denial of service condition in the browser hosting the Shockwave plugin, while others can allow execution of malicious code on the affected system. The Check Point R70/71 IPS Software Blade provides protection against these flaws for unpatched systems. Learn More.
  • 19-Aug-2010: Adobe has released an out-of-cycle patch for a vulnerability discovered in the cooltype.dll component of the Reader and Acrobat products. This flaw can allow attackers to execute arbitrary code on an affected machine via a maliciously crafted PDF document file. The Check Point R70/71 IPS Software Blade provides protection for unpatched systems by detecting and blocking transferal of specially crafted PDF files over HTTP. Learn More.
  • 12-Aug-2010: On August 10, Microsoft patched a critical SSL/TLS vulnerability in Windows, six months after publicly disclosing that Windows was vulnerable to this exploit. Fortunately, Check Point integrated IPS products IPS Software Blade and SmartDefense have provided protection against this vulnerability since November 2009. Learn More.
  • 11-Aug-2010: The Check Point IPS Research Team has discovered a memory corruption vulnerability in Microsoft Word. A remote attacker can leverage this vulnerability by using maliciously crafted Word and Rich Text Format files to take complete control of an affected system. Learn More.
  • 10-Aug-2010: Microsoft delivered 15 security updates and patched 32 vulnerabilities in Windows, Internet Explorer (IE), Office and Silverlight. Nine of the updates are rated Critical and six are rated Important. See the August Check Point Monthly Bulletin for the Check Point protections available. Learn More.
  • 05-Aug-2010: Microsoft announced it will deliver 14 security updates next week to patch a record-tying 34 vulnerabilities in Windows, Internet Explorer (IE), Office and Silverlight. Eight of the updates are rated Critical and six are rated Important. Subscribe for more news on this update in the Check Point Monthly Bulletin on August 10th. Learn More.
  • 19-Jul-2010: Check Point integrated IPS products SmartDefense and the IPS Software Blade provide protection against a critical vulnerability affecting Microsoft Windows. Microsoft Windows fails to properly obtain icons for LNK files. A specially-crafted LNK file can cause Microsoft Windows to automatically execute code that is specified by the shortcut file. Exploit code for this vulnerability is publicly available. Learn More.
  • 14-Jul-2010: The Check Point IPS Research Team has discovered a critical heap overflow vulnerability in the ToolTalk database server within several systems. A remote attacker can leverage this vulnerability by sending a crafted database message to the target host, to potentially inject and execute arbitrary code. Learn More.
  • 13-Jul-2010: The Microsoft July Security Update included 4 bulletins to address 5 vulnerabilities in Windows and Office, including two 0-days published in June and May. Three of the four updates were rated Critical with a fourth rated Important.Check Point IPS products provide protections from attempts to exploit these vulnerabilities providing defenses before vendor patches are applied throughout your network. Learn More.
  • 09-Jul-2010: Microsoft released its monthly advance notification, saying it will release four security updates to patch five vulnerabilities in Windows and Office, including two 0-days published in June and May. Three of the four updates will be rated Critical with a fourth rated Important. Learn More.
  • 30-Jun-2010: Adobe released a security update to address critical vulnerabilities in Adobe Reader and Adobe Acrobat 9.3.2 and earlier versions. These vulnerabilities, including CVE-2010-1297 referenced in the Check Point June 7th Security Alert, could cause the application to crash and could potentially allow an attacker to take control of the affected system. Learn More.
  • 13-Jun-2010: Check Point integrated IPS products SmartDefense and the IPS Software Blade provide protection against a vulnerability affecting Microsoft Help and Support Center. Microsoft Help and Support Center contains a programming error that may allow a remote attacker to bypass security restrictions and execute remote code on the affected system. Learn More.
  • 08-Jun-2010: The Microsoft June Security Update includes 10 bulletins to address 34 vulnerabilities in Windows, Microsoft Office, Internet Explorer and Internet Information Services (IIS). Check Point IPS products provide protections from attempts to exploit these vulnerabilities providing defenses before vendor patches are applied throughout your network. Learn More.
  • 07-Jun-2010: Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products. The vulnerability, described as critical, affects the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. A remote attacker may exploit this vulnerability to take complete control of an affected system.  Learn More.
  • 20-May-2010: IPS Research Team has discovered a critical Syslog format string vulnerability in the rpc.pcnfsd service within several systems. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. Check Point Research and Response Centers conduct original research on network, protocol and application vulnerabilities. Learn More.
  • 11-May-2010: The Microsoft May Security Update includes two bulletins, MS10-030 and MS10-031, to address two vulnerabilities in Windows and Microsoft Office, both rated Critical. Check Point IPS products provide protections from attempts to exploit these vulnerabilities providing defenses before vendor patches are applied throughout your network. Learn More.
  • 05-May-2010: An R70 and R71 protection specifically for detection of the new zero-day Microsoft SharePoint Cross Site Scripting vulnerability is available. See Microsoft Security Advisory 983438. This vulnerability was first identified by High-Tech Bridge: HTB22350. To generically protect against other Cross-Site Scripting attacks in R70/R71 Software Blades and earlier NGX versions see Security Best Practice SBP-2010-18, which addresses the Cross-Site Scripting protection that has been available since early 2005. Learn More.
  • 29-Apr-2010: A new Cross Site Scripting vulnerability in SharePoint, High-Tech Bridge: HTB22350, was made public today with proof-of-concept code available. Following the publication, Microsoft issued a Security Advisory. Today Check Point has issued a preemptive advisory, CPAI-2010-074, using a protection against these XSS vulnerabilities that has been available since 2005.
    Learn More.
  • 27-Apr-2010: Microsoft's re-release of MS10-025 is ready. On April 21st after it received several reports that the patch did not protect against the vulnerability effectively Microsoft pulled this security update for Windows 2000 Server customers with Windows Media Services installed. Check Point users are advised to download the IPS update and patch their systems. Learn More.
  • 21-Apr-2010: Microsoft pulled its MS10-025 update on Wednesday, April 21 after it received several reports that it did not protect against the vulnerability effectively. MS10-025 is a security update that only affects Windows 2000 Server customers who have installed Windows Media Services (this is a non-default configuration). Microsoft is targeting a re-release of the update for next week. Check Point users are advised to download the IPS update and patch their systems once the patch is out.
    Learn More.