Threats & Security Updates

Breaking News

19-Jul-2010: Check Point integrated IPS products SmartDefense and the IPS Software Blade provide protection against a critical vulnerability affecting Microsoft Windows. Microsoft Windows fails to properly obtain icons for LNK files. A specially-crafted LNK file can cause Microsoft Windows to automatically execute code that is specified by the shortcut file. Exploit code for this vulnerability is publicly available.

Top Protections

Overview
Latest Protections
Best Practices
Product Updates
MS Security

Check Point Update Services Overview

In a constantly changing threat environment, defenses must evolve with or ahead of threats. Check Point Update Services provide real-time defense updates and configuration advice for IPS, URL Filtering, Antivirus & Anti-Malware, Anti-Spam & Email Security Security Service Software Blades. Also covered by Update Services are SmartDefense in NGX VPN-1, VSX, IPS-1, Connectra, Endpoint Security On Demand, and Endpoint Security products.

Key Benefits

Pre-emptive Protection - Keep your defenses current between your regularly-scheduled product upgrades and security patches.
Easy Management - Update your whole system in minutes. Each update comes with full configuration instructions and information about the associated threat.
IPS, Web security, Antivirus, Anti-Malware, Web filtering, and Anti-Spam protection - Get the latest signatures and detection methods.
Program Advisor - Update Check Point Endpoint Security with recommendations for application control for your endpoint computers.
24x7 Threat Coverage - Check Point Security products are supported by multiple Check Point Research and Response Centers around the globe.

Latest Protections

Date	Check Point Reference	Industry Reference	Description
	CPAI-2010-222		Update Protection against HP Intelligent Management Center Reporting Information Disclosure Vulnerability
	CPAI-2010-221	CVE-2010-2568	Update Protection against Microsoft Windows Shell LNK File Remote Code Execution Vulnerability
	CPAI-2010-220	CVE-2010-0083	Update Protection against ToolTalk rpc.ttdbserverd Database Parser Heap Overflow Vulnerability
Updated	CPAI-2010-219	CVE-2010-1881	Update Protections against Microsoft Office Access ACCWIZ.dll Uninitialized Variable Remote Code Execution Vulnerability (MS10-044)
Updated	CPAI-2010-218	CVE-2010-0266	Update Protection against Microsoft Outlook AttachMethods Remote Code Execution Vulnerability (MS10-045)
Updated	CPAI-2010-217	CVE-2010-0814	Update Protection against Microsoft Internet Explorer Access ActiveX Controls Remote Code Execution Vulnerability (MS10-044)
	CPAI-2010-216	CVE-2008-2540	Update Protection against Apple Safari for Windows and Internet Explorer Combined Code Execution Vulnerability
	CPAI-2010-215	CVE-2010-1939	Update Protection against Apple Safari parent.close Code Execution Vulnerability
	CPAI-2010-214	CVE-2010-1119	Update Protection against Apple Safari Webkit Attribute Child Removal Code Execution Vulnerability
	CPAI-2010-211	CVE-2010-1240	Update Protection against Adobe Reader and Acrobat Launch Action Command Code Execution Vulnerability (APSB10-15)
Updated	CPAI-2010-213	CVE-2010-1296	Update Protection against Adobe Photoshop CS4 ABR File Processing Buffer Overflow Vulnerability (APSB10-13)
	CPAI-2010-134	CVE-2009-3548	Preemptive Protection against HP Performance Manager Apache Tomcat Policy Bypass
	CPAI-2010-139	CVE-2007-2281	Update Protection against HP OpenView Storage Data Protector Cell Manager Heap Buffer Overflow
Updated	CPAI-2010-138	CVE-2010-1551	Update Protection against HP OpenView Network Node Manager netmon.exe Stack Buffer Overflow Vulnerability
Updated	CPAI-2010-137	CVE-2010-1553	Update Protection against HP OpenView NNM getnnmdata.exe CGI MaxAge Parameter Buffer Overflow Vulnerability
Updated	CPAI-2010-136	CVE-2010-1554	Update Protection against HP OpenView NNM getnnmdata.exe CGI ICount Parameter Buffer Overflow Vulnerability
Updated	CPAI-2010-135	CVE-2010-1555	Update Protection against HP OpenView NNM getnnmdata.exe CGI Vulnerability
	CPAI-2010-212	CVE-2010-2186	Update Protection against Adobe Flash Player Deprecated Tag Memory Corruption Vulnerability (APSB10-14)
	CPAI-2010-210	CVE-2010-2164	Update Protection against Adobe Flash Player Embedded JPEG Remote Code Execution Vulnerability (APSB10-14)
	CPAI-2010-209	CVE-2010-2170	Update Protection against Adobe Flash Player Embedded Image Integer Overflow Vulnerability (APSB10-14)
Updated	CPAI-2010-208	CVE-2010-1885	Update Protection against Microsoft Internet Explorer Help and Support Center Remote Code Execution Vulnerability (MS10-042)
	CPAI-2010-140	CVE-2010-1850	Update Protection against MySQL COM_FIELD_LIST Packet Buffer Overflow
Updated	CPAI-2010-207	CVE-2010-1297	Update Protection against Adobe Multiple Products authplay.dll Component Code Execution Vulnerability (APSA10-01)
Updated	CPAI-2010-205	CVE-2010-1880	Update Protection against Microsoft DirectShow MJPEG Crafted Segments Code Execution Vulnerability (MS10-033)
Updated	CPAI-2010-203	CVE-2010-1879	Update Protection against Microsoft DirectShow Crafted MJPEG Stream Handling Code Execution Vulnerability (MS10-033)
Updated	CPAI-2010-202	CVE-2010-1252	Preemptive Protection against Microsoft Excel ExternSheet Record String Length Stack Overrun Vulnerability (MS10-038)
Updated	CPAI-2010-201	CVE-2009-0217	Update Protection against Microsoft XML Signature HMAC Truncation Bypass Vulnerability (MS10-041)
Updated	CPAI-2010-200	CVE-2010-1264	Update Protection against Microsoft SharePoint Help Page Denial of Service Vulnerability (MS10-039)
Updated	CPAI-2010-099	CVE-2010-1250	Update Protection against Microsoft Excel Un-Documented Publisher Record Memory Corruption Vulnerability (MS10-038)
Updated	CPAI-2010-098	CVE-2010-0823	Update Protection against Microsoft Excel Malformed Chart Sheet Substream Memory Corruption Vulnerability (MS10-038)

Best practices

Date	Check Point Reference	Industry Reference	Description
	SBP-2010-23	CVE-2009-0658 CVE-2009-1858	Security Best Practice: Protect Yourself from PDF Files Containing Malformed JBIG2 Structure Vulnerabilities
	SBP-2010-22	CVE-2010-1297 CVE-2010-2168 CVE-2010-2201	Security Best Practice: Protect Yourself from PDF Files Containing Embedded Adobe Flash Movies Vulnerabilities (APSB10-15)
	SBP-2010-21		Security Best Practice: Suspicious Adobe Director Files
	SBP-2010-20		Security Best Practice: Familiarize Yourself with the SMB Remote Disk Scanning for Executable Files Protection
	SBP-2010-19	CVE-2010-0127 CVE-2010-0128 CVE-2010-0129 CVE-2010-0130 CVE-2010-0986 CVE-2010-0987 CVE-2010-1280 CVE-2010-1281 CVE-2010-1282 CVE-2010-1283 CVE-2010-1284 CVE-2010-1286 CVE-2010-1287 CVE-2010-1288 CVE-2010-1289 CVE-2010-1290 CVE-2010-1291 CVE-2010-1292	Security Best Practice: Protect Yourself from Multiple Adobe Shockwave Player and Adobe Director Vulnerabilities (APSB10-12)
	SBP-2010-18		Security Best Practice: Protect Yourself from Cross-Site Scripting Attacks
	SBP-2010-17	CVE-2010-0812	Workaround for Microsoft Windows ISATAP IPv6 Source Address Spoofing Vulnerability (MS10-029)
Updated	SBP-2010-16	CVE-2010-0024	Security Best Practice: Blocking Null Prefix in DNS MX Records
Updated	SBP-2010-15	CVE-2010-0268	Workaround for Microsoft Windows Media Player ActiveX Codec Retrieval Vulnerability (MS10-027)
	SBP-2010-14	CVE-2010-0254 CVE-2010-0256 CVE-2010-0095 CVE-2010-0096 CVE-2010-0097	Workaround for Multiple Microsoft Visio Memory Corruption Vulnerabilities (MS10-028)
	SBP-2010-13		Security Best Practice: Blocking Legacy Browsers
	SBP-2010-12		Security Best Practice: Blocking Internet Explorer 6
	SBP-2010-11	CVE-2010-0232	Workaround for Microsoft Windows Kernel Exception Handler Code Execution Vulnerability (MS10-015)
	SBP-2010-10		Security Best Practice: Protect Yourself from Pushdo Denial of Service Attacks
	SBP-2010-09	CVE-2006-3227	Security Best Practice: Protect Yourself from Microsoft Internet Explorer US-ASCII Charset Obfuscation Exploits
	SBP-2010-08		Security Best Practice: Aggressive Aging
	SBP-2008-15		Security Best Practice: SIP Protocol Enforcement
	SBP-2010-07		Security Best Practice: Protect Yourself from Multiple IMAP Vulnerabilities
	SBP-2010-06		Security Best Practice: Protect Yourself from Multiple SMTP Vulnerabilities
	SBP-2010-05		Security Best Practice: Protect Yourself from Multiple POP3 Vulnerabilities
	SBP-2010-04	CVE-2009-3956	Security Best Practice: Blocking FDF Files Containing Timed Javascript
	SBP-2010-03	CVE-2010-0018	Workaround for Microsoft Embedded OpenType Font Heap Overflow Vulnerability (MS10-001)
	SBP-2010-02		Security Best Practice: Blocking ICQ
	SBP-2010-01		Security Best Practice: Blocking Yahoo! Messenger
	SBP-2009-28		Security Best Practice: Protect Yourself from PDF Containing Obfuscated Name Objects and Obfuscated JavaScript Filter Name Exploits
	SBP-2009-27		Security Best Practice: Blocking BitTorrent
	SBP-2009-26		Security Best Practice: Blocking Gnutella
	SBP-2009-25		Security Best Practice: Blocking eMule
	SBP-2009-24		Security Best Practice: Blocking Kazaa
	SBP-2009-23	CVE-2009-3555	Security Best Practice: Protect Yourself from SSL and TLS Protocols Renegotiation Vulnerability

Product Updates

Security Gateway/NGX VPN-1/NGX UTM-1/NG

VSX

NGX R65
NGX

InterSpect

Connectra

IPS-1

IPS-1

Microsoft Security Bulletins for

= Check Point has provided a protection to this bulletin

Microsoft Security Bulletin MS10-045:
Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)

Link to full Microsoft Security Bulletin

Severity: High

CVE-2010-0266: Microsoft Outlook SMB Attachment Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Office Outlook verifies attachments in a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Check Point Response
Update Protection against Microsoft Outlook AttachMethods Remote Code Execution Vulnerability (MS10-045) Release Date:

Microsoft Security Bulletin MS10-044:
Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)

Link to full Microsoft Security Bulletin

Severity: Critical

CVE-2010-0814: Access ActiveX Control Vulnerability

A remote code execution vulnerability exists in Access ActiveX controls due to the way that multiple ActiveX controls are loaded by Internet Explorer. An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Check Point Response
Update Protection against Microsoft Internet Explorer Access ActiveX Controls Remote Code Execution Vulnerability (MS10-044) Release Date:

CVE-2010-1881: ACCWIZ.dll Uninitialized Variable Vulnerability

A remote code execution vulnerability exists in the way that the FieldList ActiveX control is instantiated by Microsoft Office and Internet Explorer. An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Check Point Response
Update Protections against Microsoft Office Access ACCWIZ.dll Uninitialized Variable Remote Code Execution Vulnerability (MS10-044) Release Date:

Microsoft Security Bulletin MS10-043:
Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)

Link to full Microsoft Security Bulletin

Severity: Critical

CVE-2009-3678: Canonical Display Driver Integer Overflow Vulnerability

An unauthenticated remote code execution vulnerability exists in the way that the Microsoft Canonical Display Driver (cdd.dll) parses information copied from user mode to kernel mode. Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart. An attacker who can successfully exploit this vulnerability for code execution could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Check Point Response
Update Protection against Microsoft Windows Canonical Display Driver Denial of Service Vulnerability (MS10-043) Release Date:

Microsoft Security Bulletin MS10-042:
Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593)

Link to full Microsoft Security Bulletin

Severity: Critical

CVE-2010-1885: Help Center URL Validation Vulnerability

An unauthenticated remote code execution vulnerability exists in the way that the Microsoft Help and Support Center validates specially crafted URLs. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.