SDS Banner

SmartDefense Services Bulletin
July 2007

Greetings! This bulletin features Check Point SmartDefense Services highlights for the month of . Please feel free to email us if you have any comments or questions.

To sign-up to the mailing list, send an email to listserv@amadeus.us.checkpoint.com with the text "SUBSCRIBE SMARTDEFENSE-NEWS" in the email body. If you'd like to unsubscribe from this bulletin, send an email to listserv@amadeus.us.checkpoint.com with the text "SIGNOFF SMARTDEFENSE-NEWS" in the email body.

 
In This Bulletin

About SmartDefense Services
Advisories
Defense Updates

About SmartDefense Services

Check Point SmartDefense Services maintain the most current preemptive security for your Check Point security infrastructure. To help your defenses stay continuously ahead of today’s constantly evolving threat landscape, SmartDefense Services provide:

  • Preemptive, ongoing, and real-time updates to defenses and security policies
  • Ongoing new protocol and application defenses against emerging threats and attacks
  • Step-by-step instructions on how to activate and configure defenses against emerging threats and vulnerabilities – usually before exploits are created by hackers
  • Anti-virus updates and alerts for Check Point VPN-1 UTM-1
  • Anti-spyware updates for Check Point Integrity Anti-Spyware 
  • Malicious applications database for automating network access and malware termination policies (Program Advisor Service for Integrity)
Advisories (Sorted by Severity, then Date)
CPAI-2007-076
  Date:
  Severity:
  Description: Update Protection against Microsoft Speech API and Microsoft Internet Explorer Memory Corruption Vulnerabilities (MS07-033)
  Sources: Microsoft Security Bulletin MS07-033
  Vulnerable Systems: Microsoft Speech API 4
Microsoft Internet Explorer 5.01 SP4
Microsoft Internet Explorer 6
Microsoft Windows 2000 SP4
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 SP2
Microsoft Windows XP SP2
     
CPAI-2007-075
  Date:
  Severity:
  Description: Update Protection against Microsoft Office MSODataSourceControl ActiveX Control Denial of Service Vulnerability
  Sources: SecurityTracker Alert ID: 1018251
  Vulnerable Systems: Microsoft Office 2003
     
CPAI-2007-073
  Date:
  Severity:
  Description: Update Protection against Microsoft CSS Tag Memory Corruption Vulnerability (MS07-033)
  Sources: Microsoft Security Bulletin MS07-033
  Vulnerable Systems: Internet Explorer 5.01 on Microsoft Windows 2000 SP4
Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4
Internet Explorer 6 on Windows XP SP2
Internet Explorer 6 on Windows XP Professional x64 Edition
Internet Explorer 6 on Windows XP Professional x64 Edition SP2
Internet Explorer 6 on Windows Server 2003 SP1
Internet Explorer 6 on Windows Server 2003 SP2
Internet Explorer 6 on Windows Server 2003 x64 Edition
Internet Explorer 6 on Windows Server 2003 x64 Edition SP2
Internet Explorer 6 on Windows Server 2003 with SP1 (Itanium)
Internet Explorer 6 on Windows Server 2003 with SP2 (Itanium)
Internet Explorer 7 on Windows XP SP2
Internet Explorer 7 on Windows XP Professional x64 Edition
Internet Explorer 7 on Windows XP Professional x64 Edition SP2
Internet Explorer 7 on Windows Server 2003 SP1
Internet Explorer 7 on Windows Server 2003 SP2
Internet Explorer 7 on Windows Server 2003 x64 Edition
Internet Explorer 7 on Windows Server 2003 x64 Edition SP2
Internet Explorer 7 on Windows Server 2003 with SP1 (Itanium)
Internet Explorer 7 on Windows Server 2003 with SP2 (Itanium)
Internet Explorer 7 on Windows Vista
Internet Explorer 7 on Windows Vista x64 Edition
     
CPAI-2007-072
  Date:
  Severity:
  Description: Update Protection against Microsoft Win32 API Remote Code Execution Vulnerability (MS07-035)
  Sources: Microsoft Security Bulletin MS07-035
  Vulnerable Systems: Windows 2000 SP4
Windows XP SP2
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition SP2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium)
     
CPAI-2007-071
  Date:
  Severity:
  Description: Preemptive Protection against Microsoft MHTML Information Disclosure Vulnerability (MS07-034)
  Sources: Microsoft Security Bulletin MS07-034
  Vulnerable Systems: Microsoft Outlook Express 6 on Windows XP SP2
Microsoft Outlook Express 6 on Windows XP Professional x64 Edition
Microsoft Outlook Express 6 on Windows XP Professional x64 Edition SP2
Microsoft Outlook Express 6 on Windows Server 2003 SP1
Microsoft Outlook Express 6 on Windows Server 2003 SP2
Microsoft Outlook Express 6 on Windows Server 2003 x64 Edition
Microsoft Outlook Express 6 on Windows Server 2003 x64 Edition SP2
Microsoft Outlook Express 6 on Windows Server 2003 with SP1 (Itanium)
Microsoft Outlook Express 6 on Windows Server 2003 with SP2 (Itanium)
Windows Mail on Windows Vista
Windows Mail on Windows Vista x64 Edition
     
CPAI-2007-074
  Date:
  Severity:
  Description: Update Protection against Microsoft Visio Remote Code Execution Vulnerabilities (MS07-030)
  Sources: Microsoft Security Bulletin MS07-030
  Vulnerable Systems: Microsoft Visio 2002 SP2
     
CPAI-2007-070
  Date:
  Severity:
  Description: Update Protection against LANDesk Alert Service Stack Overflow Vulnerability
  Sources: Secunia Advisory: SA24892
  Vulnerable Systems: LANDesk Management Suite version 8.7
LANDesk Management Suite version 8.6.1
     
CPAI-2007-069
  Date:
  Severity:
  Description: Update Protection against Apple QuickTime Crafted Media File Integer Underflow Vulnerability
  Sources: SecurityTracker Alert ID: 1017967
  Vulnerable Systems: Apple QuickTime 7.1.5 and prior
     
CPAI-2007-068
  Date:
  Severity:
  Description: Preemptive Protection against Yahoo! Messenger Webcam ActiveX Control Buffer Overflow Vulnerability
  Sources: Secunia Advisory: SA25547
  Vulnerable Systems: Yahoo! Messenger 8.1.0.249 and prior
     
CPAI-2007-067
  Date:
  Severity:
  Description: Integrity Clientless Security (ICS) Update 3.7.159.0
  Sources: SmartDefense Research Center
  Vulnerable Systems: Microsoft Windows clients
     
CPAI-2007-372
  Date:
  Severity:
  Description: Comments Inside JPEG Files
  Sources:
  Vulnerable Systems: Computer users
     
Defense Updates
CPAI-2007-076
  Date:
  Update Number: 541070628 (VPN-1 NG R55)
550070628 (VPN-1 NG R55W)
591070628 (VPN-1 NGX R60)
602070628 (VPN-1 NGX R61/R62/R65)
591070628 (VPN-1 VSX NGX)
547070628 (InterSpect 1.x and 2.0)
592070628 (InterSpect NGX)
  Description: Microsoft Speech API and Microsoft Internet Explorer Protections (MS07-033)
     
CPAI-2007-075
  Date:
  Update Number: 541070628 (VPN-1 NG R55)
550070628 (VPN-1 NG R55W)
591070628 (VPN-1 NGX R60)
602070628 (VPN-1 NGX R61/R62/R65)
591070628 (VPN-1 VSX NGX)
547070628 (InterSpect 1.x and 2.0)
592070628 (InterSpect NGX)
  Description: Microsoft Office MSODataSourceControl ActiveX Control Protection
     
CPAI-2007-074
  Date:
  Update Number: 541070628 (VPN-1 NG R55)
550070628 (VPN-1 NG R55W)
591070628 (VPN-1 NGX R60)
602070628 (VPN-1 NGX R61/R62/R65)
591070628 (VPN-1 VSX NGX)
547070628 (InterSpect 1.x and 2.0)
592070628 (InterSpect NGX)
  Description: Microsoft Visio Protections (MS07-030)
     
CPAI-2007-073
  Date:
  Update Number: 541070628 (VPN-1 NG R55)
550070628 (VPN-1 NG R55W)
591070628 (VPN-1 NGX R60)
602070628 (VPN-1 NGX R61/R62/R65)
591070628 (VPN-1 VSX NGX)
547070628 (InterSpect 1.x and 2.0)
592070628 (InterSpect NGX)
  Description: Microsoft CSS Tag Protection (MS07-033)
     
CPAI-2007-072
  Date:
  Update Number: 541070628 (VPN-1 NG R55)
550070628 (VPN-1 NG R55W)
591070628 (VPN-1 NGX R60)
602070628 (VPN-1 NGX R61/R62/R65)
591070628 (VPN-1 VSX NGX)
547070628 (InterSpect 1.x and 2.0)
592070628 (InterSpect NGX)
  Description: Microsoft Win32 API Protection (MS07-035)
     
CPAI-2007-070
  Date:
  Update Number: 541070612 (VPN-1 NG R55)
550070612 (VPN-1 NG R55W)
591070612 (VPN-1 NGX R60)
602070612 (VPN-1 NGX R61/R62/R65)
591070612 (VPN-1 VSX NGX)
547070612 (InterSpect 1.x and 2.0)
592070612 (InterSpect NGX)
692070612 (Connectra NGX R61/R62)
  Description: LANDesk Alert Service Protection
     
CPAI-2007-069
  Date:
  Update Number: 541070612 (VPN-1 NG R55)
550070612 (VPN-1 NG R55W)
591070612 (VPN-1 NGX R60)
602070612 (VPN-1 NGX R61/R62/R65)
591070612 (VPN-1 VSX NGX)
547070612 (InterSpect 1.x and 2.0)
592070612 (InterSpect NGX)
  Description: Apple QuickTime Crafted Media File Protection
     
CPAI-2007-067
  Date:
  Update Number: 692070605 (Connectra NGX R61/R62)
691070605 (Connectra NGX R60)
690070605 (Connectra 2.0)
  Description: Integrity Clientless Security (ICS) Update 3.7.159.0
     
SDS Footer

You received this email because our records indicate that you wish to be contacted about SmartDefense Updates, Advisories, product news, and security information. If you do not want to receive further mailings, unsubscribe by sending a message with "SIGNOFF SMARTDEFENSE-NEWS" command to LISTSERV@AMADEUS.US.CHECKPOINT.COM in the first line (not the subject).

Copyright 2003-2008 Check Point Software Technologies LTD (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065