SDS Banner

SmartDefense Services Bulletin
July 2008

Greetings! This bulletin features Check Point SmartDefense Services highlights for the month of . Please feel free to email us if you have any comments or questions.

To sign-up to the mailing list, send an email to listserv@amadeus.us.checkpoint.com with the text "SUBSCRIBE SMARTDEFENSE-NEWS" in the email body. If you'd like to unsubscribe from this bulletin, send an email to listserv@amadeus.us.checkpoint.com with the text "SIGNOFF SMARTDEFENSE-NEWS" in the email body.

 
In This Bulletin

About SmartDefense Services
What's New
Advisories
Defense Updates

About SmartDefense Services

Check Point SmartDefense Services maintain the most current preemptive security for your Check Point security infrastructure. To help your defenses stay continuously ahead of today’s constantly evolving threat landscape, SmartDefense Services provide:

  • Preemptive, ongoing, and real-time updates to defenses and security policies
  • Ongoing new protocol and application defenses against emerging threats and attacks
  • Step-by-step instructions on how to activate and configure defenses against emerging threats and vulnerabilities – usually before exploits are created by hackers
  • Messaging Security updates (providing comprehensive protection for email infrastructures) for UTM-1 Total Security appliances and VPN-1 UTM Total Security software licenses
  • Anti-virus updates and alerts for Check Point VPN-1 UTM
  • Anti-spyware updates for Check Point Endpoint Security 
  • Malicious applications database for automating network access and malware termination policies (Program Advisor Service for Check Point Endpoint Security)
What's New

New SmartDefense User Forum
Participate in the new SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features. The role of this forum is to allow SmartDefense users to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the Forum and provide information on the issues posted.

Security Advisory: SmartDefense Provides Preemptive Protection against Multi-Vendor DNS Vulnerability
The latest DNS cache poisoning technique, announced by CERT on July 8, 2008, exploits DNS requests that do not randomize source ports (CVE-2008-1447). The spoofing vulnerability has been reported in major DNS implementations, including Microsoft Windows DNS service and Berkeley Internet Name Domain (BIND). Check Point VPN-1 Power/UTM and Connectra protect customers from the attack by using SmartDefense DNS request scrambling, which has been available to customers since March 2005. For more information on this threat, refer to SmartDefense Services Advisory CPAI-2008-092.

Security Advisory: Protections against Apple Safari Remote Code Execution on Windows and Related Vulnerabilities
The widely reported vulnerability affects users of Windows XP and Vista when Apple’s Safari for Windows is installed. However, the underlying vulnerability deals with how Windows handles dynamic link libraries (DLLs) and is more serious. Apple issued a patch on June 19th for the Safari-specific vulnerability. Microsoft has not released a patch for the broader DLL threat, which is a blended threat in which files may be downloaded to a machine without prompting, allowing them to be executed. SmartDefense Services Update CPAI-2008-082, issued on June 2, provides protection not only from the Safari instance of the DLL threats but other exploits that may try to utilize the broader vulnerability.

New SmartDefense Microsoft Security Page
A dedicated SmartDefense web section with details and links for Microsoft vulnerabilities and related Check Point defenses.SmartDefense protections can secure the period between release of a Microsoft patch and the time that the patch is successfully applied throughout your network infrastructure. Visit the SmartDefense Microsoft Security Page for additional information.

Messaging Security -- Protect your Email Infrastructure
Check Point Messaging Security provides comprehensive protection for an organization's email infrastructure with multiple dimensions of defense, including: anti-spam, IP reputation checks, mail antivirus, malware protection, etc. Messaging Security is available as part of Check Point UTM-1 Total Security offerings Visit the Messaging Security site for more information.

Advisories (Sorted by Severity, then Date)
CPAI-2008-076
  Date:
  Severity:
  Description: Update Protection against Microsoft Windows Media Player SAMI Format Parsing Vulnerability (MS08-033)
  Sources: Microsoft Security Bulletin MS08-033
  Vulnerable Systems: Microsoft Windows 2000 SP4
Windows XP SP2
Windows XP SP3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition SP2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium)
Windows Vista
Windows Vista SP1
Windows Vista x64 Edition
Windows Vista x64 Edition SP1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 (Itanium)
     
CPAI-2008-212
  Date:
  Severity:
  Description: Update Protection against Computer Associates (CA) ARCserve Backup Software for Laptops and Desktops Buffer Overflow Vulnerability
  Sources: SECTRACK:1019788
SREASON:3800
  Vulnerable Systems: CA BrightStor ARCserve Backup for Laptops and Desktops 11.0
CA BrightStor ARCserve Backup for Laptops and Desktops 11.1
CA BrightStor ARCserve Backup for Laptops and Desktops 11.1 SP1 and SP2
CA BrightStor ARCserve Backup Laptops Desktops 11.5
CA Desktop Management Suite 11.1
CA Desktop Management Suite 11.2 English
CA Desktop Management Suite 11.2 Localized
     
CPAI-2008-082
  Date:
  Severity:
  Description: Update Protection against Apple Safari on Windows Platform Remote Code Execution Vulnerability (MS09-015)
  Sources: Microsoft Security Advisory (953818)
Microsoft Security Bulletin MS09-015
  Vulnerable Systems: Internet Explorer 6
Internet Explorer 7
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows Vista
Microsoft Windows Vista SP1
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition SP1
     
CPAI-2008-090
  Date:
  Severity:
  Description: Preemptive Protection against CA eTrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability
  Sources: Secunia Advisory: SA30518
  Vulnerable Systems: CA eTrust Secure Content Manager 8
     
CPAI-2008-084
  Date:
  Severity:
  Description: Update Protection against IBM Lotus Domino Web Server HTTP Header Buffer Overflow Vulnerability
  Sources: Secunia Advisory: SA30310
  Vulnerable Systems: IBM Lotus Domino 6
IBM Lotus Domino 6.5
IBM Lotus Domino 7.0.x prior to 7.0.3 Fix Pack 1 (FP1)
IBM Lotus Domino 8.0.x prior to 8.0.1
     
CPAI-2008-081
  Date:
  Severity:
  Description: Update Protection against Microsoft Active Directory Denial of Service Vulnerability (MS08-035)
  Sources: Microsoft Security Bulletin MS08-035
  Vulnerable Systems: Microsoft Windows 2000 Server SP4
Windows XP Professional SP2
Windows XP Professional SP3
Windows XP Professional x64 Edition
Windows XP Professional Edition SP2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium)
Windows Server 2008
Windows Server 2008 x64 Edition
Windows Server 2008 (Itanium)
     
CPAI-2008-079
  Date:
  Severity:
  Description: Update Protection against PGM Invalid Length Vulnerability (MS08-036)
  Sources: Microsoft Security Bulletin MS08-036
  Vulnerable Systems: Windows XP SP2
Windows XP SP3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition SP2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium)
Windows Vista
Windows Vista SP1
Windows Vista x64 Edition
Windows Vista x64 Edition SP1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 (Itanium)
     
CPAI-2008-077
  Date:
  Severity:
  Description: Update Protection against Microsoft WINS Remote Code Execution Vulnerability (MS08-034)
  Sources: Microsoft Security Bulletin MS08-034
  Vulnerable Systems: Microsoft Windows 2000 Server SP4
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 SP1 (Itanium)
Windows Server 2003 SP2 (Itanium)
     
CPAI-2008-211
  Date:
  Severity:
  Description: Update Protection Against Computer Associates (CA) Product Alert Notifications Server Multiple Buffer Overflow Vulnerabilities
  Sources: SECUNIA:29665
  Vulnerable Systems: CA Anti-Virus for the Enterprise 7.1
CA Anti-Virus for the Enterprise 8.0
CA Anti-Virus for the Enterprise 8.1
CA BrightStor ARCserve Backup 11.0
CA BrightStor ARCserve Backup 11.1
CA BrightStor ARCserve Backup 11.5
CA Threat Manager for the Enterprise 8.0
CA Threat Manager for the Enterprise 8.1
     
CPAI-2008-075
  Date:
  Severity:
  Description: Update Protections against Recent Malware Threats (1-Jun-08)
  Sources: Trojan.eCodec
AdWare.Win32.Ejik.bc
  Vulnerable Systems: Microsoft Windows clients
     
CPAI-2008-074
  Date:
  Severity:
  Description: Update Protection against Novell eDirectory HTTP Headers Denial of Service Vulnerability
  Sources: Secunia Advisory: SA29805
  Vulnerable Systems: Novell eDirectory prior to 8.7.3 sp10
Novell eDirectory prior to 8.8.2
     
CPAI-2008-073
  Date:
  Severity:
  Description: Update Protection against Linux Kernel IPv6 over IPv4 Memory Leak Denial of Service Vulnerability
  Sources: Secunia Advisory: SA30241
  Vulnerable Systems: Linux Kernel Project Kernel prior to 2.6.25.3
     
CPAI-2008-083
  Date:
  Severity:
  Description: Integrity Clientless Security (ICS) Update 3.7.231.0
  Sources: SmartDefense Research Center
  Vulnerable Systems: Microsoft Windows clients
     
CPAI-2008-080
  Date:
  Severity:
  Description: Update Protection against PGM Malformed Fragment Vulnerability (MS08-036)
  Sources: Microsoft Security Bulletin MS08-036
  Vulnerable Systems: Windows XP SP2
Windows XP SP3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition SP2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium)
Windows Vista
Windows Vista SP1
Windows Vista x64 Edition
Windows Vista x64 Edition SP1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 (Itanium)
     
CPAI-2008-078
  Date:
  Severity:
  Description: Update Protection against Microsoft ActiveX Object Memory Corruption Vulnerability (MS08-032)
  Sources: Microsoft Security Bulletin MS08-032
  Vulnerable Systems: Microsoft Windows 2000 SP4
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition SP2
Microsoft Windows Server 2003 with SP1 (Itanium)
Microsoft Windows Server 2003 with SP2 (Itanium)
Microsoft Windows Vista
Microsoft Windows Vista SP1
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition SP1
Microsoft Windows Server 2008 for 32-bit Systems
Microsoft Windows Server 2008 for x64-based Systems
Microsoft Windows Server 2008 for (Itanium)
     
Defense Updates
CPAI-2008-084
  Date:
  Update Number: 692080618 (Connectra NGX R61/R62)
591080618 (VPN-1 NGX R60)
602080618 (VPN-1 NGX R61/R62/R65)
602080618 (VPN-1 VSX NGX)
602080618 (VPN-1 VSX NGX R65)
592080618 (InterSpect NGX)

  Description: IBM Lotus Domino Web Server HTTP Header Buffer Overflow Protection
     
CPAI-2008-081
  Date:
  Update Number: 692080618 (Connectra NGX R61/R62)
591080618 (VPN-1 NGX R60)
602080618 (VPN-1 VSX NGX)
592080618 (InterSpect NGX)

  Description: Microsoft Active Directory Denial of Service Protection (MS08-035)
     
CPAI-2008-080
  Date:
  Update Number: 692080618 (Connectra NGX R61/R62)
591080618 (VPN-1 NGX R60)
602080618 (VPN-1 VSX NGX)
592080618 (InterSpect NGX)

  Description: PGM Malformed Fragment Protection (MS08-036)
     
CPAI-2008-079
  Date:
  Update Number: 692080618 (Connectra NGX R61/R62)
591080618 (VPN-1 NGX R60)
602080618 (VPN-1 VSX NGX)
592080618 (InterSpect NGX)
  Description: PGM Invalid Length Protection (MS08-036)
     
CPAI-2008-078
  Date:
  Update Number: 591080618 (VPN-1 NGX R60)
602080618 (VPN-1 VSX NGX)
592080618 (InterSpect NGX)
  Description: Microsoft ActiveX Object Memory Corruption Protection (MS08-032)
     
CPAI-2008-077
  Date:
  Update Number: 692080618 (Connectra NGX R61/R62)
591080618 (VPN-1 NGX R60)
602080618 (VPN-1 VSX NGX)
592080618 (InterSpect NGX)
  Description: Microsoft WINS Remote Code Execution Protection (MS08-034)
     
CPAI-2008-076
  Date:
  Update Number: 591080618 (VPN-1 NGX R60)
602080618 (VPN-1 VSX NGX)
592080618 (InterSpect NGX)
  Description: Microsoft Windows Media Player SAMI Format Parsing Protection (MS08-033)
     
CPAI-2008-083
  Date:
  Update Number: 692080616(Connectra NGX R61/R62)
691080616 (Connectra NGX R60)
  Description: Integrity Clientless Security (ICS) Update 3.7.231.0
     
CPAI-2008-081
  Date:
  Update Number: 602080605 (VPN-1 NGX R61/R62/R65)
602080605 (VPN-1 VSX NGX R65)
  Description: Microsoft Active Directory Denial of Service Protection (MS08-035)
     
CPAI-2008-080
  Date:
  Update Number: 602080605 (VPN-1 NGX R61/R62/R65)
602080605 (VPN-1 VSX NGX R65)
  Description: PGM Malformed Fragment Protection (MS08-036)
     
CPAI-2008-079
  Date:
  Update Number: 602080605 (VPN-1 NGX R61/R62/R65)
602080605 (VPN-1 VSX NGX R65)
  Description: PGM Invalid Length Protection (MS08-036)
     
CPAI-2008-078
  Date:
  Update Number: 602080605 (VPN-1 NGX R61/R62/R65)
602080605 (VPN-1 VSX NGX R65)
  Description: Microsoft ActiveX Object Memory Corruption Protection (MS08-032)
     
CPAI-2008-077
  Date:
  Update Number: 602080605 (VPN-1 NGX R61/R62/R65)
602080605 (VPN-1 VSX NGX R65)
  Description: Microsoft WINS Remote Code Execution Protection (MS08-034)
     
CPAI-2008-076
  Date:
  Update Number: 602080605 (VPN-1 NGX R61/R62/R65)
602080605 (VPN-1 VSX NGX R65)
  Description: Microsoft Windows Media Player SAMI Format Parsing Protection (MS08-033)
     
CPAI-2008-082
  Date:
  Update Number: 692080602 (Connectra NGX R61/R62)
591080602 (VPN-1 NGX R60)
602080602 (VPN-1 NGX R61/R62/R65)
602080602 (VPN-1 VSX NGX)
602080602 (VPN-1 VSX NGX R65)
592080602 (InterSpect NGX)
506080602 (IPS-1)
  Description: Apple Safari on Windows Platform Remote Code Execution Protection
     
CPAI-2008-075
  Date:
  Update Number: 591080528 (VPN-1 NGX R60)
602080528 (VPN-1 NGX R61/R62/R65)
541080528 (VPN-1 NGX R54/R55)
602080528 (VPN-1 VSX NGX)
602080528 (VPN-1 VSX NGX R65)
592080528 (InterSpect NGX)
  Description: Protections against Recent Malware Threats (1-Jun-08)
     
CPAI-2008-074
  Date:
  Update Number: 692080528 (Connectra NGX R61/R62)
591080528 (VPN-1 NGX R60)
541080528 (VPN-1 NGX R54/R55)
602080528 (VPN-1 NGX R61/R62/R65)
602080528 (VPN-1 VSX NGX)
602080528 (VPN-1 VSX NGX R65)
592080528 (InterSpect NGX)
  Description: Novell eDirectory HTTP Headers Denial of Service Protection
     
CPAI-2008-073
  Date:
  Update Number: 692080528 (Connectra NGX R61/R62)
591080528 (VPN-1 NGX R60)
541080528 (VPN-1 NGX R54/R55)
602080528 (VPN-1 NGX R61/R62/R65)
602080528 (VPN-1 VSX NGX)
602080528 (VPN-1 VSX NGX R65)
592080528 (InterSpect NGX)
  Description: Linux Kernel IPv6 over IPv4 Memory Leak Denial of Service Protection
     
SDS Footer

You received this email because our records indicate that you wish to be contacted about SmartDefense Updates, Advisories, product news, and security information. If you do not want to receive further mailings, unsubscribe by sending a message with "SIGNOFF SMARTDEFENSE-NEWS" command to LISTSERV@AMADEUS.US.CHECKPOINT.COM in the first line (not the subject).

Copyright 2003-2008 Check Point Software Technologies LTD (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065