»Hot SmartDefense Protections

Microsoft Excel Vulnerabilities
(MS08-074, CVE-2008-4264, CVE-2008-4265, CVE-2008-4266)
These vulnerabilities result from Microsoft Excel failing to handle malformed Excel files. An attacker can exploit this flaw to execute arbitrary code on a vulnerable system via a malformed Excel file. Successful exploitation of these vulnerabilities may allow execution of arbitrary code on a target system. SmartDefense protects against this attack.

Free SmartDefense 30 Day TrialSun Solaris Command Injection Vulnerability
(CVE-1999-0208, CA-1995-17)
The vulnerability is due to an error in the Sun Solaris rpc.ypupdated (Sun Advisory #238365) service that fails to properly validate user input when processing RPC requests. A remote attacker may exploit this vulnerability via a specially-crafted RPC request sent to the vulnerable host. Successful exploitation may allow execution of arbitrary commands on a vulnerable Network Information Service (NIS) machine. SmartDefense protects against this attack.

Microsoft Server Service: New Attack Vector
(MS08-067, CVE-2008-4250)
Check Point has confirmed a new attack vector related to this previously-announced vulnerability. An important SmartDefense update is available to protect against this type of attack. Check Point strongly encourages customers who have not applied the Microsoft patch to update as soon as possible.
December 9, 2008

IN THIS ADVISORY:
  • Microsoft Excel Vulnerabilities
  • Sun Solaris Command Injection Vulnerability
  • Microsoft Server Service: New Attack Vector
  • Including Patch Tuesday
  • Extending MS-RPC Enforcement Capabilities
» Highlighted SmartDefense Updates

This table lists SmartDefense protection updates for recently disclosed threats.  In some cases, SmartDefense protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description SmartDefense Protection
Issued		 Industry Reference SmartDefense Reference
Number
CriticalCritical Microsoft Word RTF Drawing Object Remote Code Execution  09-Dec-08 CVE-2008-4025
MS08-072		 CPAI-2008-177
CriticalCritical Microsoft Word RTF dpendgroup Remote Code Execution 09-Dec-08 CVE-2008-4030
MS08-072		 CPAI-2008-176
CriticalCritical Microsoft Word RTF Drawing Primitives Remote Code Execution  09-Dec-08 CVE-2008-4028
MS08-072		 CPAI-2008-179
CriticalCritical Microsoft Word RTF stylesheet Control Word Remote Code Execution  09-Dec-08 CVE-2008-4031
MS08-072		 CPAI-2008-174
CriticalCritical Microsoft Word Sprm Parsing Memory Corruption 09-Dec-08 CVE-2008-4837
MS08-072		 CPAI-2008-175
CriticalCritical Microsoft Word Global Array Memory Corruption  09-Dec-08 CVE-2008-4026
MS08-072		 CPAI-2008-185
CriticalCritical Microsoft Word Memory Corruption  09-Dec-08 CVE-2008-4024
MS08-072		 CPAI-2008-171
CriticalCritical Microsoft Internet Explorer HTML Rendering Memory Corruption  09-Dec-08 CVE-2008-4261
MS08-073		 CPAI-2008-180
CriticalCritical Microsoft Internet Explorer WebDav Memory Corruption  09-Dec-08 CVE-2008-4259
MS08-073		 CPAI-2008-183
CriticalCritical Microsoft Internet Explorer URL Cache Memory Corruption  09-Dec-08 CVE-2008-4260
MS08-073		 CPAI-2008-182
CriticalCritical Microsoft Internet Explorer Parameter Validation Memory Corruption  09-Dec-08 CVE-2008-4258
MS08-073		 CPAI-2008-169
CriticalCritical Microsoft Excel Global Array Memory Corruption  09-Dec-08 CVE-2008-4266
MS08-074		 CPAI-2008-173
CriticalCritical Microsoft Excel File Format Parsing Remote Code Execution  09-Dec-08 CVE-2008-4265
MS08-074		 CPAI-2008-178
CriticalCritical Microsoft Excel File Format Parsing Remote Code Execution  09-Dec-08 CVE-2008-4264
MS08-074		 CPAI-2008-172
CriticalCritical Visual Basic ActiveX Controls Remote Code Execution Vulnerabilities  09-Dec-08 CVE-2008-4253
MS08-070
CVE-2008-4254
CVE-2008-4256
CVE-2008-4252
CVE-2008-4255 		 CPAI-2008-170
CriticalCritical Sun Solaris rpc.ypupdated Command Injection  09-Dec-08 CVE-1999-0208 CPAI-2008-167
CriticalCritical Microsoft GDI WMF Remote Code Execution  09-Dec-08 CVE-2008-2249
MS08-071		 CPAI-2008-168
CriticalCritical Microsoft Windows Search Parsing Remote Code Execution  09-Dec-08 CVE-2008-4269
MS08-075		 CPAI-2008-184
CriticalHigh Microsoft Office SharePoint Server Access Control Elevation of Privilege   09-Dec-08 CVE-2008-4032
MS08-077		 CPAI-2008-181
CriticalHigh openwsman HTTP Basic Authentication Buffer Overflow 14-Nov-08 CVE-2008-2234 CPAI-2008-235
CriticalHigh Recent Malware Threats  17-Nov-08   CPAI-2008-166
CriticalHigh Autodesk Multiple Products LiveUpdate ActiveX Control Code Execution  17-Nov-08 CVE-2008-4471
CVE-2008-4472		 CPAI-2008-164

More SmartDefense Updates >

» How to Install SmartDefense Updates
SmartDefense Updates can be downloaded and configured on your Check Point products through the Check Point SmartCenter management interface.

How to Install SmartDefense Updates



SMARTDEFENSE DEPLOYMENT TIP
Best Practice: Extending MS-RPC Enforcement Capabilities
Microsoft Remote Procedure Call (MS-RPC) is a protocol that Microsoft programs use to request a service from a program located on another computer in a network. Although MS-RPC is generally tunneled over the Common Internet File System (CIFS) protocol, which uses 139/tcp and 445/tcp ports, it can also be used without CIFS tunneling, over high TCP ports. High TCP ports range between 1024 and 65,535 and are often used by some legitimate services. These high ports are also vulnerable to various MS-RPC attacks, potentially leading to system compromise.

SmartDefense has protected all TCP ports from this vulnerability since 2006.

Protection
You can configure this protection in SmartDashboard:
  1. Click the SmartDefense Tab.
  2. Click Application Intelligence> MS-RPC.
  3. Select MS-RPC Protections on all TCP Ports.
SmartDefense has protected all TCP ports from MS RPC vulnerabilities since 2005. Examples include CPAI-2007-139, CPAI-2008-152 , and CPAI-2005-140.
Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About SmartDefense and SmartDefense Services
Check Point SmartDefense provides intrusion prevention capabilities that are integrated into Check Point products. SmartDefense is updated by SmartDefense Services, which provide ongoing and real-time updates and configuration advisories for defenses and security policies. SmartDefense also helps to minimize threats by providing defenses that can be used before vendor supplied patches become available or are fully installed throughout the network. SmartDefense protections are developed and distributed by SmartDefense Research and Response Centers located around the globe. For additional information visit www.CheckPoint.com/Defense.

Archived SmartDefense Security Advisories >
You have received this notification because either you have a User Center account or you have subscribed to the SmartDefense Newsletter. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2008 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065