|»Hot SmartDefense Protection Reminder
Zero-Day Microsoft Server Service Exploit
Microsoft has released Security Advisory 958963 to confirm the public availability of exploit code affecting the Windows Server Service vulnerability addressed in the Microsoft Security Bulletin. The Advisory states that this exploit code is shown to result in code execution on Windows Server 2003, Windows XP, and Windows 2000 systems. SmartDefense research teams have reviewed examples of publicly available exploit codes and confirmed that the recently released SmartDefense protection will detect and block these exploits. This protection has been available since October 23.
Microsoft Server Message Block Vulnerability
This remote code execution vulnerability results from the way the Windows file sharing protocol, Microsoft Server Message Block (SMB), handles NTLM credentials when a user connects to an attacker's SMB server. This vulnerability allows an attacker to replay the user's credentials back to them, creating an SMB reflection attack. SmartDefense protects against this attack.
Oracle BEA WebLogic Server Apache Connector Buffer Overflow Vulnerability
A new buffer overflow vulnerability has been reported in Oracle (BEA) WebLogic Server Apache Connector. This vulnerability is different than the recent similarly-named vulnerability. BEA WebLogic Server is a Java Application Server platform that supports various databases, including Oracle. A remote attacker may exploit this vulnerability to execute arbitrary code on a vulnerable system. SmartDefense has protected against this vulnerability since 2004.
November 11, 2008
IN THIS ADVISORY:
- Zero-Day Microsoft Server Service Exploit
- Microsoft Server Message Block Vulnerability
- Oracle BEA WebLogic Server Apache Connector Buffer Overflow
|» Highlighted SmartDefense Updates
This table lists SmartDefense protection updates for recently disclosed threats. In some cases, SmartDefense protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.
More SmartDefense Updates >
» How to Install SmartDefense Updates
SmartDefense Updates can be downloaded and configured on your Check Point
products through the Check Point SmartCenter management interface.
Best Practice: Limiting HTTP Elements
Many exploits use unusually large or numerous HTTP header elements to launch attacks. For example, many buffer overflow attacks use very large headers sent to the web server. You can pre-emptively defend against these types of attacks by configuring SmartDefense to reject excessive HTTP header elements. This prevents buffer overflow attacks and limits the amount of code that can be inserted. This feature, available since 2004, has been proven to provide 0-day protection against numerous vulnerabilities, including:
You can configure these protections in SmartDashboard.
- Log into SmartDashboard.
- Set the maximum values in the Web Intelligence > HTTP Protocol Inspection > HTTP Format Sizes category in Smart Defense. You can set general limits on headers and specific limits for named headers.
|Have SmartDefense feature questions?
Participate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
|Know someone who should be getting the Advisories?
» About SmartDefense and SmartDefense Services
Check Point SmartDefense provides intrusion prevention capabilities that are integrated into Check Point products. SmartDefense is updated by SmartDefense Services, which provide ongoing and real-time updates and configuration advisories for defenses and security policies. SmartDefense also helps to minimize threats by providing defenses that can be used before vendor supplied patches become available or are fully installed throughout the network. SmartDefense protections are developed and distributed by SmartDefense Research and Response Centers located around the globe. For additional information visit www.CheckPoint.com/Defense.
Archived SmartDefense Security Advisories >
|You have received this notification because either you have a User Center account or you have subscribed to the SmartDefense Newsletter. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.
©2003-2008 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065