»Hot SmartDefense Protection Reminder

Zero-Day Microsoft Server Service Exploit
(MS08-067, CVE-2008-4250)
Microsoft has released Security Advisory 958963 to confirm the public availability of exploit code affecting the Windows Server Service vulnerability addressed in the Microsoft Security Bulletin. The Advisory states that this exploit code is shown to result in code execution on Windows Server 2003, Windows XP, and Windows 2000 systems. SmartDefense research teams have reviewed examples of publicly available exploit codes and confirmed that the recently released SmartDefense protection will detect and block these exploits. This protection has been available since October 23.

Free SmartDefense 30 Day TrialMicrosoft Server Message Block Vulnerability
(MS08-068, CVE-2008-4037)
This remote code execution vulnerability results from the way the Windows file sharing protocol, Microsoft Server Message Block (SMB), handles NTLM credentials when a user connects to an attacker's SMB server. This vulnerability allows an attacker to replay the user's credentials back to them, creating an SMB reflection attack. SmartDefense protects against this attack.

Oracle BEA WebLogic Server Apache Connector Buffer Overflow Vulnerability
(CVE-2008-4008)
A new buffer overflow vulnerability has been reported in Oracle (BEA) WebLogic Server Apache Connector. This vulnerability is different than the recent similarly-named vulnerability. BEA WebLogic Server is a Java Application Server platform that supports various databases, including Oracle. A remote attacker may exploit this vulnerability to execute arbitrary code on a vulnerable system. SmartDefense has protected against this vulnerability since 2004.
November 11, 2008

IN THIS ADVISORY:
  • Zero-Day Microsoft Server Service Exploit
  • Microsoft Server Message Block Vulnerability
  • Oracle BEA WebLogic Server Apache Connector Buffer Overflow
  • Including Patch Tuesday
  • Limiting HTTP Elements

Contact Us

SmartDefense User Forum

Resources for Messaging Security

SmartDefense Microsoft Security Resources
» Highlighted SmartDefense Updates

This table lists SmartDefense protection updates for recently disclosed threats.  In some cases, SmartDefense protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description SmartDefense Protection
Issued
Industry Reference SmartDefense Reference
Number
CriticalCritical Microsoft XML Core Services Nested Tag Vulnerability  11-Nov-08 MS08-069
CVE-2007-0099
CPAI-2008-164
CriticalCritical Oracle BEA WebLogic Server Apache Connector Buffer Overflow  Vulnerability 01-Feb-04 CVE-2008-4008 CPAI-2008-160
CriticalCritical Microsoft Server Service Remote Code Execution Vulnerability 23-Oct-08 MS08-067
CVE-2008-4250
CPAI-2008-158
CriticalCritical Microsoft Internet Explorer Cross-Domain Information Disclosure  Vulnerability 03-Nov-08 MS08-058
CVE-2008-3474
CPAI-2008-159
CriticalHigh Microsoft XML Core Services Chunked Request Vulnerability  11-Nov-08 MS08-069
CVE-2008-4033
CPAI-2008-163
CriticalHigh Microsoft XML Cores Services DTD Cross-Domain Scripting Vulnerability 11-Nov-08 MS08-069
CVE-2008-4029
CPAI-2008-162
CriticalHigh Microsoft SMB Reflection Attack  11-Nov-08 MS08-068
CVE-2008-4037
SBP-2008-12
CriticalHigh Rhino Software Serv-U FTP Server RNTO Command Directory Traversal Vulnerability 24-Oct-08 CVE-2008-4501 CPAI-2008-227
CriticalHigh Mozilla Firefox Animated PNG Processing Integer Overflow Vulnerability 24-Oct-08 CVE-2008-4064 CPAI-2008-228
CriticalHigh mIRC PRIVMSG Message Processing Buffer Overflow Vulnerability 24-Oct-08 CVE-2008-4449 CPAI-2008-229
CriticalHigh LibSPF2 DNS TXT Records Parsing Buffer Overflow  Vulnerability 31-Oct-08 CVE-2008-2469 CPAI-2008-230
CriticalHigh Novell iPrint Client 'IppCreateServerRef()' Remote Buffer Overflow Vulnerability 31-Oct-08 CVE-2008-2436 CPAI-2008-231
CriticalHigh CA Multiple Products ActiveX Control Buffer Overflow  Vulnerability 31-Oct-08 CVE-2008-1472 CPAI-2008-232
CriticalHigh VMware COM API ActiveX Control Buffer Overflow Vulnerability 31-Oct-08 CVE-2008-3892 CPAI-2008-233

More SmartDefense Updates >


» How to Install SmartDefense Updates
SmartDefense Updates can be downloaded and configured on your Check Point products through the Check Point SmartCenter management interface.

How to Install SmartDefense Updates



SMARTDEFENSE DEPLOYMENT TIP
Best Practice: Limiting HTTP Elements
Many exploits use unusually large or numerous HTTP header elements to launch attacks. For example, many buffer overflow attacks use very large headers sent to the web server. You can pre-emptively defend against these types of attacks by configuring SmartDefense to reject excessive HTTP header elements. This prevents buffer overflow attacks and limits the amount of code that can be inserted. This feature, available since 2004, has been proven to provide 0-day protection against numerous vulnerabilities, including: You can configure these protections in SmartDashboard.
  1. Log into SmartDashboard.
  2. Set the maximum values in the Web Intelligence > HTTP Protocol Inspection > HTTP Format Sizes category in Smart Defense. You can set general limits on headers and specific limits for named headers.


Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About SmartDefense and SmartDefense Services
Check Point SmartDefense provides intrusion prevention capabilities that are integrated into Check Point products. SmartDefense is updated by SmartDefense Services, which provide ongoing and real-time updates and configuration advisories for defenses and security policies. SmartDefense also helps to minimize threats by providing defenses that can be used before vendor supplied patches become available or are fully installed throughout the network. SmartDefense protections are developed and distributed by SmartDefense Research and Response Centers located around the globe. For additional information visit www.CheckPoint.com/Defense.

Archived SmartDefense Security Advisories >
You have received this notification because either you have a User Center account or you have subscribed to the SmartDefense Newsletter. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2008 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065