»Hot SmartDefense Protection Reminder

Microsoft LDAP Active Directory Vulnerability
(MS08-060, CVE-2008-4023)
Lightweight Directory Access Protocol (LDAP) is an Internet standard protocol designed for querying and modifying directory services. The vulnerability is related to insufficient validation of LDAP requests by the LDAP service. A remote attacker can exploit the vulnerability with a specially crafted LDAP request sent to a vulnerable Active Directory server. Successful exploitation can lead to remote code execution.  For more information see CPAI-2008-156.

Free SmartDefense 30 Day TrialMicrosoft RPC Vulnerabilities
(MS08-059, MS08-062, MS08-065)
Several important Microsoft Remote Procedure Call (RPC) vulnerabilities have been identified.  The Host Integration Server Buffer Overflow vulnerability is potentially the most dangerous because it can lead to complete remote control of an affected system (CPAI-2008-149).  Two additional RPC vulnerabilities of high severity are the Windows Internet Printing Service vulnerability (CPAI-2008-154) and the Windows Message Queuing vulnerability (CPAI-2008-152). SmartDefense protections are available immediately for all three vulnerabilities.

HP OpenView Network Node Manager Vulnerability
(CVE-2008-1697 )
HP OpenView Network Node Manager manages, maintains and monitors networks and network devices.  The vulnerability can allow remote execution of arbitrary code, or create a Denial of Service.  Check Point SmartDefense has protected against this type of attack since July 2004. For more information see CPAI-2008-129.
October 14, 2008

IN THIS ADVISORY:
  • Microsoft LDAP Active Directory Vulnerability
  • Microsoft RPC Vulnerabilities
  • HP OpenView Network Node Manager Vulnerability
  • Including Patch Tuesday
  • Protecting Against Malformed File Attacks

Contact Us

SmartDefense User Forum

Resources for Messaging Security

SmartDefense Microsoft Security Resources
» Highlighted SmartDefense Updates

This table lists SmartDefense protection updates for recently disclosed threats.  In some cases, SmartDefense protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description SmartDefense Protection
Issued		 Industry Reference SmartDefense Reference
Number
CriticalCritical Multiple Microsoft Internet Explorer Vulnerabilities 14-Oct-08 MS08-058
CVE-2008-2947
CVE-2008-3473
CVE-2008-3475
CVE-2008-3476
CVE-2008-3472		 CPAI-2008-155
CriticalCritical Microsoft Excel Calendar Object Validation Vulnerability  14-Oct-08 MS08-057
CVE-2008-3477		 CPAI-2008-150
CriticalCritical Microsoft Excel File Format Parsing Vulnerability 14-Oct-08 MS08-057
CVE-2008-3471		 CPAI-2008-147
CriticalCritical Microsoft Windows Host Integration Server RPC Buffer Overflow 14-Oct-08 MS08-059
CVE-2008-3466		 CPAI-2008-149
CriticalCritical Microsoft LDAP Active Directory Remote Code Execution Vulnerability 14-Oct-08 MS08-060
CVE-2008-4023		 CPAI-2008-156
CriticalCritical HP OpenView Node Manager Remote Code Execution Vulnerability 1-Jul-04 CVE-2008-1697 CPAI-2008-129
CriticalHigh Microsoft Windows Internet Printing Service Remote Code Execution 14-Oct-08 MS08-062
CVE-2008-1446		 CPAI-2008-154
CriticalHigh Microsoft Server Message Block Remote Code Execution  14-Oct-08 MS08-063
CVE-2008-4038		 CPAI-2008-153
CriticalHigh Microsoft Windows Message Queuing Service Remote Code Execution  14-Oct-08 MS08-065
CVE-2008-3479		 CPAI-2008-152
CriticalHigh Macrovision InstallShield Update Service Agent ActiveX Memory Corruption 2-Oct-08 CVE-2008-2470 CPAI-2008-146
CriticalHigh Trend Micro OfficeScan Server cgiRecvFile Buffer Overflow 26-Sep-08 CVE-2008-2437 CPAI-2008-221
CriticalHigh Microsoft Windows WRITE_ANDX SMB Processing Denial of Service 26-Sep-08 CVE-2008-4114 CPAI-2008-220
CriticalHigh Trend Micro OfficeScan objRemoveCtrl ActiveX Control Buffer Overflow  21-Sep-08 CVE-2008-3364 CPAI-2008-145
CriticalMedium Apache mod_proxy_ftp XSS Vulnerability 19-Sep-08 CVE-2008-2939 CPAI-2008-222
CriticalMedium Microsoft Office Content-Disposition Header Vulnerability 14-Oct-08 MS08-056
CVE-2008-4020		 CPAI-2008-151

More SmartDefense Updates >

» How to Install SmartDefense Updates
SmartDefense Updates can be downloaded and configured on your Check Point products through the Check Point SmartCenter management interface.

How to Install SmartDefense Updates



SMARTDEFENSE DEPLOYMENT TIP
Best Practice: Protecting Against Malformed File Attacks
Malformed file attacks can introduce malicious content into your network. Conventional virus scanning protections are insufficient against these attacks since signatures and patches are often not available for several days. SmartDefense Services provide different types of protections against these attacks, defending your network against threats from email and the web. Many of these protections are available to respond immediately or even proactively to threats. For more information, see Pre-emptive Malformed File Attack Protection.
Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About SmartDefense and SmartDefense Services
Check Point SmartDefense provides intrusion prevention capabilities that are integrated into Check Point products. SmartDefense is updated by SmartDefense Services, which provide ongoing and real-time updates and configuration advisories for defenses and security policies. SmartDefense also helps to minimize threats by providing defenses that can be used before vendor supplied patches become available or are fully installed throughout the network. SmartDefense protections are developed and distributed by SmartDefense Research and Response Centers located around the globe. For additional information visit www.CheckPoint.com/Defense.

Archived SmartDefense Security Advisories >
You have received this notification because either you have a User Center account or you have subscribed to the SmartDefense Newsletter. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2008 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065