»Hot SmartDefense Protection Reminder

Microsoft Image Format Handling Vulnerabilities
Microsoft image handling vulnerabilities can be exploited by using malformed versions of the popular image file types GIF, WMF, EMF and BMP. Microsoft’s GDI+ fails to handle these maliciously-crafted image files. By persuading a user to open the file, an attacker can take complete control of an affected system. For information on how SmartDefence protects your network from these threats see Microsoft Image Format Handling Vulnerabilities.

Free SmartDefense 30 Day TrialApache Tomcat Directory Traversal Vulnerability (CVE-2008-2938)
This vulnerability allows a hacker to access normally-inaccessible files and directories through a specially-created HTTP request. For most Check Point products, SmartDefense has protected against this vulnerability since July 16, 2006. For more information, see CPAI-2008-134.

DNS Spoofing VideoMulti-Vendor DNS Spoofing
(CVE-2008-1447) This vulnerability continues to be a concern as attacks based on it have surfaced. This DNS cache poisoning technique exploits DNS requests that do not randomize source ports.The spoofing vulnerability has been reported in major DNS implementations, including Microsoft Windows DNS service and Berkeley Internet Name Domain (BIND). Check Point SmartDefense protections for DNS have been available since May 2004. We strongly encourage our customers to take the necessary steps to protect their network infrastructure. For more information, see DNS Vulnerability Spoofing Protection.
September 9, 2008

IN THIS ADVISORY:
  • Microsoft Image Format Handling Vulnerabilities
  • Apache Tomcat Traversal Vulnerability
  • Multi-Vendor DNS Spoofing
  • Including Patch Tuesday
  • Controlling Remote Access

Contact Us

SmartDefense User Forum

Resources for Messaging Security

SmartDefense Microsoft Security Resources
» Highlighted SmartDefense Updates

This table lists SmartDefense protection updates for recently disclosed threats.  In some cases, SmartDefense protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description SmartDefense Protection
Issued
Industry Reference SmartDefense Reference
Number
CriticalCritical Microsoft GDI+ VML Buffer Overrun 
9-Sep-08
CVE-2007-5348
MS08-052
CriticalCritical Microsoft GDI+ EMF Memory Corruption
9-Sep-08
CVE-2008-3012
MS08-052
CriticalCritical Microsoft GDI+ GIF Parsing Vulnerability
9-Sep-08
CVE-2008-3013
MS08-052
CriticalCritical Microsoft GDI+ WMF Buffer Overrun
9-Sep-08
CVE-2008-3014
MS08-052
CriticalCritical Microsost GDI+ BMP Integer Overflow
9-Sep-08
CVE-2008-3015
MS08-052
CriticalCritical Windows Media Encoder Buffer Overrun  
9-Sep-08
CVE-2008-3008
MS08-053
CriticalCritical Windows Media Player Sampling Rate Vulnerability
9-Sep-08
CVE-2008-2253
MS08-054
CriticalCritical Microsoft Uniform Resource Locator Validation Error 
9-Sep-08
CVE-2008-3007
MS08-055
CriticalHigh Cisco Webex Meeting Manager Vulnerability
28-Aug-08
CVE-2008-3558
CriticalHigh Apache Tomcat  Directory Traversal 
16-Jul-06
CVE-2008-2938

More SmartDefense Updates >


» How to Install SmartDefense Updates
SmartDefense Updates can be downloaded and configured on your Check Point products through the Check Point SmartCenter management interface.

How to Install SmartDefense Updates



SMARTDEFENSE DEPLOYMENT TIP
Best Practice: Controlling Remote Access
More security breaches occur by an attacker connecting to remote access servers inside a network than by any other means.* Because this access appears legitimate, you may not even realize that your security has been compromised. SmartDefense offers a number of protections against this attack vector, including:
  • Remote Administrator Authentication Enforcement
    This protection enforces the proper usage of the widely-used remote access application, Remote Administrator. This protection requires that any Remote Administrator session is authenticated via username and password.
  • Block VNC Authentication Bypass
    This protection guards against vulnerabilities in the popular remote access application Virtual Network Computing (VNC). With this protection you can configure SmartDefense to block unauthenticated negotiations between the VNC client and server. For more information about this protection, see CPAI-2006-071.
You can configure these Remote Control application protections in SmartDashboard:
  1. Click the SmartDefense tab.
  2. Click Application Intelligence > Remote Control Applications.
  3. Activate the protections
* Verizon 2008 Data Breach Investigations Report


Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the new SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features. The role of this forum is to allow SmartDefense users to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Do you know someone who should be getting these Advisories?

Tell them to sign up using the Smart Defense Advisory Subscription page.

» About SmartDefense and SmartDefense Services
Check Point SmartDefense provides intrusion prevention capabilities that are integrated into Check Point products. SmartDefense is updated by SmartDefense Services, which provide ongoing and real-time updates and configuration advisories for defenses and security policies. SmartDefense also helps to minimize threats by providing defenses that can be used before vendor supplied patches become available or are fully installed throughout the network. SmartDefense protections are developed and distributed by SmartDefense Research and Response Centers located around the globe.

For additional information about SmartDefense and SmartDefense Services, please visit the SmartDefense section of the Check Point Website.

Archived SmartDefense Security Advisories >
You have received this notification because either you have a User Center account or you have subscribed to the SmartDefense Newsletter. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2008 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065