Zero-Day MS PowerPoint Parsing Code Execution Vulnerability
(Microsoft Security Advisory 969136, CVE-2009-0556)
Microsoft Office PowerPoint contains a remote code execution vulnerability. There have been some limited reports of attacks in the wild that utilize this vulnerability. No patch has been released by Microsoft, but Check Point provides protections against attacks that use this vulnerability.
MS Windows HTTP Services Credential Reflection Vulnerability
A remote code execution vulnerability has been disclosed in the way Microsoft Windows HTTP Services handles NTLM credentials. This vulnerability can enable a hacker to execute malicious code as a logged on user of Windows HTTP Services. Check Point provides protections against attacks that use this vulnerability.
Microsoft ISA Server TCP State Limited Denial of Service Vulnerability
Microsoft Internet Security and Acceleration (ISA) Server is prone to a denial of service condition. Successful exploitation will cause the Web listener to stop responding to new requests. A Check Point protection against this vulnerability has been available since 2004.
April 14, 2009
IN THIS ADVISORY:
- Zero-Day MS PowerPoint Parsing Code Execution Vulnerability
- MS Windows HTTP Services Credential Reflection Vulnerability
- Microsoft ISA Server TCP State Limited Denial of Service Vulnerability
Best Practice: Bypass Under Load
The new Check Point IPS Software Blade delivers not only industry-leading performance, but also tuning features to help optimize the configuration for your specific performance needs. The Bypass Under Load feature allows the administrator to temporarily suspend IPS inspection on a gateway if it comes under heavy load and resume inspection when the gateway resource use returns to acceptable levels. Load and inspection resumption thresholds are completely configurable. This means you never have to worry about your IPS causing your gateway performance to fall to unacceptable levels.
To bypass IPS inspection under heavy load in the IPS Software Blade:
- In the IPS tab, select Enforcing Gateways.
- Select a gateway with critical load issues and click Edit.
- Select Bypass SmartDefense inspection when gateway is under heavy load. Optionally, you can select a tracking method to log activity while IPS inspection is turned off.
- To configure the definition of heavy load, click Advanced.
- In the High fields specify at what load threshold you want IPS inspection to be bypassed.
- In the Low fields, specify when to resume IPS inspection.
- Click OK.
|» Highlighted Protections
This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.
More Updates >
|Have SmartDefense feature questions?
Participate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
|Know someone who should be getting the Advisories?
» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com
|You have received this notification because either you have a User Center account or you have subscribed to the SmartDefense Newsletter. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.
©2003-2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065