»Hot Protections

Zero-Day MS PowerPoint Parsing Code Execution Vulnerability
(Microsoft Security Advisory 969136, CVE-2009-0556)

Microsoft Office PowerPoint contains a remote code execution vulnerability. There have been some limited reports of attacks in the wild that utilize this vulnerability. No patch has been released by Microsoft, but Check Point provides protections against attacks that use this vulnerability.

Free SmartDefense 30 Day TrialMS Windows HTTP Services Credential Reflection Vulnerability
(MS09-013, CVE-2009-0550)

A remote code execution vulnerability has been disclosed in the way Microsoft Windows HTTP Services handles NTLM credentials. This vulnerability can enable a hacker to execute malicious code as a logged on user of Windows HTTP Services. Check Point provides protections against attacks that use this vulnerability.

Microsoft ISA Server TCP State Limited Denial of Service Vulnerability
(MS09-016, CVE-2009-0077)

Microsoft Internet Security and Acceleration (ISA) Server is prone to a denial of service condition. Successful exploitation will cause the Web listener to stop responding to new requests. A Check Point protection against this vulnerability has been available since 2004.
April 14, 2009

IN THIS ADVISORY:
  • Zero-Day MS PowerPoint Parsing Code Execution Vulnerability
  • MS Windows HTTP Services Credential Reflection Vulnerability
  • Microsoft ISA Server TCP State Limited Denial of Service Vulnerability
  • Bypass Under Load
  • Including Patch Tuesday
DEPLOYMENT TIP
Best Practice: Bypass Under Load
The new Check Point IPS Software Blade delivers not only industry-leading performance, but also tuning features to help optimize the configuration for your specific performance needs. The Bypass Under Load feature allows the administrator to temporarily suspend IPS inspection on a gateway if it comes under heavy load and resume inspection when the gateway resource use returns to acceptable levels. Load and inspection resumption thresholds are completely configurable. This means you never have to worry about your IPS causing your gateway performance to fall to unacceptable levels.

To bypass IPS inspection under heavy load in the IPS Software Blade:
  1. In the IPS tab, select Enforcing Gateways.
  2. Select a gateway with critical load issues and click Edit.
  3. Select Bypass SmartDefense inspection when gateway is under heavy load. Optionally, you can select a tracking method to log activity while IPS inspection is turned off.
  4. To configure the definition of heavy load, click Advanced.
  5. In the High fields specify at what load threshold you want IPS inspection to be bypassed.
  6. In the Low fields, specify when to resume IPS inspection.
  7. Click OK.
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description SmartDefense Protection
Issued		 Industry Reference SmartDefense Reference
Number
CriticalCritical Internet Explorer Memory Corruption  14-Apr-09 MS09-014
CVE-2009-0554
CVE-2009-0552
CVE-2009-0551
CVE-2009-0553		 CPAI-2009-084
CPAI-2009-086
CPAI-2009-078
CPAI-2009-090
CriticalCritical Microsoft DirectShow MJPEG Decompression Remote Code Execution 14-Apr-09 MS09-011
CVE-2009-0084		 CPAI-2009-080
CriticalCritical Wordpad and Office Text Converters Remote Code Execution  14-Apr-09 MS09-010
CVE-2008-4841
CVE-2009-0235
CVE-2009-0087		 CPAI-2009-074
CPAI-2009-068
CPAI-2009-072
CriticalCritical Microsoft Windows HTTP Services Chunked Encoding Remote Code Execution  14-Apr-09 MS09-013
CVE-2009-0086		 CPAI-2009-088
CriticalCritical Microsoft Excel OBJ Record Parsing Memory Corruption  14-Apr-09 MS09-009
CVE-2009-0100		 CPAI-2009-076
CriticalCritical Microsoft Excel Rich Text Parsing Zero-Day Remote Code Execution 26-Feb-09 MS09-009
CVE-2009-0238		 CPAI-2009-028 
CriticalCritical Zero-day Microsoft Office PowerPoint Invalid Object Reference 06-Apr-09 CVE-2009-0556 CPAI-2009-066
CriticalCritical Cisco Application Networking Manager Security Bypass 22-Mar-09 CVE-2009-0616 CPAI-2009-046
CriticalCritical IBM Tivoli Storage Manager Express Backup Server Heap Corruption  30-Mar-09 CVE-2008-4563 CPAI-2009-058
CriticalHigh Microsoft Windows HTTP Services Credential Reflection Remote Code Execution 14-Apr-09 MS09-014
CVE-2009-0550		 CPAI-2009-082
CriticalHigh Microsoft Windows HTTP Services Certificate Name Mismatch Remote Code Execution  09-Mar-05 MS09-013
CVE-2009-0089		 SBP-2009-10
CPSA-2005-002
CriticalHigh Microsoft ISA Server TCP State Limited Denial of Service 21-Apr-04 MS09-016
CVE-2009-0077		 SBP-2009-12
CPSA-2004-17
CriticalHigh Microsoft ISA Server Cross-Site Scripting (XSS)  15-Mar-05 MS09-016
CVE-2009-0237		 CPAI-2009-092
CPSA-2005-003
CriticalHigh Adobe Multiple Products JBIG2 Stream Buffer Overflow 30-Mar-09 CVE-2009-0658 CPAI-2009-050
CriticalHigh HP OpenView Network Node Manager Multiple Parameters Buffer Overflow 02-Apr-09 CVE-2009-0920
CVE-2009-0921		 CPAI-2009-062
Medium Microsoft Windows Searchpath Blended Threat Privilege Escalation  02-Jun-08 MS09-015
CVE-2008-2540		 CPAI-2008-082

More Updates >
Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.
You have received this notification because either you have a User Center account or you have subscribed to the SmartDefense Newsletter. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065