ISC BIND 9 contains a vulnerability that may allow a remote attacker to create a denial-of-service condition. An exploit is currently available in the wild. Check Point protects against attacks that use this vulnerability through its IPS products.
Microsoft Windows AVI Vulnerabilities
(MS09-038, CVE-2009-1545, CVE-2009-1546)
Two remote code execution vulnerabilities have been discovered in the way Microsoft Windows handles AVI files. An attacker can exploit this flaw to execute arbitrary code on a vulnerable system via a malicious AVI file. Check Point provides protections against attacks that use these vulnerabilities through its integrated IPS offerings.
Microsoft Windows Workstation Service Vulnerability
An elevation of privilege vulnerability has been reported in the Microsoft Windows Workstation Service. An attacker may exploit this issue to run arbitrary code with elevated privileges on an affected system. Check Point provides protection against attacks that use this vulnerability through its integrated IPS offerings.
August 11, 2009
IN THIS ADVISORY:
- BIND Vulnerability
- Microsoft Windows AVI Vulnerabilities
- Microsoft Windows Workstation Service Vulnerability
- Adding a Network Exception from a Log Entry
Best Practice: Adding a Network Exception from a Log Entry
When viewing your logs, you may find that you need to create an exception to a protection to allow legitimate traffic. For example, while you may wish to generally prohibit a certain application, you may need to allow a particular individual to use it. You may also need to set exceptions to rules when working with a server that does not comply with RFC standards. With Check Point IPS Software Blade you can set exceptions directly from the log. By setting an exception, you can allow traffic that would normally be blocked by that protection.
To configure an exception:
- Right click the IPS log entry in SmartView Monitor.
- Select Add Exception.
- Configure the exception.
You can configure the exception for a specific profile or for all of them. You can also make the exception apply to just one protection or all similar protections. See the online help for details.
- To make exception management easier, it is highly recommended that you include in the Comment field the reason for the exception, your name, and the name of the person who approved the exception.
|» Highlighted Protections
This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.
More Updates >
|Have SmartDefense feature questions?
Participate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
|Know someone who should be getting the Advisories?
» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com
|You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.
©2003-2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065