»Top Protections

BIND Vulnerability
(CVE-2009-0696, VU#725188)

ISC BIND 9 contains a vulnerability that may allow a remote attacker to create a denial-of-service condition. An exploit is currently available in the wild. Check Point protects against attacks that use this vulnerability through its IPS products.

Free SmartDefense 30 Day TrialMicrosoft Windows AVI Vulnerabilities
(MS09-038, CVE-2009-1545, CVE-2009-1546)

Two remote code execution vulnerabilities have been discovered in the way Microsoft Windows handles AVI files. An attacker can exploit this flaw to execute arbitrary code on a vulnerable system via a malicious AVI file. Check Point provides protections against attacks that use these vulnerabilities through its integrated IPS offerings.

Microsoft Windows Workstation Service Vulnerability
(MS09-041, CVE-2009-1544)

An elevation of privilege vulnerability has been reported in the Microsoft Windows Workstation Service. An attacker may exploit this issue to run arbitrary code with elevated privileges on an affected system. Check Point provides protection against attacks that use this vulnerability through its integrated IPS offerings.
August 11, 2009

IN THIS ADVISORY:
  • BIND Vulnerability
  • Microsoft Windows AVI Vulnerabilities
  • Microsoft Windows Workstation Service Vulnerability
  • Adding a Network Exception from a Log Entry
  • Including Patch Tuesday
DEPLOYMENT TIP
Best Practice: Adding a Network Exception from a Log Entry
When viewing your logs, you may find that you need to create an exception to a protection to allow legitimate traffic. For example, while you may wish to generally prohibit a certain application, you may need to allow a particular individual to use it. You may also need to set exceptions to rules when working with a server that does not comply with RFC standards. With Check Point IPS Software Blade you can set exceptions directly from the log. By setting an exception, you can allow traffic that would normally be blocked by that protection.

To configure an exception:
  1. Right click the IPS log entry in SmartView Monitor.
  2. Select Add Exception.
  3. Configure the exception.
    You can configure the exception for a specific profile or for all of them. You can also make the exception apply to just one protection or all similar protections. See the online help for details.
  4. To make exception management easier, it is highly recommended that you include in the Comment field the reason for the exception, your name, and the name of the person who approved the exception.
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description SmartDefense Protection
Issued		 Industry Reference SmartDefense Reference
Number
CriticalCritical Microsoft Windows AVI File Data Validation Integer Overflow  11-Aug-09 MS09-038
CVE-2009-1546		 CPAI-2009-151
CriticalCritical Microsoft Windows AVI Processing Malformed Header Remote Code Execution  11-Aug-09 MS09-038
CVE-2009-1545		 CPAI-2009-149
CriticalCritical Microsoft WINS Buffer Allocation Integer Overflow 11-Aug-09 MS09-039
CVE-2009-1924		 CPAI-2009-147
CriticalCritical Microsoft WINS Buffer Length Heap Overflow  11-Aug-09 MS09-039
CVE-2009-1923		 CPAI-2009-145
CriticalCritical Microsoft Remote Desktop Client Connection ActiveX Heap Overflow  11-Aug-09 MS09-044
CVE-2009-1929		 CPAI-2009-131
CriticalCritical Microsoft Remote Desktop Connection DWORD Heap Overflow  11-Aug-09 MS09-044
CVE-2009-1133		 CPAI-2009-157
CriticalCritical Invalid IIS ASP.Net URI Character Requests 11-Aug-09 MS09-036
CVE-2009-1536		 SBP-2009-15
CriticalCritical Internet Explorer Uninitialized Memory Corruption  28-Jul-09 MS09-034
CVE-2009-1919		 CPAI-2009-143
CriticalCritical Internet Explorer HTML Objects Memory Corruption 28-Jul-09 MS09-034
CVE-2009-1918		 CPAI-2009-141
CriticalCritical Internet Explorer Memory Corruption  28-Jul-09 MS09-034
CVE-2009-1917 		 CPAI-2009-139
CriticalCritical Novell Client NetIdentity Agent Remote Code Execution  24-Jul-09 CVE-2009-1350 CPAI-2009-209
CriticalCritical DHCP Stack Overflow in 'dhclient' script_write_params() 17-Jul-09 CVE-2009-0692 CPAI-2009-207
CriticalHigh Microsoft Windows Workstation Routine Memory Corruption  11-Aug-09 MS09-041
CVE-2009-1544		 CPAI-2009-155
CriticalHigh Microsoft Windows Telnet Services Credential Reflection Code Execution 11-Aug-09 MS09-042
CVE-2009-1930		 CPAI-2009-159
CriticalHigh ISC BIND 9 Denial of Service  29-Jul-09 CVE-2009-0696 CPAI-2009-219
CriticalHigh Oracle BEA Weblogic Server console-help.portal Cross-Site Scripting 24-Jul-09 CVE-2009-1975 CPAI-2009-211
CriticalHigh Oracle Database Secure Enterprise Search Cross Site Scripting  24-Jul-09 CVE-2009-1968 CPAI-2009-223
CriticalHigh Cisco IOS Administrative Interface HTTP Authentication  31-Jul-09 CVE-2009-1166
CVE-2009-1164		 CPAI-2009-221

More Updates >
Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.
You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065