|»Hot SmartDefense Protections
Downadup (Conficker) Worm
The Downadup worm (a.k.a. ‘Conficker’) exploits the MS08-067 vulnerability in the Windows Server Service and propagates itself quickly over a network. Although a patch from Microsoft has existed for this vulnerability since October, delays in applying the patch allowed millions of computers to become infected and left millions more vulnerable. SmartDefense Services have been preemptive against this worm since 2006, with the protection against Microsoft Windows Server Service Vulnerability (MS06-040), and an enhanced protection issued on the same day the new Microsoft vulnerability (MS08-067) was announced in October 2008.
Microsoft Exchange Server Vulnerability
Microsoft Exchange is the world’s leading corporate email platform. Microsoft Exchange does not properly decode messages in TNEF format, which is used by the Exchange Server when sending messages formatted in Rich Text Format (RTF). Remote attackers may exploit this vulnerability via a specially crafted TNEF message. A user opening or previewing the maliciously-crafted message will trigger the vulnerability. The attacker may then be able to take complete control of the Exchange Server. See protection CPAI-2009-010 for additional information.
Preemptive Protection against Novell GroupWise Internet Agent Buffer Overflow
Novell GroupWise is an email, calendaring and collaborative application available from Novell. A buffer overflow vulnerability has been reported in Novell GroupWise, specifically in its Mail Transfer Agent. A remote unauthenticated attacker could exploit the vulnerability by sending an overly long RCPT TO command to the affected application. Successful exploitation may allow for code execution with SMTP process privileges, or may terminate the service and lead to a Denial of Service condition. SmartDefense Services have provided preemptive protection against this vulnerability since January 2005, when protections were made available to detect and block SMTP commands longer than a configurable threshold. See protection CPAI-2009-041 for additional information.
February 10, 2009
IN THIS ADVISORY:
- Downadup (Conficker) Worm
- Microsoft Exchange Server Vulnerability
- Preemptive Protection against Novell GroupWise Internet Agent Buffer Overflow
- Improving Performance for Mail Protections
|» Highlighted SmartDefense Updates
This table lists SmartDefense protection updates for recently disclosed threats. In some cases, SmartDefense protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.
More SmartDefense Updates >
» How to Install SmartDefense Updates
SmartDefense Updates can be downloaded and configured on your Check Point
products through the Check Point SmartCenter management interface.
Best Practice: Improving performance for mail server protections
When there is a need to deeply inspect mail-related network traffic, limiting mail protections only for traffic to or from designated mail servers is useful (because inspecting all traffic may cause undesired performance degradation). The below approach allows for deep inspection of mail-related traffic without impacting other corporate traffic. SmartDefense protections such as POP3/IMAP Security and SMTP Mail Security Server are designed to use this capability.
This approach can be used to protect against the recent Microsoft Security bulletin MS09-003 (CVE-2009-0099
). The Microsoft bulletin describes a vulnerability in the Microsoft Exchange Server that can be exploited by sending a specially crafted mail notification. By defining your corporate Exchange Server as a mail server, you can apply the MS09-003 protection to the Exchange Server and ensure that the protection will inspect mail notifications targeted only to your Exchange Server, rather than inspecting all traffic for malformed mail notifications.
Instructions for defining a mail server.
|Have SmartDefense feature questions?
Participate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
|Know someone who should be getting the Advisories?
» About SmartDefense and SmartDefense Services
Check Point SmartDefense provides intrusion prevention capabilities that are integrated into Check Point products. SmartDefense is updated by SmartDefense Services, which provide ongoing and real-time updates and configuration advisories for defenses and security policies. SmartDefense also helps to minimize threats by providing defenses that can be used before vendor supplied patches become available or are fully installed throughout the network. SmartDefense protections are developed and distributed by SmartDefense Research and Response Centers located around the globe. For additional information visit www.CheckPoint.com/Defense.
Archived SmartDefense Security Advisories >
|You have received this notification because either you have a User Center account or you have subscribed to the SmartDefense Newsletter. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.
©2003-2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065