»Hot SmartDefense Protections

Microsoft SQL Server Stored Procedure Buffer Overflow Vulnerability
(961040, CVE-2008-5416)
This vulnerability is due to an error in the Microsoft SQL Server when calling the extended stored procedure sp_replwritetovarbin with a set of crafted parameters. Successful exploitation would cause a denial of service and may allow execution of arbitrary code on a vulnerable system. Although there is currently no Microsoft patch available, SmartDefense Services provides protections to Check Point products against exploits that use this vulnerability.

Free SmartDefense 30 Day TrialSSL Certificate Forgery Attacks
This attack leverages a weakness in the MD5 algorithm, which is used to sign SSL certificates that tie authentic corporate identities to corresponding Web site addresses and public encryption keys. Researchers were able to devise a way to manipulate an official Certificate Authority (CA) and launch an attack that would forge a rogue CA that then becomes trusted by all common browsers. SmartDefense provides a protection that will detect and block SSL connections to Web sites whose certificate may have been forged using this recently discovered attack.

Internet Explorer 7 Vulnerability
(MS08-078, CVE-2008-4844)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, causing the browser to crash and allowing execution of arbitrary commands. SmartDefense Services provided protections to Check Point products against exploits that use this vulnerability six days before the Microsoft patch was available.
January 13, 2009

IN THIS ADVISORY:
  • Microsoft SQL Server Stored Procedure Buffer Overflow Vulnerability
  • SSL Certificate Forgery Attacks
  • Internet Explorer 7 Vulnerability
  • Including Patch Tuesday
  • Blocking Thunder
» Highlighted SmartDefense Updates

This table lists SmartDefense protection updates for recently disclosed threats. In some cases, SmartDefense protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description SmartDefense Protection
Issued
Industry Reference SmartDefense Reference
Number
CriticalCritical Microsoft SMB TRANS2 Request Validation Remote Code Execution  13-Jan-09 MS09-001
CVE-2008-4835
CPAI-2009-002
CriticalCritical Microsoft SMB TRANS Request Buffer Overflow Remote Code Execution 13-Jan-09 MS09-001
CVE-2008-4834
CPAI-2009-003
CriticalCritical SSL Certificate Forgery via MD5 Collision Attacks 05-Jan-09 CPAI-2009-001
CriticalCritical Microsoft SQL Server 'sp_replwritetovarbin' Stored Procedure Buffer Overflow  16-Dec-08 961040
CVE-2008-5416
CPAI-2008-189
CriticalCritical Microsoft Internet Explorer XML Parsing Zero-Day Remote Code Execution 11-Dec-08 MS08-078
CVE-2008-4844
CPAI-2008-187
Medium Security Best Practice: Blocking Thunder 07-Jan-09 SBP-2009-01

More SmartDefense Updates >


» How to Install SmartDefense Updates
SmartDefense Updates can be downloaded and configured on your Check Point products through the Check Point SmartCenter management interface.

How to Install SmartDefense Updates



SMARTDEFENSE DEPLOYMENT TIP
Best Practice: Blocking Thunder
Peer to peer Internet traffic, such as Thunder, slows critical business applications on corporate networks. It lowers employee productivity as they take time away from their work to download music and videos. This sort of traffic also significantly increases your company’s Internet communication costs and may require you to purchase additional bandwidth.

Protection
  1. Click the SmartDefense tab.
  2. Click Application Intelligence > Peer to Peer > Thunder.
  3. In the Configuration pane, under Settings > Mode, select Active.


Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About SmartDefense and SmartDefense Services
Check Point SmartDefense provides intrusion prevention capabilities that are integrated into Check Point products. SmartDefense is updated by SmartDefense Services, which provide ongoing and real-time updates and configuration advisories for defenses and security policies. SmartDefense also helps to minimize threats by providing defenses that can be used before vendor supplied patches become available or are fully installed throughout the network. SmartDefense protections are developed and distributed by SmartDefense Research and Response Centers located around the globe. For additional information visit www.CheckPoint.com/Defense.

Archived SmartDefense Security Advisories >
You have received this notification because either you have a User Center account or you have subscribed to the SmartDefense Newsletter. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065