»Hot Protections

WebDAV Internet Information Services Vulnerabilities
(MS09-027, CVE-2009-1535)

A vulnerability has been disclosed in the WebDAV extension of Microsoft Internet Information Services (IIS). A hacker could use this vulnerability to gain access to a location that typically requires authentication. Check Point’s VPN-1, VSX, and IPS solutions have had protections that defend against attacks that use these vulnerabilities since May 19th.

Free SmartDefense 30 Day TrialDirectShow QuickTime Vulnerability
(CVE-2009-1537)

A remote code execution vulnerability has been discovered in Microsoft’s DirectShow QuickTime Movie Parser filter. Successful exploitation may allow an attacker to take complete control of a target system. Since June 1st Check Point has provided immediate protection against exploits that use this unpatched vulnerability through its integrated IPS offerings.

Multiple Vendors NTP Daemon Vulnerability
(CVE-2009-1252)

A buffer overflow vulnerability has been reported in the ntpd (NTP daemon). This vulnerability has been rated highly critical and the affected software is very common in enterprise environments. A remote attacker may exploit this issue to crash the service and execute arbitrary code. Check Point has provided a protection that detects and blocks crafted packets sent to the NTP daemon since June 1st.
June 9, 2009

IN THIS ADVISORY:
  • WebDAV Internet Information Services Vulnerabilities
  • DirectShow QuickTime Vulnerability
  • Multiple Vendors NTP Daemon Vulnerability
  • Protecting Only Internal Hosts
  • Including Patch Tuesday
DEPLOYMENT TIP
Tip: Protecting Only Internal Hosts
Inspecting outbound traffic targeting hosts outside of your organization can be a waste of your time and resources. Not only does it increase the inspection load on your gateway, but it also results in unnecessary logs. The IPS Software Blade allows you to configure your setup to focus inspection only on traffic that may be hazardous to your organization's internal hosts (including your DMZ), and not inspect traffic that is targeting hosts outside your network.

To configure
  1. Double click the gateway.
  2. Click IPS
  3. Select Protect internal hosts only
  4. Install the policy
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description SmartDefense Protection
Issued
Industry Reference SmartDefense Reference
Number
CriticalCritical Microsoft Excel Object Record Memory Corruption  09-Jun-09

CVE-2009-0557
MS09-021

CPAI-2009-140

CriticalCritical Microsoft Excel ExternSheet Record Indexing Memory Corruption  09-Jun-09

CVE-2009-0558
MS09-021

CPAI-2009-142

CriticalCritical Microsoft Excel String Copy Stack-Based Overrun   09-Jun-09

CVE-2009-0559
MS09-021

CPAI-2009-144

CriticalCritical Microsoft Excel FormulaValue Field Memory Corruption  09-Jun-09

CVE-2009-0560
MS09-021

CPAI-2009-146

CriticalCritical Microsoft Excel SST Record Integer Overflow  09-Jun-09

CVE-2009-0561
MS09-021

CPAI-2009-148

CriticalCritical Microsoft Excel BRAI Record Pointer Corruption  09-Jun-09

CVE-2009-0549
MS09-021

CPAI-2009-158

CriticalCritical Microsoft Active Directory Invalid Free Remote Code Execution  09-Jun-09

CVE-2009-1138
MS09-018

CPAI-2009-152

CriticalCritical Microsoft Windows Print Spooler NetShareEnum Buffer Overflow  09-Jun-09

CVE-2009-0228
MS09-022

CPAI-2009-154

CriticalCritical Microsoft IIS WebDAV Extension URL Decoding Security Bypass  19-May-09 CVE-2009-1535
971492
MS09-027

CPAI-2009-130

CriticalCritical Multiple Vendors NTP Daemon Autokey Stack Buffer Overflow  31-May-09

CVE-2009-1252

CPAI-2009-134

CriticalHigh Microsoft IIS Anonymous HTTP Request Authentication Bypass  09-Jun-09

CVE-2009-1122
MS09-027

CPAI-2009-138

CriticalHigh Microsoft Windows Print Spooler LoadLibrary Information Disclosure  09-Jun-09

CVE-2009-0230
MS09-022

CPAI-2009-168

CriticalHigh Microsoft DirectShow QuickTime Movie Parser Filter Code Execution  31-May-09

CVE-2009-1537
971778

CPAI-2009-136


More Updates >



Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.

You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065