DNS Cache Poisoning Vulnerabilities
(MS09-008, CVE-2009-0233, CVE-2009-0234)
Microsoft has announced two new vulnerabilities in their DNS servers. These vulnerabilities allow a hacker to insert false information into the DNS server’s cache, potentially redirecting users to malicious sites. Additional information.
Preemptive Protection against Zero-Day Adobe Vulnerability
These recent attacks exploit a known vulnerability in Adobe Acrobat and Adobe Reader. Check Point has provided a protection, through its various IPS offerings, that blocks these exploits since February 2008. Since there is currently no patch for this vulnerability and applying the patch to all vulnerable computers may take weeks for some organizations, Check Point recommends that companies augment their patching process with intrusion prevention systems, such as Check Point’s SmartDefense Services or the new IPS Software Blade. Additional information.
Microsoft DNS Server WPAD Registration Spoofing Vulnerability
A Web Proxy Auto-Discovery (WPAD) registration spoofing vulnerability has been reported in Microsoft DNS servers. This vulnerability could allow a remote attacker to spoof a web proxy, thereby redirecting Internet traffic from legitimate locations. Additional Information.
March 10, 2009
IN THIS ADVISORY:
- DNS Cache Poisoning Vulnerabilities
- Preemptive Protection against Zero-Day Adobe Vulnerability
- Microsoft DNS Server WPAD Registration Spoofing Vulnerability
- Using Predefined Profiles With The New IPS Software Blade
|» Highlighted Updates
This table lists Check Point protection updates for recently disclosed threats. In some cases, protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.
More Updates >
» How to Install SmartDefense Updates
SmartDefense Updates can be downloaded and configured on your Check Point
products through the Check Point SmartCenter management interface.
Best Practice: Using Predefined Profiles With The New IPS Software Blade
To make it easy to achieve immediate IPS protection, the new IPS Software Blade
includes the following predefined profiles:
- Default_Protection - used by default on new gateways, this profile provides basic IPS protection while giving excellent performance.
- Recommended_IPS_Protection - provides a very good mix of security and gateway performance for R70 gateways.
Setting the recommended profile for a gateway is easy:
- Double-click the gateway object.
- Click IPS to view the IPS settings for the gateway.
- Select Assign Profile and select Recommended_IPS_Protection from the drop down list and click OK.
Changes will take effect once you install the policy.
|Have SmartDefense feature questions?
Participate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
|Know someone who should be getting the Advisories?
» About SmartDefense and SmartDefense Services
Check Point SmartDefense provides intrusion prevention capabilities that are integrated into Check Point products. SmartDefense is updated by SmartDefense Services, which provide ongoing and real-time updates and configuration advisories for defenses and security policies. SmartDefense also helps to minimize threats by providing defenses that can be used before vendor supplied patches become available or are fully installed throughout the network. SmartDefense protections are developed and distributed by SmartDefense Research and Response Centers located around the globe. For additional information visit www.CheckPoint.com/Defense.
Archived SmartDefense Security Advisories >
|You have received this notification because either you have a User Center account or you have subscribed to the SmartDefense Newsletter. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.
©2003-2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065