SmartDefense Security Advisory: March 10, 2009

»Hot Protections

DNS Cache Poisoning Vulnerabilities
(MS09-008, CVE-2009-0233, CVE-2009-0234)
Microsoft has announced two new vulnerabilities in their DNS servers. These vulnerabilities allow a hacker to insert false information into the DNS server’s cache, potentially redirecting users to malicious sites. Additional information.

Preemptive Protection against Zero-Day Adobe Vulnerability
(CVE-2009-0658 )(SBP-2009-04)
These recent attacks exploit a known vulnerability in Adobe Acrobat and Adobe Reader. Check Point has provided a protection, through its various IPS offerings, that blocks these exploits since February 2008. Since there is currently no patch for this vulnerability and applying the patch to all vulnerable computers may take weeks for some organizations, Check Point recommends that companies augment their patching process with intrusion prevention systems, such as Check Point’s SmartDefense Services or the new IPS Software Blade. Additional information.

Microsoft DNS Server WPAD Registration Spoofing Vulnerability
(MS09-008) (CVE-2009-0093)
A Web Proxy Auto-Discovery (WPAD) registration spoofing vulnerability has been reported in Microsoft DNS servers. This vulnerability could allow a remote attacker to spoof a web proxy, thereby redirecting Internet traffic from legitimate locations. Additional Information.

March 10, 2009

IN THIS ADVISORY:

Hot Protections

DNS Cache Poisoning Vulnerabilities
Preemptive Protection against Zero-Day Adobe Vulnerability
Microsoft DNS Server WPAD Registration Spoofing Vulnerability

Highlighted Updates

Including Patch Tuesday

How to Install SmartDefense Updates

Deployment Tip

Using Predefined Profiles With The New IPS Software Blade

» Highlighted Updates

This table lists Check Point protection updates for recently disclosed threats. In some cases, protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity	Vulnerability Description	Protection Issued	Industry Reference	Reference Number
Critical	Microsoft Windows Kernel Input Validation Remote Code Execution	10-Mar-09	CVE-2009-0081 MS09-006	CPAI-2009-040
High	Microsoft Windows Security Support Provider SChannel Spoofing Vulnerability	10-Mar-09	CVE-2009-0085 MS09-007	CPAI-2009-038
High	Multiple Microsoft DNS Server Cache Spoofing Vulnerabilities	10-Mar-09	CVE-2009-0233 MS09-008 CVE-2009-0234	CPAI-2009-036
High	Microsoft WINS Server WPAD Registration Spoofing Vulnerability	10-Mar-09	CVE-2009-0094 MS09-008	CPAI-2009-034
High	Microsoft DNS Server WPAD Registration Spoofing Vulnerability	10-Mar-09	CVE-2009-0093 MS09-008	CPAI-2009-032
Critical	Microsoft Excel Rich Text Parsing Zero-Day Remote Code Execution	26-Feb-09	CVE-2009-0238	CPAI-2009-028
High	Adobe Multiple Products JBIG2 Stream Buffer Overflow (preemptive)	24-Feb-09	CVE-2009-0658	SBP-2009-04
Critical	Sun Solstice AdminSuite sadmind service Buffer Overflow	19-Feb-09	CVE-2008-4556	CPAI-2009-024
Critical	Oracle Database SYS.OLAPIMPL_T Package Buffer Overflow	19-Feb-09	CVE-2008-3974	CPAI-2009-022
High	Squid HTTP Version Number Parsing Denial of Service	01-Mar-09	CVE-2009-0478	CPAI-2009-026
High	ProFTPD Server Username Handling SQL Injection	27-Feb-09	CVE-2009-0542	CPAI-2009-057
High	UltraVNC VNCViewer Authenticate Buffer Overflow	27-Feb-09	CVE-2009-0388	CPAI-2009-055
High	HP OpenView Network Node Manager HTTP Request Buffer Overflow	20-Feb-09	CVE-2008-4562	CPAI-2009-053

More Updates >

» How to Install SmartDefense Updates
SmartDefense Updates can be downloaded and configured on your Check Point products through the Check Point SmartCenter management interface.

DEPLOYMENT TIP
Best Practice: Using Predefined Profiles With The New IPS Software Blade
To make it easy to achieve immediate IPS protection, the new IPS Software Blade includes the following predefined profiles:

Default_Protection - used by default on new gateways, this profile provides basic IPS protection while giving excellent performance.
Recommended_IPS_Protection - provides a very good mix of security and gateway performance for R70 gateways.

Setting the recommended profile for a gateway is easy:

Double-click the gateway object.
Click IPS to view the IPS settings for the gateway.
Select Assign Profile and select Recommended_IPS_Protection from the drop down list and click OK.

Changes will take effect once you install the policy.

Have SmartDefense feature questions?
Participate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.

Know someone who should be getting the Advisories?

» About SmartDefense and SmartDefense Services
Check Point SmartDefense provides intrusion prevention capabilities that are integrated into Check Point products. SmartDefense is updated by SmartDefense Services, which provide ongoing and real-time updates and configuration advisories for defenses and security policies. SmartDefense also helps to minimize threats by providing defenses that can be used before vendor supplied patches become available or are fully installed throughout the network. SmartDefense protections are developed and distributed by SmartDefense Research and Response Centers located around the globe. For additional information visit www.CheckPoint.com/Defense.

Archived SmartDefense Security Advisories >

You have received this notification because either you have a User Center account or you have subscribed to the SmartDefense Newsletter. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.