»Hot Protections

DNS Cache Poisoning Vulnerabilities
(MS09-008, CVE-2009-0233, CVE-2009-0234)
Microsoft has announced two new vulnerabilities in their DNS servers. These vulnerabilities allow a hacker to insert false information into the DNS server’s cache, potentially redirecting users to malicious sites. Additional information.

Free SmartDefense 30 Day TrialPreemptive Protection against Zero-Day Adobe Vulnerability

(CVE-2009-0658 )(SBP-2009-04)
These recent attacks exploit a known vulnerability in Adobe Acrobat and Adobe Reader. Check Point has provided a protection, through its various IPS offerings, that blocks these exploits since February 2008. Since there is currently no patch for this vulnerability and applying the patch to all vulnerable computers may take weeks for some organizations, Check Point recommends that companies augment their patching process with intrusion prevention systems, such as Check Point’s SmartDefense Services or the new IPS Software Blade. Additional information.

Microsoft DNS Server WPAD Registration Spoofing Vulnerability
(MS09-008) (CVE-2009-0093)
A Web Proxy Auto-Discovery (WPAD) registration spoofing vulnerability has been reported in Microsoft DNS servers. This vulnerability could allow a remote attacker to spoof a web proxy, thereby redirecting Internet traffic from legitimate locations. Additional Information.
March 10, 2009

IN THIS ADVISORY:
  • DNS Cache Poisoning Vulnerabilities
  • Preemptive Protection against Zero-Day Adobe Vulnerability
  • Microsoft DNS Server WPAD Registration Spoofing Vulnerability
  • Including Patch Tuesday
  • Using Predefined Profiles With The New IPS Software Blade
» Highlighted Updates

This table lists Check Point protection updates for recently disclosed threats. In some cases, protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description Protection
Issued
Industry Reference Reference
Number
CriticalCritical Microsoft Windows Kernel Input Validation Remote Code Execution  10-Mar-09 CVE-2009-0081
MS09-006
CPAI-2009-040
CriticalHigh Microsoft Windows Security Support Provider SChannel Spoofing Vulnerability  10-Mar-09 CVE-2009-0085
MS09-007
CPAI-2009-038
CriticalHigh Multiple Microsoft DNS Server Cache Spoofing Vulnerabilities 10-Mar-09 CVE-2009-0233
MS09-008
CVE-2009-0234
CPAI-2009-036
CriticalHigh Microsoft WINS Server WPAD Registration Spoofing Vulnerability  10-Mar-09 CVE-2009-0094
MS09-008
CPAI-2009-034
CriticalHigh Microsoft DNS Server WPAD Registration Spoofing Vulnerability  10-Mar-09 CVE-2009-0093
MS09-008
CPAI-2009-032
CriticalCritical Microsoft Excel Rich Text Parsing Zero-Day Remote Code Execution  26-Feb-09 CVE-2009-0238 CPAI-2009-028
CriticalHigh Adobe Multiple Products JBIG2 Stream Buffer Overflow  (preemptive) 24-Feb-09 CVE-2009-0658 SBP-2009-04
CriticalCritical Sun Solstice AdminSuite sadmind service Buffer Overflow 19-Feb-09 CVE-2008-4556 CPAI-2009-024
CriticalCritical Oracle Database SYS.OLAPIMPL_T Package Buffer Overflow 19-Feb-09 CVE-2008-3974 CPAI-2009-022
CriticalHigh Squid HTTP Version Number Parsing Denial of Service  01-Mar-09 CVE-2009-0478 CPAI-2009-026
CriticalHigh ProFTPD Server Username Handling SQL Injection 27-Feb-09 CVE-2009-0542 CPAI-2009-057
CriticalHigh UltraVNC VNCViewer Authenticate Buffer Overflow 27-Feb-09 CVE-2009-0388 CPAI-2009-055
CriticalHigh HP OpenView Network Node Manager HTTP Request Buffer Overflow 20-Feb-09 CVE-2008-4562 CPAI-2009-053

More Updates >


» How to Install SmartDefense Updates
SmartDefense Updates can be downloaded and configured on your Check Point products through the Check Point SmartCenter management interface.

How to Install SmartDefense Updates



DEPLOYMENT TIP
Best Practice: Using Predefined Profiles With The New IPS Software Blade
To make it easy to achieve immediate IPS protection, the new IPS Software Blade includes the following predefined profiles:
  • Default_Protection - used by default on new gateways, this profile provides basic IPS protection while giving excellent performance.
  • Recommended_IPS_Protection - provides a very good mix of security and gateway performance for R70 gateways.
Setting the recommended profile for a gateway is easy:
  1. Double-click the gateway object.
  2. Click IPS to view the IPS settings for the gateway.
  3. Select Assign Profile and select Recommended_IPS_Protection from the drop down list and click OK.
Changes will take effect once you install the policy.


Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About SmartDefense and SmartDefense Services
Check Point SmartDefense provides intrusion prevention capabilities that are integrated into Check Point products. SmartDefense is updated by SmartDefense Services, which provide ongoing and real-time updates and configuration advisories for defenses and security policies. SmartDefense also helps to minimize threats by providing defenses that can be used before vendor supplied patches become available or are fully installed throughout the network. SmartDefense protections are developed and distributed by SmartDefense Research and Response Centers located around the globe. For additional information visit www.CheckPoint.com/Defense.

Archived SmartDefense Security Advisories >
You have received this notification because either you have a User Center account or you have subscribed to the SmartDefense Newsletter. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065