»Hot Protections

Microsoft Office Multiple PowerPoint Vulnerabilities
(MS09-017)

Microsoft has published a security bulletin addressing multiple vulnerabilities identified in Microsoft Office PowerPoint. Most of these vulnerabilities are rated ‘Critical’.Through detailed parsing, Check Point's products provide defenses for each of these vulnerabilities.

Free SmartDefense 30 Day TrialPreemptive Protection against Adobe Memory Corruption Vulnerability
(CVE-2009-1492)

This vulnerability affects all currently supported versions of Adobe Reader and Adobe Acrobat software.  Although the vulnerability was announced April 27th, Adobe does not plan to provide a patch until May 12th. Check Point has offered a protection against this vulnerability since February 2008.

MIT Kerberos Uninitialized Pointer Reference Vulnerability
(CVE-2009-0846)

An implementation vulnerability has been discovered in the MIT Kerberos server V5. This affects popular operating systems including Red Hat Linux and Sun Microsystems Solaris. Check Point provides defenses for this vulnerability by detecting and blocking malformed RPC requests. These defenses are available to SmartDefense Services (as updates to SmartDefense) and IPS Software Blade customers.
May 12, 2009

IN THIS ADVISORY:
  • Microsoft Office Multiple PowerPoint Vulnerabilities
  • Adobe Reader Memory Corruption Vulnerability
  • MIT Kerberos Uninitialized Pointer Reference Vulnerability
  • Easing Deployment Concerns
  • Including Patch Tuesday
DEPLOYMENT TIP
Tip: Easing Deployment Concerns
When deploying an integrated IPS, many administrators worry that they may mis-configure protections and cause unwanted traffic interruptions. To deal with this concern, the Check Point IPS Software Blade gives you the ability to create a profile that only detects malicious traffic. You can monitor the results, make any necessary adjustments, and then easily change to enforcement without having to reconfigure all of your protections. This can be useful both as an initial, or pilot deployment method and also for troubleshooting an existing installation.

To configure:
  1. Set your profile as desired.
    Set the protections that you plan to use to ‘Prevent’. Once you activate ‘Detect Only’ mode, the prevention settings will be overridden and all protections will only detect and log malicious traffic.
  2. Click the IPS tab and then click Profiles.
  3. Double-click the profile you created in step 1.
  4. Click Troubleshooting.
  5. Click the Detect Button button to activate Detect-Only mode and click OK.
  6. Install the policy.
You can now monitor to see what the results of your policy would have been. If you find that desirable traffic is being blocked you can add exceptions and modify the configuration of individual protections from the associated logs. Once you are confident that your profile is correctly configured, you can deactivate Detect-Only mode and all the protections that are set to ‘Prevent’ will be enforced.
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description SmartDefense Protection
Issued		 Industry Reference SmartDefense Reference
Number
CriticalCritical Microsoft PowerPoint Converter ExEmbed Record Stack Corruption  12-May-09 MS09-017
CVE-2009-1129		 CPAI-2009-110
CriticalCritical Microsoft PowerPoint Converter CoCollection Record Handling Error  12-May-09 MS09-017
CVE-2009-0226		 CPAI-2009-118
CriticalCritical Microsoft PowerPoint Converter ExObject Record Remote Code Execution  12-May-09 MS09-017
CVE-2009-0223		 CPAI-2009-120
CriticalCritical Microsoft PowerPoint Converter NoteSlide Record Memory Corruption  12-May-09 MS09-017
CVE-2009-0220		 CPAI-2009-122
CriticalCritical Microsoft PowerPoint Converter SlideRec Record Remote Code Execution  12-May-09 MS09-017
CVE-2009-0222		 CPAI-2009-124
CriticalCritical Microsoft PowerPoint Converter SoundEntity Record Stack Corruption  12-May-09 MS09-017
CVE-2009-1128		 CPAI-2009-108
CriticalCritical Microsoft PowerPoint Data Out of Bounds Stack Buffer Overflow  12-May-09 MS09-017
CVE-2009-1131		 CPAI-2009-106
CriticalCritical Microsoft PowerPoint Legacy File Format Stack Buffer Overrun  12-May-09 MS09-017
CVE-2009-0227		 CPAI-2009-104
CriticalCritical Microsoft PowerPoint Invalid Build Object Casting Memory Corruption  12-May-09 MS09-017
CVE-2009-0224		 CPAI-2009-114
CriticalCritical MIT Kerberos ASN.1 Uninitialized Pointer Reference 28-Apr-09 CVE-2009-0846 CPAI-2009-096
CriticalCritical IBM DB2 Database Server CONNECT Request Denial of Service  28-Apr-09 CVE-2009-0172 CPAI-2009-094
CriticalCritical Microsoft PowerPoint MasterPagePackedText Record Remote Code Execution  12-May-09 MS09-017
CVE-2009-1137		 CPAI-2009-126
CriticalCritical Microsoft Office Word WordPerfect Converter Buffer Overflow  30-Apr-09 MS09-010
CVE-2009-0088		 CPAI-2009-073
CriticalHigh Microsoft PowerPoint Legacy File Format Memory Corruption  12-May-09 MS09-017
CVE-2009-0225		 CPAI-2009-102
CriticalHigh Microsoft PowerPoint LinkedSlide Record Integer Overflow  12-May-09 MS09-017
CVE-2009-0221		 CPAI-2009-112
CriticalHigh Microsoft PowerPoint Notes Record Parsing Heap Corruption  12-May-09 MS09-017
CVE-2009-1130		 CPAI-2009-116
CriticalHigh Adobe Reader JavaScript getAnnots Method Memory Corruption 03-May-09 CVE-2009-1492 CPAI-2009-100
CriticalHigh Oracle Application Server 10g OPMN Service Format String  24-Apr-09 CVE-2009-0993 CPAI-2009-071
CriticalHigh Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow 08-May-09 CVE-2009-1016 CPAI-2009-081
CriticalHigh IBM WebSphere Application Server Cross Site Scripting  24-Apr-09   CPAI-2009-069
CriticalHigh HP OpenView Network Node Manager ovalarmsrv Integer Overflow  8-May-09 CVE-2008-2438 CPAI-2009-083
CriticalHigh IBM Tivoli Storage Manager Agent Client Vulnerability 8-May-09 CVE-2008-4828 CPAI-2009-085

More Updates >
Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.
You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065