Microsoft Office Multiple PowerPoint Vulnerabilities
Microsoft has published a security bulletin addressing multiple vulnerabilities identified in Microsoft Office PowerPoint. Most of these vulnerabilities are rated ‘Critical’.Through detailed parsing, Check Point's products provide defenses for each of these vulnerabilities.
Preemptive Protection against Adobe Memory Corruption Vulnerability
This vulnerability affects all currently supported versions of Adobe Reader and Adobe Acrobat software. Although the vulnerability was announced April 27th, Adobe does not plan to provide a patch until May 12th. Check Point has offered a protection against this vulnerability since February 2008.
MIT Kerberos Uninitialized Pointer Reference Vulnerability
An implementation vulnerability has been discovered in the MIT Kerberos server V5. This affects popular operating systems including Red Hat Linux and Sun Microsystems Solaris. Check Point provides defenses for this vulnerability by detecting and blocking malformed RPC requests. These defenses are available to SmartDefense Services (as updates to SmartDefense) and IPS Software Blade customers.
May 12, 2009
IN THIS ADVISORY:
- Microsoft Office Multiple PowerPoint Vulnerabilities
- Adobe Reader Memory Corruption Vulnerability
- MIT Kerberos Uninitialized Pointer Reference Vulnerability
- Easing Deployment Concerns
Tip: Easing Deployment Concerns
When deploying an integrated IPS, many administrators worry that they may mis-configure protections and cause unwanted traffic interruptions. To deal with this concern, the Check Point IPS Software Blade gives you the ability to create a profile that only detects malicious traffic. You can monitor the results, make any necessary adjustments, and then easily change to enforcement without having to reconfigure all of your protections. This can be useful both as an initial, or pilot deployment method and also for troubleshooting an existing installation.
- Set your profile as desired.
Set the protections that you plan to use to ‘Prevent’. Once you activate ‘Detect Only’ mode, the prevention settings will be overridden and all protections will only detect and log malicious traffic.
- Click the IPS tab and then click Profiles.
- Double-click the profile you created in step 1.
- Click Troubleshooting.
- Click the button to activate Detect-Only mode and click OK.
- Install the policy.
You can now monitor to see what the results of your policy would have been. If you find that desirable traffic is being blocked you can add exceptions and modify the configuration of individual protections from the associated logs. Once you are confident that your profile is correctly configured, you can deactivate Detect-Only mode and all the protections that are set to ‘Prevent’ will be enforced.
|» Highlighted Protections
This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.
More Updates >
|Have SmartDefense feature questions?
Participate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
|Know someone who should be getting the Advisories?
» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com
|You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.
©2003-2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065