»Top Protections

Microsoft Windows Internal Server Vulnerabilities
(MS09-064, CVE-2009-2523, MS09-066, CVE-2009-1928)

A large percentage of security breaches involve internal attacks from employees. Recently, two new, important vulnerabilities were uncovered in commonly-used Microsoft servers, making them vulnerable to such an attack. Check Point provides protection against attacks that use these vulnerabilities through its integrated IPS products, IPS Software Blade and SmartDefense. More information.

Free SmartDefense 30 Day TrialOracle Database Server Buffer Overflow Vulnerability
(CVE-2009-1979)

A buffer overflow vulnerability exists in the Oracle Database server. A remote attacker may exploit this vulnerability to execute arbitrary code on a vulnerable system. Check Point, through its worldwide threat response team, provides immediate protection against exploits using this vulnerability through its integrated IPS offerings, IPS Software Blade and  SmartDefense. More information.

Foxy
(CVE-2008-6472)

Foxy is a popular peer-to-peer file sharing application, widely used in Hong Kong, Mainland China, and Taiwan. Not only does it slow network traffic and lower employee productivity, it also can present a serious security risk. The Check Point IPS Software Blade has a variety of application controls that can be used to block applications that may violate company policy, such as this one. More information.
November 10, 2009

IN THIS ADVISORY:
  • Microsoft Windows Internal Server Vulnerabilities
  • Oracle Database Server Buffer Overflow Vulnerability
  • Foxy
  • Excluding Irrelevant Protection Categories
  • Including Patch Tuesday
DEPLOYMENT TIP
Best Practice: Excluding Irrelevant Protection Categories
Activating protections for resources you don’t have can decrease your performance and increase false positives. With Check Point IPS Software Blade, you can avoid these issues by centrally turning off protection categories which are not relevant to your organization. For example, if you don't have Citrix server in your organization you can turn off all current and future Citrix protections.

To exclude protection categories from the IPS Policy:
  1. In Profile Properties > IPS Policy, select Do not activate protections in the following categories and click Configure.
Best Practice: Excluding Irrelevant Protection Categories
The Non-Auto Activation window opens.
  1. Click Add. The Select Category window opens.
  2. Select the categories in the tree that you do not want to be activated.
    For example, if you selected to automatically activate Server Protections, and then add Syslog to the categories in the Non-Auto Activation window, the Syslog protections (such as Apply Malicious Code Protector) will not be automatically activated in this profile.
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description Check Point Protection
Issued		 Industry Reference Check Point Reference
Number
CriticalCritical Microsoft License Logging Server RPC Call Heap Overflow  10-Nov-09 MS09-064
CVE-2009-2523		 CPAI-2009-286
CriticalCritical Microsoft Web Services on Devices API Memory Corruption  10-Nov-09 MS09-051
CVE-2009-2512		 CPAI-2009-280
CriticalCritical Oracle Database Server Network Authentication AUTH_SESSKEY Buffer Overflow  02-Nov-08 Oracle Advisory
CVE-2009-1979		 CPAI-2009-274
CriticalCritical Novell eDirectory dhost Buffer Overflow 06-Nov-09 N/A CPAI-2009-241
CriticalCritical NNovell NetWare NFS Portmapper RPC Module Stack Overflow 06-Nov-09 N/A CPAI-2009-243
CriticalCritical Adobe Reader and Acrobat Mozilla plug-in Remote Code Execution  14-Nov-06 APSB09-15
CVE-2009-2991		 CPAI-2009-260
CriticalCritical Adobe Reader U3D File Invalid Array Index Remote Code Execution  14-Oct-06 APSB09-15
CVE-2009-2990		 CPAI-2009-258
CriticalCritical Adobe BMP Image Improper Dimensions  14-Oct-09 APSB09-15
CVE-2009-2989		 CPAI-2009-254
CriticalHigh Microsoft Active Directory LSASS Recursive Stack Overflow 10-Nov-09 MS09-066
CVE-2009-1928		 CPAI-2009-288
CriticalHigh Microsoft Office Word Legacy File Remote Code Execution  10-Nov-09 MS09-068
CVE-2009-3135		 CPAI-2009-276
CriticalHigh Microsoft Office Excel Index Parsing Pointer Corruption 10-Nov-09 MS09-067
CVE-2009-3132		 CPAI-2009-294
CriticalHigh Microsoft Office Excel SXDB Record Cache Memory Corruption  10-Nov-09 MS09-067
CVE-2009-3127		 CPAI-2009-292
CriticalHigh Microsoft Excel Document Malformed BIFF Record Heap Overflow  10-Nov-09 MS09-067
CVE-2009-3130		 CPAI-2009-282
CriticalHigh Adobe Reader JPEG2000 Quantization Component Buffer Overflow  14-Oct-06 APSB09-15
CVE-2009-2994		 CPAI-2009-250
CriticalHigh Adobe Reader DOC.Export Methods Arbitrary File Creation  14-Oct-06 APSB09-15
CVE-2009-2993		 CPAI-2009-246
CriticalHigh HP LoadRunner XUpload.ocx ActiveX Control Arbitrary File Download 16-Oct-09 N/A CPAI-2009-239
CriticalHigh Application Control: Blocking Foxy 02-Nov-09 CVE-2008-6742 SBP-2009-20

More Updates >
Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.
You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065