»Top Protections

Microsoft SMBv2 Vulnerabilities
(MS09-050, CVE-2009-2526, CVE-2009-3103, CVE-2009-2532)

Several vulnerabilities pertaining to Microsoft Windows SMBv2 have been reported this month in MS09-050. A remote attacker may exploit these vulnerabilities to take complete control of an affected system. Check Point’s IPS products, IPS Software Blade, SmartDefense, and IPS-1, provide protection against exploits that use these vulnerabilities. More information.

Free SmartDefense 30 Day TrialMicrosoft Windows Media File Vulnerabilities
(MS09-051, MS09-052)

Remote code execution vulnerabilities exist in the way that Microsoft Windows Media Runtime and the Windows Media Player handle specially crafted ASF files. Check Point protects against exploits that use these vulnerabilities though its integrated IPS products, IPS Software Blade and SmartDefense . More information.

Microsoft Windows LSASS Authentication
(MS09-059, CVE-2009-2524)

An elevation of privilege vulnerability has been discovered in Microsoft Windows Local Security Authority Subsystem Service (LSASS). Check Point provides protection though its integrated IPS products, IPS Software Blade and SmartDefense. More information.
October 13, 2009

IN THIS ADVISORY:
  • Microsoft SMBv2 Vulnerabilities
  • Microsoft Windows Media File Vulnerabilities
  • Microsoft Windows LSASS Authentication
  • Dramatically decrease maintenance time and log management with automatic activation
  • Including Patch Tuesday
DEPLOYMENT TIP
Best Practice: Dramatically decrease maintenance time and log management with automatic activation
Administrators strive to find the right balance between activating enough protections to adequately defend their networks with the need to conserve system resources and to limit the burden of log management. Even choosing which protections to activate can become a time-consuming chore on its own.

With Check Point’s IPS Software Blade, administrators can avoid these problems by efficiently controlling the entire body of protections through automatic activation. Administrators can configure their profiles to automatically activate protections based on the criteria they set in the IPS policy. These criteria include severity, confidence level, and performance impact. Of course, if there is ever a need to manually modify a protection setting to make an exception, administrators can easily override the automatic setting.

To automatically activate protections in a profile:
  1. In the Profiles page, double-click a profile.
  2. Select IPS Policy and configure the criteria for activating protections according to your needs. For example, you can choose to activate only client settings, or only those with low performance impact.
  3. Click OK to apply the automatic activation configuration and close the Profile Properties window.
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description Check Point Protection
Issued
Industry Reference Check Point Reference
Number
CriticalCritical Microsoft Media Player HeaderExtensionObject Heap Overflow 13-Oct-09 MS09-052
CVE-2009-2527
CPAI-2009-228
CriticalCritical Microsoft Windows Media Runtime Voice Sampler Rate Code Execution  13-Oct-09 MS09-051
CVE-2009-2525
CVE-2009-0555
CPAI-2009-230
CriticalCritical Microsoft GDI+ PNG Integer Overflow  24-Oct-08 MS09-062
CVE-2009-3126
CPAI-2009-232
CriticalCritical Microsoft GDI+ PNG Heap Overflow  05-Jul-06 MS09-062
CVE-2009-2501
CPAI-2009-210
CriticalCritical Microsoft GDI+ TIFF Buffer Overflow  13-Oct-09 MS09-062
CVE-2009-2502
CPAI-2009-204
CriticalCritical Microsoft Windows SMB Negotiate Request Remote Code Execution  10-Sep-09 MS09-050
CVE-2009-3103
CVE-2009-2532
CPAI-2009-194
CriticalCritical Microsoft Internet Information Services FTP Server Remote Buffer Overflow  01-Jul-06 MS09-053
CVE-2009-3023
CPAI-2009-153
CriticalHigh Microsoft Internet Information Services FTP Server Recursive Listing Denial of Service  08-Sep-09 MS09-053
CVE-2009-2521
CVE-2009-3023
CPAI-2009-183
CriticalHigh Microsoft SMB Infinite Loop Denial of Service  13-Oct-09 MS09-050
CVE-2009-2526
CPAI-2009-212
CriticalHigh Microsoft LSASS Authentication Process Integer Overflow 13-Oct-09 MS09-059
CVE-2009-2524
CPAI-2009-216
CriticalHigh Microsoft GDI+ Office Art Parsing Memory Corruption 13-Oct-09 MS09-062
CVE-2009-2528
CPAI-2009-218
CriticalHigh Microsoft CryptoAPI Null Truncation in X.509 Common Name  19-Aug-09 MS09-052
CVE-2009-2510
CPAI-2009-226
CriticalHigh Microsoft CryptoAPI Object Identifiers Integer Overflow  13-Oct-09 MS09-056
CVE-2009-2511
CPAI-2009-214
CriticalHigh Microsoft Office BMP Integer Overflow  13-Oct-09 MS09-062
CVE-2009-2518
CPAI-2009-208
CriticalHigh Adobe ColdFusion Server URL Parameter Manipulation Cross-Site Scripting  17-Sep-09 APSB09-12
CVE-2009-1875
CPAI-2009-191
CriticalHigh Adobe ColdFusion Server Double-Encoded Null Character Information Disclosure 17-Sep-09 APSB09-12
CVE-2009-1876
CPAI-2009-189

More Updates >



Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.

You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065