Windows TCP/IP Denial of Service Attacks (Sockstress)
(MS09-048, CVE-2008-4609, CVE-2009-1925, CVE-2009-1926)
Multiple vulnerabilities exist in the way Microsoft Windows processes TCP/IP connections. A remote attacker could exploit these vulnerabilities by sending specially crafted TCP/IP packets to an affected system. Successful exploitation of these vulnerabilities could allow the attacker to take complete control of the affected system or cause the affected system to become non-responsive. Check Point provides protections that detect and block attempts to exploit these TCP vulnerabilities though its IPS products.
Browser SSL Certificates Vulnerability
A vulnerability in some browsers allows hackers to successfully impersonate SSL certificates of legitimate sites. If exploited, this vulnerability can allow a hacker to intercept sensitive transmissions. Check Point’s IPS products protect against this exploit by preventing the browser from treating these names with illegal characters as legitimate and will drop these connections.
Internet Information Services FTP Service Vulnerability
A remote code execution vulnerability has been discovered in Microsoft Internet Information Services (IIS). Successful exploitation of this vulnerability would allow the attacker to take complete control of the affected system. Exploit code is available in the wild. Check Point has 0-day protection available through its IPS products.
September 8, 2009
IN THIS ADVISORY:
- Windows TCP/IP Denial of Service Attacks (Sockstress)
- Browser SSL Certificates Vulnerability
- Internet Information Services FTP Service Vulnerability
- Boost IPS GUI Performance by Minimizing the Number of Profiles
Best Practice: Boost IPS GUI Performance by Minimizing the Number of Profiles
IPS profiles enable you to configure sets of protections for groups of gateways, providing both customization and efficiency. You can create up to 20 profiles. However, you should plan carefully before adding a new profile to the existing list of profiles. Keeping a concise number of profiles can improve your IPS GUI performance allowing you to deploy online updates and update protections in the protection browser faster. Also, having fewer profiles makes the job of managing your IPS deployment simpler.
If you find you have profiles that you don’t want anymore, you can easily delete it. When deleting a profile make sure it does not reference other objects as this may affect gateways, other profiles, or SmartDashboard objects. You cannot delete the Default_Protection
To Delete a Profile:
- In the IPS tab, select Profiles.
- Check for assigned Gateways.
Before deleting a profile, you should make sure it is not currently in use. Right-click the profile and select Show Protected Gateways. If the list is empty then no gateway is assigned to this profile and it can be safely deleted.
- Right-click the profile and select Delete.
- Check for object references.
If the profile contains references to or from other objects, the Object References window will appear, displaying all the objects that reference the profile and whether or not they are removable. If all the objects are removable, you can safely delete the profile.
|» Highlighted Protections
This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.
More Updates >
|Have SmartDefense feature questions?
Participate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
|Know someone who should be getting the Advisories?
» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com
|You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.
©2003-2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065