»Top Protections

Windows TCP/IP Denial of Service Attacks (Sockstress)
(MS09-048, CVE-2008-4609, CVE-2009-1925, CVE-2009-1926)

Multiple vulnerabilities exist in the way Microsoft Windows processes TCP/IP connections. A remote attacker could exploit these vulnerabilities by sending specially crafted TCP/IP packets to an affected system. Successful exploitation of these vulnerabilities could allow the attacker to take complete control of the affected system or cause the affected system to become non-responsive. Check Point provides protections that detect and block attempts to exploit these TCP vulnerabilities though its IPS products.

Free SmartDefense 30 Day TrialBrowser SSL Certificates Vulnerability
(CVE-2009-2404, CVE-2009-2408)

A vulnerability in some browsers allows hackers to successfully impersonate SSL certificates of legitimate sites. If exploited, this vulnerability can allow a hacker to intercept sensitive transmissions. Check Point’s IPS products protect against this exploit by preventing the browser from treating these names with illegal characters as legitimate and will drop these connections.

Internet Information Services FTP Service Vulnerability
(975191)

A remote code execution vulnerability has been discovered in Microsoft Internet Information Services (IIS). Successful exploitation of this vulnerability would allow the attacker to take complete control of the affected system. Exploit code is available in the wild. Check Point has 0-day protection available through its IPS products.
September 8, 2009

IN THIS ADVISORY:
  • Windows TCP/IP Denial of Service Attacks (Sockstress)
  • Browser SSL Certificates Vulnerability
  • Internet Information Services FTP Service Vulnerability
  • Boost IPS GUI Performance by Minimizing the Number of Profiles
  • Including Patch Tuesday
DEPLOYMENT TIP
Best Practice: Boost IPS GUI Performance by Minimizing the Number of  Profiles
IPS profiles enable you to configure sets of protections for groups of gateways, providing both customization and efficiency. You can create up to 20 profiles. However, you should plan carefully before adding a new profile to the existing list of profiles. Keeping a concise number of profiles can improve your IPS GUI performance allowing you to deploy online updates and update protections in the protection browser faster.  Also, having fewer profiles makes the job of managing your IPS deployment simpler.

If you find you have profiles that you don’t want anymore, you can easily delete it. When deleting a profile make sure it does not reference other objects as this may affect gateways, other profiles, or SmartDashboard objects. You cannot delete the Default_Protection and Recommended_Protection profiles.

To Delete a Profile:
  • In the IPS tab, select Profiles.
  • Check for assigned Gateways.
    Before deleting a profile, you should make sure it is not currently in use. Right-click the profile and select Show Protected Gateways. If the list is empty then no gateway is assigned to this profile and it can be safely deleted.
  • Right-click the profile and select Delete.
  • Check for object references.
    If the profile contains references to or from other objects, the Object References window will appear, displaying all the objects that reference the profile and whether or not they are removable. If all the objects are removable, you can safely delete the profile.
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description Check Point Protection
Issued		 Industry Reference Check Point Reference
Number
CriticalCritical Windows TCP/IP Denial of Service Attacks 08-Sep-09 CVE-2008-4609
CVE-2009-1926
CVE-2009-1925
MS09-048		 SBP-2009-18
CriticalCritical Microsoft Windows MP3 File Media Playback Memory Corruption 08-Sep-09 CVE-2009-2499
MS09-047		 CPAI-2009-175
CriticalCritical Microsoft Windows ASF File Media Header Parsing Remote Code Execution  08-Sep-09 CVE-2009-2498
MS09-047		 CPAI-2009-173
CriticalCritical Microsoft DHTML Editing Component ActiveX Control Code Execution  08-Sep-09 CVE-2008-4846
MS09-046

CPAI-2009-127
CriticalCritical JScript Scripting Engine Web Pages Decoding Code Execution 08-Sep-09 CVE-2009-1920
MS09-045		 CPAI-2009-181
CriticalCritical Microsoft Internet Information Services FTP Server Recursive Listing Denial of Service  08-Sep-09 CVE-2009-2521
KB 975191		 CPAI-2009-183
CriticalCritical Microsoft IIS FTP Server Remote Buffer Overflow  02-Sep-09 CVE-2009-3023
KB 975191		 CPAI-2009-153
CriticalCritical Mozilla Network Security Services and Firefox Common Name Security Bypass 27-Aug-09 CVE-2009-2408 CPAI-2009-129
CriticalCritical Oracle Secure Backup Administration Server Authentication Bypass 27-Aug-09 CVE-2009-1977 CPAI-2009-169
CriticalCritical Oracle Secure Backup Administration Server Command Injection Attack 28-Aug-09 CVE-2009-1978 CPAI-2008-229
CriticalHigh Mozilla Network Security Services Regexp Heap Overflow 27-Aug-09 CVE-2009-2404 CPAI-2009-165
CriticalHigh RealNetworks Helix Server RTSP SETUP Request Denial of Service 27-Aug-09 CVE-2009-2534 CPAI-2009-167
CriticalHigh Adobe JRun 4.0 Directory Traversal File Read 18-Aug-09 CVE-2009-1873 CPAI-2009-163
CriticalHigh Squid Proxy Invalid HTTP Response Status Code Denial of Service  14-Aug-09 CVE-2009-2621 CPAI-2009-227

More Updates >
Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.
You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065