Check Point Security Advisory
»Top Protections

Microsoft Shortcut (LNK) Vulnerability
(MS10-046, 2286198, CVE-2010-2568)

A critical zero-day .LNK (shortcut) vulnerability in Microsoft Windows that is being actively exploited in the wild by the “Stuxnet” worm and “Sality” malware family has prompted Microsoft to issue an emergency patch 17 days after public disclosure of the vulnerability. However, the update did not patch Windows XP SP2 or Windows 2000, since those operating systems have reached end-of-support. The Check Point IPS Software Blade, IPS-1 and NGX SmartDefense provide immediate network protection for all versions of Windows in the latest IPS Update by detecting and blocking the transferring of suspicious .LNK files over CIFS. Learn More.

Microsoft Office Word MS10-056 Vulnerabilities
(MS10-056)

Several remote code execution vulnerabilities have been reported in Microsoft Office Word.  A remote attacker can exploit the vulnerabilities by using specially crafted Word and RTF files to take complete control of an affected system. Check Point recommends applying the latest vendor patches and getting immediate protection by applying the latest IPS update. Learn More.

Microsoft MPEG Layer-3 Codecs Memory Corruption Vulnerability
(MS10-052, CVE-2010-1882)

A critical remote code execution vulnerability has been reported in the Microsoft DirectShow MP3 filter. Successful exploitation of this issue may allow the attacker take complete control of an affected system by convincing a victim to open a specially crafted MP3 file. Check Point’s protection detects and blocks the transferring of malformed MP3 files over HTTP. Learn More.
August 10, 2010
In This Advisory
» Top Protections
» Microsoft Shortcut (LNK) Vulnerability
» Microsoft Office Word MS10-056 Vulnerabilities
» Microsoft MPEG Layer-3 Codecs Memory Corruption Vulnerability
» Deployment Tip
» Configuring automatic IPS contract updates to work through a proxy server
» Highlighted Protections
» Including Patch Tuesday

Contact Us

IPS Software Blades

Update Services - Buy Now

Resources for Messaging Security

SmartDefense Microsoft Security Resources

Deployment Tip
Best Practice:  Configuring automatic IPS contract updates to work through a proxy server
Check Point Security Management is designed to fit into complex customer environments, and provide easy-to-use centralized management. For example, it’s a simple process to enable proxied connections for IPS contract updates from the Security Management server. To do this, use the same procedure as you would for proxy configuration of IPS updates.
  1. In the SmartDashboard application, go to IPS--> Download Updates
  2. Choose the “Configure” near the proxy settings
  3. Configure the proxy settings as desired.
Configuring automatic IPS contract updates to work through a proxy server

» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description Check Point Protection
Issued
Industry Reference Check Point Reference
Number
CriticalCritical Microsoft Windows Shell LNK File Remote Code Execution  19-Jul-10 CVE-2010-2568
MS10-046
CPAI-2010-221
CriticalCritical Microsoft MPEG Layer-3 Codecs Memory Corruption 10-Aug-10 CVE-2010-1882
MS10-052
CPAI-2010-241
CriticalCritical Microsoft Word RTF Data Parsing Buffer Overflow  10-Aug-10 CVE-2010-1902
MS10-056
CPAI-2010-237
CriticalCritical Microsoft Windows SSL and TLS Protocols Renegotiation Vulnerability 23-Nov-09 CVE-2009-3555
MS10-049
SBP-2009-23
CPAI-2010-020
CriticalCritical Microsoft SMB Server Pool Overflow Remote Code Execution 10-Aug-10 CVE-2010-2550
MS10-054
CPAI-2010-234
CriticalCritical Microsoft Windows Cinepak Codec Remote Code Execution  10-Aug-10 CVE-2010-2553
MS10-055
CPAI-2010-229
CriticalCritical Microsoft Silverlight Pointer Handling Memory Corruption 10-Aug-10 CVE-2010-0019
MS10-060
CPAI-2010-228
CriticalCritical Microsoft Internet Explorer Parent Style Uninitialized Memory Corruption 10-Aug-10 CVE-2010-2559
MS10-053
CPAI-2010-225
CriticalCritical Microsoft Internet Explorer boundElements Uninitialized Memory Corruption  10-Aug-10 CVE-2010-2557
MS10-053
CPAI-2010-233
CriticalCritical Microsoft Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption 10-Aug-10 CVE-2010-2561
MS10-051
CPAI-2010-239
CriticalCritical ToolTalk rpc.ttdbserverd Database Parser Heap Overflow  14-Jul-10 CVE-2010-0083 CPAI-2010-220
CriticalCritical Apache Struts2 ParametersInterceptor Remote Command Execution 01-Aug-10 CVE-2010-1870 CPAI-2010-141
CriticalHigh Microsoft Word sprmCMajority Record Parsing Remote Code Execution  10-Aug-10 CVE-2010-1900
MS10-056
CPAI-2010-243
CriticalHigh Microsoft Word HTML Linked Objects Memory Corruption  10-Aug-10 CVE-2010-1903
MS10-056
CPAI-2010-226
CriticalHigh Microsoft SMB Server Variable Validation Remote Code Execution  10-Aug-10 CVE-2010-2551
MS10-054
CPAI-2010-235
CriticalHigh Microsoft Windows Movie Maker Memory Corruption  10-Aug-10 CVE-2010-2564
MS10-050
CPAI-2010-242

More Updates >
Have questions about IPS?
IPS ForumParticipate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its NGX products through SmartDefense subscriptions, and to Check Point Software Blades products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.

Archived Check Point Security Advisories
Read Check Point's Privacy Policy
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065