Microsoft Windows SMB Server Vulnerabilities
Several vulnerabilities have been identified in Microsoft Server Message Block (SMB), a network file sharing protocol that enables the sharing of resources on the network. A remote attacker can exploit these vulnerabilities to execute malicious code or cause a system crash of an affected system. Check Point provides immediate protection against these exploits in the integrated and dedicated IPS products, IPS Software Blade, SmartDefense, and IPS-1. More information.
Critical Microsoft IE Vulnerabilities
(MS10-002, Microsoft Security Advisory 979352)
On January 21st Microsoft released an out-of-band cumulative security update to Internet Explorer to address zero-day vulnerabilities in IE including one used in the Operation Aurora attacks. Successful exploitation of these vulnerabilities enabled remote control of an affected system. Check Point provides preemptive and immediate protections against vulnerabilities in the MS10-002 bulletin through its integrated and dedicated IPS offerings; VPN-1 R65 and R70 Security Gateways, VPN-1 VSX R65, and IPS-1. More information.
Novell eDirectory Integer Overflow Vulnerability
A code execution vulnerability exists in Novell’s popular eDirectory LDAP server. Novell eDirectory is a Lightweight Directory Access Protocol (LDAP) server, part of an identity management solution that centralizes the management of user identities, access privileges and other network resources that is used in 80 percent of Fortune 1000 companies. The vulnerability is due to errors in Novell eDirectory when processing maliciously crafted service requests with an overly large integer value that could be used in a memory allocation resulting in a heap-based buffer overflow. Check Point provides immediate protection against this vulnerability through its integrated and dedicated IPS offerings, IPS Software Blade, SmartDefense, and IPS-1. More information.
February 09, 2010
IN THIS ADVISORY:
- Microsoft Windows SMB Server Vulnerabilities
- Critical Microsoft IE Vulnerabilities
- Novell eDirectory Integer Overflow Vulnerability
- Report Security Events to Check Point with IPS Event Analysis Software Blade
| DEPLOYMENT TIP
Best Practice: Report Security Events to Check Point with IPS Event Analysis Software Blade
The IPS Event Analysis Software Blade is a complete IPS event management system for your IPS Software Blade
, providing situational visibility, and easy to use forensic and reporting tools. Recorded events are indicators of a security attack or vulnerability that needs to be addressed. In the IPS Event Analysis Client there is an option to send events to Check Point as an aid to improve IPS accuracy. From the Event Log, choose to send the event details directly to Check Point for further analysis.
To report an event to Check Point:
- Select the event in the Event Log.
- Right-click on the event, select Report Event to Check Point and choose whether you want to include just the Event Details or to also include the Packet Capture associated with the event. Event details are sent via a secure SSL connection.
|» Highlighted Protections
This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.
More Updates >
|Have SmartDefense feature questions?
Participate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
|Know someone who should be getting the Advisories?
» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com
|You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065