»Top Protections

Microsoft Windows SMB Server Vulnerabilities
(MS10-012)

Several vulnerabilities have been identified in Microsoft Server Message Block (SMB), a network file sharing protocol that enables the sharing of resources on the network. A remote attacker can exploit these vulnerabilities to execute malicious code or cause a system crash of an affected system. Check Point provides immediate protection against these exploits in the integrated and dedicated IPS products, IPS Software Blade, SmartDefense, and IPS-1. More information.

Free SmartDefense 30 Day TrialCritical Microsoft IE Vulnerabilities
(MS10-002, Microsoft Security Advisory 979352)

On January 21st Microsoft released an out-of-band cumulative security update to Internet Explorer to address zero-day vulnerabilities in IE including one used in the Operation Aurora attacks. Successful exploitation of these vulnerabilities enabled remote control of an affected system. Check Point provides preemptive and immediate protections against vulnerabilities in the MS10-002 bulletin through its integrated and dedicated IPS offerings; VPN-1 R65 and R70 Security Gateways, VPN-1 VSX R65, and IPS-1. More information.

Novell eDirectory Integer Overflow Vulnerability
(CVE-2009-0895)

A code execution vulnerability exists in Novell’s popular eDirectory LDAP server. Novell eDirectory is a Lightweight Directory Access Protocol (LDAP) server, part of an identity management solution that centralizes the management of user identities, access privileges and other network resources that is used in 80 percent of Fortune 1000 companies. The vulnerability is due to errors in Novell eDirectory when processing maliciously crafted service requests with an overly large integer value that could be used in a memory allocation resulting in a heap-based buffer overflow. Check Point provides immediate protection against this vulnerability through its integrated and dedicated IPS offerings, IPS Software Blade, SmartDefense, and IPS-1. More information.
February 09, 2010

IN THIS ADVISORY:
  • Microsoft Windows SMB Server Vulnerabilities
  • Critical Microsoft IE Vulnerabilities
  • Novell eDirectory Integer Overflow Vulnerability
  • Report Security Events to Check Point with IPS Event Analysis Software Blade
  • Including Patch Tuesday
DEPLOYMENT TIP
Best Practice: Report Security Events to Check Point with IPS Event Analysis Software Blade
The IPS Event Analysis Software Blade is a complete IPS event management system for your IPS Software Blade, providing situational visibility, and easy to use forensic and reporting tools. Recorded events are indicators of a security attack or vulnerability that needs to be addressed. In the IPS Event Analysis Client there is an option to send events to Check Point as an aid to improve IPS accuracy. From the Event Log, choose to send the event details directly to Check Point for further analysis.

To report an event to Check Point:
  1. Select the event in the Event Log.
  2. Right-click on the event, select Report Event to Check Point and choose whether you want to include just the Event Details or to also include the Packet Capture associated with the event. Event details are sent via a secure SSL connection.
Best Practice: Report Security Events to Check Point with IPS Event Analysis Software Blade

Note: The data is kept confidential and viewed by a select group of IPS experts that use the information for the sole purpose of improving IPS accuracy. View Check Point’s Privacy Policy.
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description Check Point Protection
Issued
Industry Reference Check Point Reference
Number
CriticalCritical Hydraq Trojan/Aurora Attack  21-Jan-10 MS10-002
CVE-2010-0249
CPAI-2010-100
CriticalCritical Microsoft Windows SMB Client Repeated Negotiation Responses  09-Feb-10 MS10-006
CVE-2010-0017
CPAI-2010-003
CriticalCritical Microsoft Windows SMB Client Pool Corruption  09-Feb-10 MS10-006
CVE-2010-0016
CPAI-2010-002
CriticalCritical Microsoft DirectShow AVI Parser Heap Overflow  09-Feb-10 MS10-013
CVE-2010-0250
CPAI-2010-032
CriticalCritical Microsoft Windows Shell Handler URL Validation Code Execution  09-Feb-10 MS10-007
CVE-2010-0027
CPAI-2010-031
CriticalCritical Microsoft Data Analyzer ActiveX Control Remote Code Execution  09-Feb-10 MS10-008
CVE-2010-0252
CPAI-2010-019
CriticalCritical Microsoft Internet Explorer Uninitialized Memory Corruption  21-Jan-10 MS10-002
CVE-2010-0245
CVE-2010-0246
CPAI-2010-015
CriticalCritical Microsoft Internet Explorer Invalid Pointer Reference Remote Code Execution  01-Sep-09 MS10-002
CVE-2010-0249
CPAI-2010-012
CriticalCritical Adobe Reader U3D DLL Loading Remote Code Execution 13-Jan-10 APSB10-02
CVE-2009-3954
CPAI-2010-010
CriticalCritical Adobe Reader JPEG2000 Region of Interest Memory Corruption  13-Jan-10 APSB10-02
CVE-2009-3955
CPAI-2010-007
CriticalCritical Novell eDirectory NDS Verb Integer Overflow  28-Jan-10 CVE-2009-0895 CPAI-2010-014
CriticalHigh Microsoft SMB Server Race Condition Denial of Service  09-Feb-10 MS10-012
CVE-2010-0021
CPAI-2010-023
CriticalHigh Microsoft SMB Server Null Pointer Denial of Service  09-Feb-10 MS10-012
CVE-2010-0022
CPAI-2010-028
CriticalHigh Microsoft SMB NTLM Authentication Lack of Entropy Vulnerability  09-Feb-10 MS10-012
CVE-2010-0231
CPAI-2010-029
CriticalHigh Microsoft SMB COPY Command Pathname Overflow  09-Feb-10 MS10-012
CVE-2010-0020
CPAI-2010-022
CriticalHigh Microsoft Internet Explorer Response Redirect Information Disclosure 09-Feb-10 980088
CVE-2010-0255
CPAI-2010-033
CriticalHigh TLS and SSL Spoofing Vulnerability 29-Nov-09 977377
CVE-2009-3555
CPAI-2010-020

More Updates >



Have SmartDefense feature questions?
SmartDefense User ForumParticipate in the SmartDefense User Forum. The SmartDefense Forum is your space for asking questions regarding all SmartDefense features, and to collaborate with other SmartDefense users, worldwide, on SmartDefense-related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories


» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information to its R65 products through SmartDefense Services, and to Check Point R70 products through an update service included with the relevant Software Blade subscriptions. These updates increase the value of your Check Point products and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. These defenses are developed and distributed by Check Point’s global Research and Response Centers. For more information, visit www.CheckPoint.com.

You have received this notification because either you have a User Center account or you have subscribed to the Check Point Security Advisory. If you would prefer to no longer receive security alerts and defense notifications please click the Unsubscribe link below.



Read Check Point's Privacy Policy
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065