Check Point Security Advisory
»Top Protections

Ringing in the New Year with Several Microsoft Zero-Day Vulnerabilities

Zero-day vulnerabilities in several Microsoft products and technologies have been disclosed over the last month. These include vulnerabilities in the Microsoft Graphics Rendering Engine, Internet Explorer, IIS FTP Service, WMI Administrator Tools, and Windows Fax Services. Check Point products provide immediate network protection against all of them. Learn More .

Two Remote Code Execution Vulnerabilities Included in January Microsoft Patch Tuesday Content
( CVE-2010-3145, CVE-2011-0027 )

Two Windows remote code execution vulnerabilities have been disclosed by Microsoft. The first is a flaw in the Windows System Restore feature, and the second exists in the Data Access Components database access subsystem. Exploitation of either issue can allow a remote attacker to execute arbitrary code on the targeted system. Check Point IPS Software Blade, IPS-1, and SmartDefense provide network protection against these vulnerabilities in the latest IPS update by detecting and blocking attempts to exploit them. Learn More .

Heap Buffer Overflow Vulnerability in Exim Mail Transfer Agent
( Secunia Advisory SA40019, CVE-2010-4344 )

A heap buffer overflow vulnerability has been reported in the Exim Mail Transfer Agent. A remote attacker may exploit this vulnerability to execute arbitrary code on a vulnerable system. Check Point recommends that the patch that fixes this issue be applied as soon as is practical. In the meantime, Check Point IPS Software Blade and IPS-1 provide immediate network protection against this vulnerability. Learn More .

January 11, 2011
In This Advisory
Top Protections
Ringing in the New Year with Several Microsoft Zero-Day Vulnerabilities
Two Remote Code Execution Vulnerabilities Included in January Microsoft Patch Tuesday Content
Heap Buffer Overflow Vulnerability in Exim Mail Transfer Agent
Deployment Tip
How to view the latest Microsoft Patch Tuesday threat coverage
Highlighted Protections
Including Patch Tuesday

Contact Us

IPS Software Blades

Learn About Our Endpoint Security

Resources for Messaging Security

SmartDefense Microsoft Security Resources

Update Services - Buy Now

Deployment Tip
How to view the latest Microsoft Patch Tuesday threat coverage

View the Microsoft Bulletin Coverage on the Check Point Threat Center. A green check indicates that you are protected by Check Point. (Coverage is archived back to 2008;  these archives can be accessed in the right hand column of the Bulletin Coverage page.)

MS Bulletin Coverage view


» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description Check Point Protection
Issued
Industry Reference Check Point Reference
Number
CriticalCritical Microsoft WMI Administrative Tools WBEMSingleView.ocx Code Execution 30-Dec-2010 CVE-2010-3973 CPAI-2010-351
CriticalCritical Microsoft IIS FTP Server Telnet IAC Buffer Overflow 26-Dec-2010
CVE-2010-3972
CPAI-2010-351
CriticalCritical Exim MTA string_format Remote Code Execution 27-Dec-2010 CVE-2010-4344 CPAI-2010-348
CriticalCritical Novell GroupWise Internet Agent Content-Type Buffer Overflow 22-Dec-2010 N/A CPAI-2010-167
CriticalHigh Microsoft Data Access Components CacheSize Memory Corruption 11-Jan-2011 MS11-002
CVE-2011-0027
CPAI-2011-004
CriticalHigh Microsoft Windows Backup Manager Insecure Library Loading 11-Jan-2011 MS11-001
CVE-2010-3145
CPAI-2011-002
CriticalHigh Microsoft Graphics Rendering Engine Thumbnail Image Stack Buffer Overflow 09-Jan-2011 MS 2490606
CVE-2010-3970
CPAI-2011-003
CriticalHigh Microsoft Windows Fax Services Cover Page Editor Heap Buffer Overflow 06-Jan-2011 N/A CPAI-2011-001
CriticalHigh Microsoft Internet Explorer CSS Recursive Import Memory Corruption 27-Dec-2010 MS 2488013
CVE-2010-3971
CPAI-2010-349
CriticalHigh Adobe Flash Player ActionScript2 Memory Corruption 27-Dec-2010 APSB10-26
CVE-2010-3642
CPAI-2010-347
CriticalHigh Adobe Flash Player BUTTONRECORD Loop Denial of Service 27-Dec-2010 APSB10-26
CVE-2010-3641
CPAI-2010-346
CriticalHigh Flash Player DefineFunction2 Memory Corruption 27-Dec-2010 APSB10-26
CVE-2010-3646
CPAI-2010-345
CriticalHigh ProFTPD 1.3.3c Compromised Source Remote Trojan 03-Dec-2010 N/A CPAI-2010-151

More Updates >
Have questions about IPS?
IPS ForumParticipate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories

» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information through an update service included with the relevant subscriptions. Updates from Check Point's global Research and Response Centers increase the value of your Check Point products, and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. For more information, visit www.CheckPoint.com.

Archived Check Point Security Advisories
Read Check Point's Privacy Policy
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065