Ringing in the New Year with Several Microsoft Zero-Day Vulnerabilities
Zero-day vulnerabilities in several Microsoft products and technologies have been disclosed over the last month. These include vulnerabilities in the Microsoft Graphics Rendering Engine, Internet Explorer, IIS FTP Service, WMI Administrator Tools, and Windows Fax Services. Check Point products provide immediate network protection against all of them.
Learn More
.
Two Remote Code Execution Vulnerabilities Included in January Microsoft Patch Tuesday Content
( CVE-2010-3145, CVE-2011-0027 )
Two Windows remote code execution vulnerabilities have been disclosed by Microsoft. The first is a flaw in the Windows System Restore feature, and the second exists in the Data Access Components database access subsystem. Exploitation of either issue can allow a remote attacker to execute arbitrary code on the targeted system. Check Point IPS Software Blade, IPS-1, and SmartDefense provide network protection against these vulnerabilities in the latest IPS update by detecting and blocking attempts to exploit them.
Learn More
.
Heap Buffer Overflow Vulnerability in Exim Mail Transfer Agent
( Secunia Advisory SA40019, CVE-2010-4344 )
A heap buffer overflow vulnerability has been reported in the Exim Mail Transfer Agent. A remote attacker may exploit this vulnerability to execute arbitrary code on a vulnerable system. Check Point recommends that the patch that fixes this issue be applied as soon as is practical. In the meantime, Check Point IPS Software Blade and IPS-1 provide immediate network protection against this vulnerability.
Learn More
.
| In This Advisory | |
| Top Protections | |
| • | Ringing in the New Year with Several Microsoft Zero-Day Vulnerabilities |
| • | Two Remote Code Execution Vulnerabilities Included in January Microsoft Patch Tuesday Content |
| • | Heap Buffer Overflow Vulnerability in Exim Mail Transfer Agent |
| Deployment Tip | |
| • | How to view the latest Microsoft Patch Tuesday threat coverage |
| Highlighted Protections | |
| • | Including Patch Tuesday |
| Deployment Tip How to view the latest Microsoft Patch Tuesday threat coverage View the Microsoft Bulletin Coverage on the Check Point Threat Center. A green check indicates that you are protected by Check Point. (Coverage is archived back to 2008; these archives can be accessed in the right hand column of the Bulletin Coverage page.)
|
» Highlighted Protections
This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.
| Severity | Vulnerability Description | Check Point Protection Issued |
Industry Reference | Check Point Reference Number |
 Critical
|
Microsoft WMI Administrative Tools WBEMSingleView.ocx Code Execution | 30-Dec-2010 | CVE-2010-3973 | CPAI-2010-351 |
|
Critical
|
Microsoft IIS FTP Server Telnet IAC Buffer Overflow | 26-Dec-2010 |
CVE-2010-3972 |
CPAI-2010-351 |
|
Critical
|
Exim MTA string_format Remote Code Execution | 27-Dec-2010 | CVE-2010-4344 | CPAI-2010-348 |
|
Critical
|
Novell GroupWise Internet Agent Content-Type Buffer Overflow | 22-Dec-2010 | N/A | CPAI-2010-167 |
|
High
|
Microsoft Data Access Components CacheSize Memory Corruption | 11-Jan-2011 |
MS11-002 CVE-2011-0027 |
CPAI-2011-004 |
|
High
|
Microsoft Windows Backup Manager Insecure Library Loading | 11-Jan-2011 |
MS11-001 CVE-2010-3145 |
CPAI-2011-002 |
|
High
|
Microsoft Graphics Rendering Engine Thumbnail Image Stack Buffer Overflow | 09-Jan-2011 |
MS 2490606 CVE-2010-3970 |
CPAI-2011-003 |
|
High
|
Microsoft Windows Fax Services Cover Page Editor Heap Buffer Overflow | 06-Jan-2011 | N/A | CPAI-2011-001 |
|
High
|
Microsoft Internet Explorer CSS Recursive Import Memory Corruption | 27-Dec-2010 |
MS 2488013 CVE-2010-3971 |
CPAI-2010-349 |
|
High
|
Adobe Flash Player ActionScript2 Memory Corruption | 27-Dec-2010 |
APSB10-26 CVE-2010-3642 |
CPAI-2010-347 |
|
High
|
Adobe Flash Player BUTTONRECORD Loop Denial of Service | 27-Dec-2010 |
APSB10-26 CVE-2010-3641 |
CPAI-2010-346 |
|
High
|
Flash Player DefineFunction2 Memory Corruption | 27-Dec-2010 |
APSB10-26 CVE-2010-3646 |
CPAI-2010-345 |
|
High
|
ProFTPD 1.3.3c Compromised Source Remote Trojan | 03-Dec-2010 | N/A | CPAI-2010-151 |
More Updates >
Have questions about IPS? Participate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted. |
Know someone who should be getting the Advisories? |
| » About the Check Point Update Services Check Point provides ongoing and real-time updates and configuration information through an update service included with the relevant subscriptions. Updates from Check Point's global Research and Response Centers increase the value of your Check Point products, and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. For more information, visit www.CheckPoint.com. |
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065