Check Point Security Advisory
»Top Protections

Microsoft Patches Three Zero-Day Vulnerabilities
Microsoft reported three zero-day vulnerabilities in the closing days of 2010 and the first week of 2011 that have been patched in their monthly patch roundup released on February 8, 2011. Check Point customers have enjoyed network protection against these vulnerabilities since shortly after their announcement, and in one case pre-emptive protection has been in place since early 2006. Learn More .

Zero-Day Information Disclosure Vulnerability in Microsoft MHTML Protocol Handler
An information disclosure vulnerability has been reported in the Microsoft Windows MHTML protocol handler. This vulnerability could allow an attacker to cause malicious scripts to be run on the targeted machine when visiting various Web sites, resulting in information disclosure. No patch has been announced by Microsoft as of February 8, 2011. Until a patch is released, Check Point IPS Software Blade and SmartDefense provide network protection against these vulnerabilities in the latest IPS update by detecting and blocking attempts to exploit them. Learn More .

Security Best Practice: Blocking iPhone Web Browsing on the Enterprise Wireless Network
Some organizations prefer to prevent the use of their wireless networks by smartphones for browsing the Internet, since those connections can potentially take up a lot of bandwidth and also because this kind of use may circumvent the organizational security policy. The Check Point IPS Software Blade can block HTTP browsing from iPhones that are connected to the corporate network. Learn More .
February 8, 2011
In This Advisory
Top Protections
Microsoft Patches Three Zero-Day Vulnerabilities
Zero-Day Information Disclosure Vulnerability in Microsoft MHTML Protocol Handler
Security Best Practice: Blocking iPhone Web Browsing on the Enterprise Wireless Network
Deployment Tip
Use Identity Logging to Show User and Machine Names in IPS Logs
Highlighted Protections
Including Patch Tuesday

Contact Us

IPS Software Blades

Learn About Our Endpoint Security

Resources for Messaging Security

SmartDefense Microsoft Security Resources

Update Services - Buy Now
Deployment Tip
Use Identity Logging to Show User and Machine Names in IPS Logs

One of the first steps after identifying a significant event on the network is to understand WHO did it and WHERE it came from. Introduced in R70.2, Identity Logging aids in analyzing network traffic and security-related events by identifying the specific user by name that initiated the traffic. (Previously, source traffic was identified only by its URL or IP address.) It works by extracting user and computer name information from Active Directory (AD) logs and inserting that information into the Check Point logs.

Identity Logging

You can configure user and computer identification settings using SmartDashboard on any Security Management Server or log server object.
» Highlighted Protections

This table lists Check Point protections for recently disclosed threats. In some cases, Check Point protections against such threats or threat types have been available for some time, and the date listed is the date when the protection became available.

Severity Vulnerability Description Check Point Protection
Issued		 Industry Reference Check Point Reference
Number
CriticalCritical Microsoft Graphics Rendering Engine Thumbnail Image Stack Buffer Overflow 09-Jan-2011 CVE-2010-3970
MS11-006
 		CPAI-2011-003
CriticalCritical Microsoft IIS FTP Server Telnet IAC Buffer Overflow 26-Dec-2010 CVE-2010-3972
MS11-004 		CPAI-2010-351
CriticalCritical Microsoft OpenType CFF Driver Font Encoded Character Corruption 08-Feb-2011 CVE-2011-0033
MS11-007 		CPAI-2011-007
CriticalCritical Microsoft Internet Explorer Insert Document Object Memory Corruption 08-Feb-2011 CVE-2011-0036
MS11-003 		CPAI-2011-008
CriticalCritical Microsoft Internet Explorer onCellChange Event Memory Corruption 08-Feb-2011 CVE-2011-0035
MS11-003 		CPAI-2011-011
CriticalHigh Microsoft Internet Explorer MHTML Information Disclosure 31-Jan-2010 CVE-2011-0096
Microsoft 2501696 		CPAI-2011-006
CriticalHigh Microsoft Internet Explorer CSS Recursive Import Memory Corruption 27-Dec-2010 CVE-2010-3971
 MS11-003 		CPAI-2010-349
CriticalHigh Blocking Apple iPhone Browsing Application Control 02-Feb-2011 IPS Research Center SBP-2011-02
CriticalHigh Microsoft Active Directory SPN Validation Denial of Service 08-Feb-2011 CVE-2011-0040
MS11-005 		CPAI-2011-012
CriticalHigh Microsoft Kerberos Implementation Spoofing Elevation of Privilege 08-Feb-2011 CVE-2011-0091 
MS11-013 		CPAI-2011-010
CriticalHigh Opera Browser Document Writing Uninitialized Memory Access 31-Jan-2011 CVE-2010-1728 CPAI-2011-100

More Updates >
Have questions about IPS?
IPS ForumParticipate in the IPS User Forum. The IPS Forum is your space for asking questions regarding all IPS features, and to collaborate with other IPS users, worldwide, on IPS related issues. Check Point employees may monitor the forum and provide information on the issues posted.
Know someone who should be getting the Advisories?

Subscribe to Security Alerts and Advisories
» About the Check Point Update Services
Check Point provides ongoing and real-time updates and configuration information through an update service included with the relevant subscriptions. Updates from Check Point's global Research and Response Centers increase the value of your Check Point products, and minimize threats by providing defenses that can be used before vendor patches are applied throughout your network. For more information, visit www.CheckPoint.com.

Archived Check Point Security Advisories
Read Check Point's Privacy Policy
©2003-2010 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved. 800 Bridge Parkway, Redwood City, CA USA 94065