Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Preemptive Protection against Microsoft Agent Remote Code Execution Vulnerability (MS07-020)

Subscribe

Check Point Reference: CPAI-2007-043
Date Published:
Severity:
Last Updated:
Source: Microsoft Security Bulletin MS07-020
Industry Reference(s): CVE-2007-1205
Protection Provided by: VPN-1
  • NGX R65
  • NGX R62
  • NGX R61
  • NGX R60
  • NG with Application Intelligence R55W
  • NG with Application Intelligence R55
VSX
  • NGX
InterSpect
  • NGX
  • 2.0 and 1.x
Who is Vulnerable?
Microsoft Windows 2000 SP4
Microsoft Windows XP SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
Microsoft Server 2003 SP2
Microsoft Windows Server 2003 x64 Edition SP1
Microsoft Windows Server 2003 x64 Edition SP2
Microsoft Windows Server 2003 (Itanium)
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 SP2 (Itanium)
Vulnerability Description
A remote code execution vulnerability exists in Microsoft Agent. Microsoft Agent is a software technology that enables an enriched form of user interaction that can make using and learning to use a computer easier and more natural. A remote attacker can exploit this issue to execute arbitrary code on the affected system.
Update/Patch Available
Apply patches:
Microsoft Security Bulletin MS07-020
Vulnerability Details
The vulnerability is due to a memory corruption error in Microsoft Agent ActiveX Control that fails to properly handle specially crafted URLs. This flaw can be exploited by a remote attacker to execute arbitrary commands on a vulnerable system. By convincing a user to view a malicious web site, an attacker can trigger the memory corruption flaw and take complete control of an affected system.

Protection Overview
By enabling this protection, SmartDefense will detect and block the vulnerable ActiveX. Depending on the traffic mix, activating this protection may result in performance degradation. No update is required to address this vulnerability.

Users are protected against this vulnerability if the Microsoft agent protection for blocking the vulnerable COM object addressed in the Protection section of CPAI-2006-142 has been applied.

To configure the defense, select your product from the list below and follow the related protection steps.

VPN-1 NGX R65 & R62

How Can I Protect My Network?
Users of the versions mentioned above are protected against this vulnerability if the protection outlined in CPAI-2006-142 has been applied.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft agent remote code execution (MS06-068)

VPN-1 NGX R61, R60 & VPN-1 NG with Application Intelligence R55W

How Can I Protect My Network?
Users of the versions mentioned above are protected against this vulnerability if the protection outlined in CPAI-2006-142 has been applied.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft agent remote code execution (MS06-068)

VPN-1 NG with Application Intelligence R55

How Can I Protect My Network?
Users of the versions mentioned above are protected against this vulnerability if the protection outlined in CPAI-2006-142 has been applied.

How Do I Know if My Network is Under Attack?
Rule #99844 will appear on the SmartView Tracker.

VPN-1 VSX NGX

How Can I Protect My Network?
Users of the versions mentioned above are protected against this vulnerability if the protection outlined in CPAI-2006-142 has been applied.

How Do I Know if My Network is Under Attack?
Rule #99844 will appear on the SmartView Tracker.

InterSpect NGX

How Can I Protect My Network?
Users of the versions mentioned above are protected against this vulnerability if the protection outlined in CPAI-2006-142 has been applied.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft agent remote code execution (MS06-068)

InterSpect 2.0

How Can I Protect My Network?
Users of the versions mentioned above are protected against this vulnerability if the protection outlined in CPAI-2006-142 has been applied.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft agent remote code execution (MS06-068)