 |
Check Point�s update services protect customers using the IPS Software Blade for Security Gateway R70, VPN-1� NGX R65, R62, R61, R60, VSX NGX R65, InterSpect NGX, IPS-1, and IPS-1 NGX R65 from the following vulnerabilities:
 Recent Malware Threats (22-Mar-09)
Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network access to intrude upon organizations, destroying or stealing data. The update enables the Header Rejection protection and the HTTP Worm Catcher to detect and block the malware based on pre-defined header names and worm signatures. The update includes new protections against 2 recent malware threats: iWonBar and Trojan-Downloader.Win32.Delf.phh.
New Protections are available for these Malware. See CPAI-2009-042.
Security Best Practice: Blocking RealNetworks RealPlayerIndustry References: CVE-2009-0375, CVE-2008-3066, CVE-2007-5601, CVE-2005-2052.
RealNetworks RealPlayer is a cross-platform media player that supports multiple multimedia formats such as: MP3, MPEG-4, QuickTime, Windows Media, and RealAudio and RealVideo formats. RealPlayer contains many features including streaming capabilities, media browser, video download, and CD ripping. RealPlayer is prone to multiple vulnerabilities. The impacts of these vulnerabilities could range from denial of service attacks to the execution of malicious code on a victim's system. This protection will detect and block the access to RealPlayer media traffic.
New Protections are available for this issue. See SBP-2009-08.
Check Point�s update services protect customers using the IPS Software Blade for Security Gateway R70 from the following vulnerabilities:
Cisco Application Networking Manager Default User Credentials Security Bypass VulnerabilityIndustry Reference: CVE-2009-0616.
A security bypass vulnerability exists in Cisco Application Networking Manager (ANM). ANM is a network management application that manages Cisco Application Control Engine (ACE) modules or appliances. A remote attacker could exploit this vulnerability to take complete control of an affected system. This protection will detect and block login attempts with the default user credentials.
New Protections are available for this vulnerability. See CPAI-2009-046.
KeyLogger: EgySpy 1.13EgySpy KeyLogger 1.13 is a KeyLogger that records pressed keys of the infected system in stealth mode. It sends the keystrokes to a predefined email address at predefined interval. This protection will detect and block the KeyLogger on SMTP traffic.
Protections are now available for this vulnerability. See CPAI-2009-044.
Check Point�s update services protect customers using IPS-1 and IPS-1 NGX R65 from the following vulnerabilities:
Microsoft DNS Server WPAD Registration Spoofing Vulnerability (MS09-008)Industry Reference: CVE-2009-0093.
A Web Proxy Auto-Discovery (WPAD) registration spoofing vulnerability has been reported in Microsoft DNS servers. WPAD feature enables web clients to automatically detect proxy settings without user intervention. DNS Spoofing allows an attacker to change a DNS entry so it would point to an IP of his own choice. This vulnerability could allow a remote attacker to spoof a web proxy, thereby redirecting Internet traffic from legitimate locations. This protection will detect and block attempts to register vulnerable names in the DNS database.
Protections are now available for this vulnerability. See CPAI-2009-032.
Microsoft WINS Server WPAD Registration Spoofing Vulnerability (MS09-008)Industry Reference: CVE-2009-0094.
A Web Proxy Auto-Discovery (WPAD) registration spoofing vulnerability has been reported in Microsoft WINS servers. WPAD feature enables web clients to automatically detect proxy settings without user intervention. Spoofing allows an attacker to change a server entry so it would point to an IP of his own choice. This vulnerability could allow a remote attacker to spoof a web proxy, thereby redirecting Internet traffic from legitimate locations. This protection will detect and block attempts to register vulnerable names in the WINS database.
Protections are now available for this vulnerability. See CPAI-2009-034.
Microsoft Windows Security Support Provider SChannel Spoofing Vulnerability (MS09-007)Industry Reference: CVE-2009-0085.
A spoofing vulnerability has been reported in the Microsoft Windows Security Support Provider (SSP) SChannel authentication component when using certificate based authentication. SSP is a dynamic-link library (DLL) that implements a common interface between transport-level applications and security providers by making one or more security packages available to applications. Security packages support security protocols such as Kerberos authentication and Secure Channel (SChannel) authentication. A remote attacker may exploit this vulnerability to authenticate against a protected server, despite not having access to the authorized user's private key, which is normally required for successful authentication when the server is configured to require client authentication. This protection will detect and block attempts to exploit the spoofing vulnerability.
Protections are now available for this vulnerability. See CPAI-2009-038.
Microsoft Windows Kernel Input Validation Remote Code Execution Vulnerability (MS09-006)Industry Reference: CVE-2009-0081.
A remote code execution vulnerability has been discovered in the Windows kernel. The Windows kernel is the core of the operating system. It provides system level services, allocates processor time to processes, and manages error handling. This vulnerability is caused by the improper validation of input passed from user mode through the kernel component of the graphics device interface (GDI). Successful exploitation of this vulnerability may allow execution of arbitrary code on an affected system. This protection will detect and block the transferring of malformed EMF files over HTTP.
Protections are now available for this vulnerability. See CPAI-2009-040.
| March 22, 2009
 | You have received this notification because you have subscribed to the SmartDefense mailing list. If you would prefer to no longer receive security alerts and defense notifications please click to Unsubscribe
As always, please feel free to contact us directly if you have any comments or questions.
Read Check Point's Privacy Policy
©2003�2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065 |
|