New SmartDefense Updates

Email lists > CheckPoint SmartDefense Info

Thread: New SmartDefense Updates

Search this list only Search all lists
New SmartDefense Updates
	2006-11-30 10:36:51
Greetings, New SmartDefense Updates have been released today, November 30, 2006 for users of VPN-1 NGX R61 & R60, VPN-1 NG with Application Intelligence R55W, R55 & R54, users of InterSpect NGX & 2.0 and users of Connectra NGX R61. NetWare Client Service Remote Code Execution Vulnerability (MS06-066) Overview: Multiple vulnerabilities have been reported in Microsoft Windows Client Services for NetWare (CSNW). NetWare is an operating system for local area networks which is manufactured by Novell. Microsoft's Client Service for NetWare provides connectivity infrastructure for Novel Netware systems. CSNW provides a Windows workstation with access to NetWare file, print, and directory services. A remote attacker may exploit these vulnerabilities to cause denial of service or to execute arbitrary code on an affected system. By enabling the protection, SmartDefense will block malformed RPC requests. For more information, refer to CPAI-2006-138 at http://www.checkpoint.com/defense/advis ories/public/2006/cpai-28-Nov.html Update Protection against Microsoft Agent Remote Code Execution Vulnerability (MS06-068) Overview: A remote code execution vulnerability exists in Microsoft Agent. Microsoft Agent is a software technology that enables an enriched form of user interaction that can make using and learning to use a computer easier and more natural. A remote attacker can create a malicious '.ACF' file and host it on a web site or send it as an email attachment. This may allow an attacker to execute arbitrary code on the affected system. The update protects against this vulnerability by blocking the vulnerable COM object. Depending on the traffic mix, activating this protection may result in performance degradation. For more information, refer to CPAI-2006-142 at http://www.checkpoint.com/defense/advis ories/public/2006/cpai-21-Nov.html Update Protection against Workstation Service Buffer Overflow Vulnerability (MS06-070) Overview: A denial of service vulnerability was detected in Microsoft Windows Workstation service. The workstation service manages the routing of system requests. The workstation service library file (wkssvc.dll) is used by windows when working with shared network drives and printers. A remote attacker could exploit this vulnerability to cause denial of service or to execute arbitrary code on a target system. By enabling the protection, SmartDefense will block malformed RPC requests. For more information, refer to CPAI-2006-139 at http://www.checkpoint.com/defense/advi sories/public/2006/cpai-23-Nova.html Update Protection against Microsoft XML Remote Code Execution Vulnerability (MS06-071) Overview: XMLHTTP, an ActiveX control that is included in Microsoft XML Core Services (MSXML), is vulnerable to remote code execution. MSXML is an application for processing Extensible Stylesheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications. XMLHTTP allows web pages to transmit or receive XML data. By convincing a user to visit a specially crafted Web page, a remote attacker may trigger this vulnerability to deny service from legitimate users (by causing the victim's Web browser to crash) or execute arbitrary code on an affected system. The update protects against this vulnerability by blocking the vulnerable COM object. Depending on the traffic mix, activating this protection may result in performance degradation. For more information, refer to CPAI-2006-140 at http://www.checkpoint.com/defense/advi sories/public/2006/cpai-21-Novb.html Novell eDirectory 'evtFilteredMonitorEventsRequest' Vulnerability Overview: A remote code execution has been detected in the LDAP service of Novell eDirectory. Novell's eDirectory is a directory service software product for centrally managing access to resources on multiple servers and computers within a network. A remote attacker can exploit this vulnerability to execute arbitrary code on a target system. The protection blocks specially crafted LDAP requests that may lead to a denial of service condition (DoS) on the affected LDAP server. For more information, refer to CPAI-2006-137 at http://www.checkpoint.com/defense/advi sories/public/2006/cpai-29-Nova.html Update Protection against Visual Studio WMI Code Execution Vulnerability Overview: A remote code execution vulnerability exists in Microsoft Visual Studio 2005. Microsoft Visual Studio is a software development product for computer programmers. It centers on an integrated development environment which lets programmers create standalone applications, web sites, web applications, and web services that run on any platforms supported by Microsoft's .NET Framework. By convincing a user to visit a specially crafted Web page, a remote attacker may trigger this vulnerability to execute arbitrary code on an affected system. The update protects against this vulnerability by blocking the vulnerable COM object. Depending on the traffic mix, activating this protection may result in performance degradation. For more information, refer to CPAI-2006-141 at http://www.checkpoint.com/defense/advi sories/public/2006/cpai-21-Nova.html Block MSN Messenger Live 8 Overview: Windows Live Messenger, formerly and still commonly known as MSN Messenger or MSN, is a freeware instant messaging client for Windows XP and Windows Vista. It is part of Microsoft's Windows Live set of online services. Released on June 19, 2006, MSN Messenger Live 8 has many features including offline conversations, the possibility to share files with other users and more. SmartDefense allows you to block MSN Messenger Live 8. The Update enables the HTTP Worm Catcher to detect and block MSN Messenger Live 8 based on pre-defined worm signatures. Please note that this update does not block MSN Messenger Live 8 Beta. For more information, refer to CPAI-2006-143 at http://www.checkpoint.com/defense/advis ories/public/2006/cpai-23-Nov.html AOL Nullsoft Winamp Ultravox Heap Overflow VulnerabilityOverview: A heap-based buffer overflow vulnerability was detected in the multimedia player AOL Nullsoft Winamp. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system. The Update enables the Header Rejection protection to detect and block the vulnerability based on pre-defined header names.For more information, refer to CPAI-2006-144 at http://www.checkpoint.com/defense/advis ories/public/2006/cpai-29-Nov.html Links to the recent SmartDefense Advisories are available at: http://www.checkpoint.com/defense/advisories/pub lic/summary.html Read more about SmartDefense Service at: http://www.checkpoint.com/defense/advisories/pu blic/overview.html To sign-up to the mailing list, send an email to listservamadeus.us.checkpoint.com with the text "SUBSCRIBE SMARTDEFENSE-NEWS" in the email body. To unsubscribe from this list, send an email to listservamadeus.us.checkpoint.com with the text "SIGNOFF SMARTDEFENSE-NEWS" In the email body. As always, please feel free to contact us directly if you have any comments or questions (sda-infoCheckPoint.com).

[1]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists