Dedicated To Virus Alerts & Software Information, Featuring News, Press Releases, IT Directory & Links
Media Alert: Check Point Provides Protection Against Microsoft Windows Safari Browser Vulnerability
Published 7th July 2008
VPN-1, IPS-1, Connectra, and InterSpect gateways defend enterprises against broad remote code execution vulnerability...
2 July 2008: Check Point Software Technologies Ltd. the worldwide leader in securing the Internet, today announced that users of its VPN-1, IPS-1, Connectra, and InterSpect products are protected against a potentially dangerous remote code execution vulnerability in Microsoft Windows.
Announced in Microsoft Security Advisory 953818 on May 30, this vulnerability affects users of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. The vulnerability is due to the combination of the default download location of dynamic link libraries (DLLs) and how the Windows desktop handles these executables. The result is a blended threat in which files may be downloaded to a machine without prompting, allowing them to be executed. Apple issued a patch on June 19th for the Safari-specific vulnerability.
Check Point customers who subscribe to Check Point SmartDefense Services – which provide ongoing and real-time updates and configuration advisories for defenses and security policies – received protection for the broader DLL-load Hijacking vulnerability on June 2nd. T hese customers are protected not only from the Safari instance of DLL-load Hijacking, but from other exploits that may try to utilize a similar vulnerability approach.
“Windows platform vulnerabilities, which often go unpatched for days, weeks or even months, continue to be one of the top security challenges facing enterprise network environments today,” said Oded Gonda, vice president of network security products at Check Point. “Check Point customers, however, through our SmartDefense Services, do not have to rely on patches to be issued by vendors or deployed to all machines to have the protection against these vulnerabilities.”
Check Point’s SmartDefense Services maintain the most current preemptive security for the Check Point security infrastructure. To help defenses stay continuously ahead of today's constantly evolving threat landscape, SmartDefense Services provide ongoing and real-time updates and configuration advisories for defenses and security policies.
More information about this vulnerability can be found at Check Point Software’s SmartDefense Services website at: www.checkpoint.com/defense/advisories/public/2008/cpai-02-Jun.html
www.checkpoint.com