Adobe and Microsoft have issued their monthly updates for July, so even if you’d rather be doing anything else, you should be patching your computers. We’ll start with Microsoft. As usual, serves as little more than a link to the (SUG), Microsoft’s labyrinthine replacement for the individual bulletins we used to get. In my experience, the is much easier to digest in the form of a spreadsheet, so the first thing I do there is click the small Download link at the right edge of the page, to the right of the Security Updates heading. If you have Excel — or something compatible — installed, you should be able to open it directly.
The Microsoft Security Response Center is part of the defender community and on the front line of security response evolution. For over twenty years, we have been engaged with security researchers working to protect customers and the broader ecosystem.
Once the spreadsheet is loaded, I recommend enabling the Filter option. In Excel 2007, that setting is in the Sort & Filter section of the Data ribbon (toolbar). This makes every column heading a drop-down list, which allow you to select a particular product or platform, and hide everything else.
Analysis of this month’s updates from the SUG spreadsheet shows that there are sixty-two distinct updates, addressing fifty-three security vulnerabilities in Flash, Internet Explorer, SharePoint, Visual Studio, Edge, Office applications,.NET, and all supported versions of Windows. Seventeen of the updates are flagged as Critical.
As for Adobe, there are updates for. The Flash update fixes two vulnerabilities, one of which is Critical. The Acrobat Reader DC update includes fixes for over one hundred security bugs.
About jrivett Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing in in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the ) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at. Jeff went on to work as a programmer, sysadmin, and manager in various industries.
There's more on the, and on the.
. 14-Jun-2013: June 2013's monthly product update rollup from Microsoft includes one Critical and four Important updates that affect Internet Explorer, Windows, and Office.
The IE update addresses nineteen vulnerabilities in the browser; Windows gets two kernel-mode issues fixed; a privilege escalation vulnerability in the Windows Print Spooler is fixed; and a remote code execution issue in Office is addressed. 12-Apr-2013: Microsoft's fixes a critical remote code execution vulnerability in the Remote Desktop Client, a denial of service issue in Active Directory's LDAP functionality, as well as several other issues in Internet Explorer, Office, and other Microsoft applications. 12-Feb-2013: The includes fixes for multiple 'use after free' critical vulnerabilities in Internet Explorer, as well as security patches for several other Microsoft products.
11-Jan-2013: Microsoft's brings updates for Windows Print Spooler, XML Core Services, System Center Operations Manager, and the.NET framework, as well as fixes for a kernel-mode driver issue and an SSL/TLS protocol negotiation vulnerability. As of today, Microsoft has still not issued a fix for the previously reported zero-day issue in Internet Explorer, so Check Point customers should ensure that the is installed and enabled. 02-Jan-2013: A zero day remote code execution vulnerability has been disclosed in Microsoft's Internet Explorer (versions 6, 7, and 8). Microsoft has issued a that describes the issue,and has also created a for end users that will prevent exploitation of the vulnerability. Check Point's protects all Windows systems against this exploit at the network level in the latest IPS update.
06-Dec-2012: Check Point security evangelist Tomer Teller presents his view of the top security threats that will be faced in 2013 in a recent Forbes article. 05-Dec-2012: Check Point and Versafe, a private and independent vendor of online fraud prevention solutions, jointly published a detailed today that details the 'Eurograbber' malware attack, which has resulted in more than 36 million Euros being stolen from approximately 30,000 corporate and personal bank accounts across Europe.
14-Nov-2012: Microsoft's includes six vulnerability bulletins affecting Windows, Excel, Internet Explorer, the.NET framework, and IIS. 11-Oct-2012: Microsoft's product update set for October includes fixes for one vulnerability in Word that is marked as Critical in severity. Several other updates address Important vulnerabilities in Word, Works, and SQL Server. In addition, Adobe has issued updates for Acrobat and Reader that address a Critical remote code execution vulnerability. 12-Sep-2012: Microsoft has released an update for Windows that changes the minimum acceptable key length for certificates used in Public Key Infrastructure (PKI) to 1024 bits.
This update can be downloaded and evaluated now. It will be distributed to all supported versions of Windows via Microsoft Update on October 9, 2012. 11-Sep-2012: September brings the smallest set of Microsoft monthly updates in recent memory, with only two patches issued for non-critical cross-site scripting vulnerabilities in Visual Studio and System Center Configuration Manager. The Check Point IPS Software Blade provides protection against both issues, as well as the recent and far more serious vulnerabilities discovered in the Java programming environment. IPS protections were also issued for two remote code execution vulnerabilities in Apple's Quicktime media player.
14-Aug-2012: Five critical and four Important security bulletins were released today by Microsoft as detailed in their. Affected products are Microsoft Windows, Internet Explorer, Remote Desktop, Exchange Server, JavaScript, VBScript, Office, and Visio. 10-Jul-2012: The July 2012 details three Critical and six Important security vulnerabilities affecting Microsoft Windows, Internet Explorer, Visual Basic for Applications, and Office.
12-Jun-2012: Microsoft's June 2012 'Patch Tuesday' includes security bulletins for 11 issues in Internet Explorer, as well as vulnerabilities in Visio,.NET, Microsoft Dynamics AX Enterprise Portal, and XML Core Services. Check Point provides immediate network protection for unpatched against these issues.
30-May-2012: A sophisticated malware suite known as 'Flame' has recently been discovered that can propagate via network shares and removable devices, and then collect data from an infected machine including keyboard activity and network traffic, as well as audio and video. The Check Point provides immediate network protection against Flame. 08-May-2012: The month of May brings seven Microsoft security bulletins, with three being ranked Critical and the remaining four being Important. These address 23 issues in Windows, Office, Silverlight, and the.NET framework. 11-Apr-2012: Microsoft's set of patches for April includes several fixes for security vulnerabilities in its products. One of these issues, which is in the ActiveX applications framework, has been exploited in the wild; it affects several versions of Office, SQL Server, Visual FoxPro, Visual Basic, BizTalk Server, and Commerce Server. The Check Point IPS Software Blade protects unpatched systems against this and other vulnerabilities announced by Microsoft and Adobe.
14-Feb-2012: Microsoft's monthly patch rollup includes nine security bulletins that address 21 vulnerabilities in their products. Four of the bulletins are marked Critical and five are marked Important. Affected products include Windows, Internet Explorer, SharePoint,.NET, Silverlight, and the Indeo codec.
10-Jan-2012: Microsoft's January 2012 product patch rollup is a relatively small one, with one Critical and five Important issues being fixed in Windows and the Anti-Cross Site Scripting Library. 13-Dec-2011: Microsoft has released 13 for December 2011. Three of these are considered Critical vulnerabilities, with the remainder being marked Important. The following products are affected: Windows, Windows Media Player and Media Center, Internet Explorer, Office, Publisher, PowerPoint, and Excel. 08-Nov-2011: A vulnerability in Microsoft Windows' TrueType font rendering engine is being exploited in the wild by the malware known as '. As of November 8, Microsoft has not announced availability of a patch that addresses the issue.
In the meantime, the Check Point provides protection against this vulnerability at the network level. 11-Oct-2011: Microsoft's October patch rollup includes security updates for Windows, Internet Explorer, Forefront Unified Access Gateway, the.NET framework, and Silverlight.
13-Sep-2011: Microsoft releases its September 2011, all ranked Important. These address 15 vulnerabilities in Microsoft Excel, Microsoft Office, Microsoft SharePoint, Windows Components and Microsoft's Windows Internet naming service (WINS). Check Point IPS Services provide immediate coverage. 08-Sep-2011: The Dutch SSL certificate vendor DigiNotar suffered a breach of its critical systems in July, resulting in the attackers successfully forging over 500 SSL certificates including google.com, yahoo.com, addons.mozilla.org, and torproject.org. The total number of forged certificates is unknown. Click on Learn More to read more details and analysis, as well as some immediate actions that may be required for your systems and network.
06-Sep-2011: The recently discovered 'Morto' worm, which is already active in the wild, attacks Microsoft Windows systems that have the Remote Desktop Protocol enabled. The worm uses a list of weak and common passwords in attempts to log in to a targeted system via RDP. Check Point's IPS protects networks against Morto by blocking repeated login attempts from a single client in a short period of time. 01-Sep-2011: The Check Point IPS Software Blade provides preemptive protection against a critical issue in the Apache HTTP server that can be exploited to create a denial of service to the server.
This vulnerability is already being exploited in the wild. 9-Aug-2011: Microsoft has released 13 security updates, two of which are ranked as Critical and nine marked as Important. These address 22 vulnerabilities in Windows, Internet Explorer, the.NET Framework, and Microsoft Developer Tools. 12-Jul-2011: Microsoft released one Critical and three Important security bulletins today that address vulnerabilities in Microsoft Windows and Microsoft Office Visio 2003. 06-Jul-2011: The latest 'TDLv4' version of the TDSS rootkit malware has infected over 4.5M systems thus far in 2011.
Check Point's IPS Software Blade provides immediate network protection against this trojan virus in the latest IPS update. 14-Jun-2011: Microsoft 16 security bulletins today, nine of which are Critical, and six rated Important. These affect a number of Microsoft products including Windows, Office, Internet Explorer, SQL Server, Silverlight, Visual Studio, and the.NET Framework. 17-May-2011: Adobe has announced several vulnerabilities in their Flash Player product, all of which could allow a remote attacker to take control of a targeted system. Check Point provides.
10-May-2011: Microsoft's May security update includes a Critical security bulletin addressing a vulnerability in Windows' WINS service, as well as an Important bulletin addressing two vulnerabilities in Microsoft Office. Check Point provides same-day network protection against these issues. 05-May-2011: Microsoft has provided its on the release of a Critical security bulletin addressing a vulnerability in Windows and an Important bulletin addressing two vulnerabilities in Microsoft Office. Microsoft has also announced an improved Exploitability Index starting this Tuesday. Read more about the values of the these improvements in this MSRC.
21-Apr-2011: A critical vulnerability has been identified in Adobe Flash Player 10.2.153.1 and earlier versions. The vulnerability , as referenced in, could cause a crash and potentially allow an attacker to take control of the affected system. The vulnerability is being exploited in the wild in targeted attacks via a malicious Web page, or a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment.
Check Point provides immediate protection against this issue. 12-Apr-2011: Microsoft released 17 security bulletins, nine of which are Critical, and eight rated Important. The addresses 64 unique vulnerabilities in a number of Microsoft products including Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, SMB,.NET Framework and GDI+. Check Point provides immediate response to all network IPS vulnerabilities.
05-Apr-2011: A so-called 'mass-injection' attack dubbed LizaMoon has managed to insert malicious code into websites by gaining access to the servers running the databases behind the Internet. Check Point users are preemptively protected against the LizaMoon attack with Check Point's SQL Injection protection. 24-Mar-2011: A remote attack on an affiliate of Comodo, a major issuer of SSL certificates, resulted in nine fraudulent digital certificates being acquired by the attacker for sites such as Google, Yahoo, and Skype. These certificates may be used by malicious parties to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all web browsers. Check Point provides immediate. 14-Mar-2011: Check Point provides immediate against a critical zero-day in Adobe Flash Player, Acrobat, and Reader.
There are reports that the vulnerability is being exploited in the wild via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment. 08-Mar-2011: Check Point provides same-day updates to. For more info, view. 04-Mar-2011: Microsoft plans to ship three security updates on Tuesday to patch four vulnerabilities in Windows and its Office Groove 2007 collaboration software. According to the issued today for next week's Patch Tuesday, all the vulnerabilities can be exploited by attackers to hijack a personal computer or server and later infect those systems with malicious code. 23-Feb-2011: Check Point IPS provides network protection for several critical Adobe vulnerabilities, released in two Security Bulletins (; ) and addressing vulnerabilities in Adobe Flash, Acrobat and Reader. 16-Feb-2011: A zero-day vulnerability has been identified in the Microsoft Windows SMB driver.
The vulnerability could be exploited by remote attackers to crash an affected system or potentially execute arbitrary code with elevated privileges. Exploit code is publicly available. The Check Point IPS Software Blade and SmartDefense provide network protection against these vulnerabilities in the latest IPS update. 08-Feb-2011: Microsoft today published 12 bulletins addressing 22 vulnerabilities in Microsoft Windows, Office, Internet Explorer, and IIS (Internet Information Services). The release also includes patches for three zero-day vulnerabilities Microsoft published Security Advisories for back in December and January. Check Point provides immediate protection against all NIPS vulnerabilities. 31-Jan-2011: Check Point IPS Update Service has provided an immediate protection against an information disclosure vulnerability in Microsoft Windows MHTML protocol. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites.
25-Jan-2011: Check Point released today protections against two Microsoft zero-days: A against a denial of service vulnerability in the way Microsoft Internet Explorer parses HTML pages and a against a new attack vector related to the previously announced vulnerability in Microsoft Graphics Rendering engine. 11-Jan-2011: Check Point has provided immediate response to the two Network IPS vulnerabilities included with Microsoft. For more information, visit and read. 07-Jan-2011: Microsoft today it would release two security updates next week to patch three vulnerabilities in Windows. Microsoft is not scheduled to patch either of the vulnerabilities that the company recently acknowledged and issued security advisories for, including in all versions of IE, and in Windows XP, Vista, Server 2003 and Server 2008. 30-Dec-2010: A remote unpatched code execution vulnerability has been reported in the Microsoft WMI Administrative Tools ActiveX control. Check Point and SmartDefense ahve provided immediate protection against this vulnerability.
27-Dec-2010: Check Point has provided protection against a 0-day vulnerability in Internet Explorer that could allow remote code execution. The vulnerability (, ) is due to the creation of uninitialized memory during a CSS function within Internet Explorer. A remote attacker could exploit this issue by convincing a user to visit a specially crafted HTML document or open a malicious Web page. 26-Dec-2010: Check Point has provided preemptive protection against a vulnerability reported within the Microsoft Internet Information Services (IIS) FTP Service. Users have been protected since March of 2006.
16-Dec-2010: Check Point has responded to CERT-FI announcement, following a report made by Stonesoft Corporation, a security company based in Finland. StoneSoft has reported 23 techniques for evading IPS/IDS detection to the CERT-FI organization.
Read more about Check Point. 14-Dec-2010: Microsoft has released a mega patch today with 17 bulletins addressing 38 vulnerabilities, covering Windows, Internet Explorer, Microsoft Office, and Publisher. 09-Dec-2010: Microsoft is intending to release a mega patch this coming Tuesday with 17 bulletins addressing 38 vulnerabilities. These vulnerabilities cover Windows, Internet Explorer, Microsoft Office, and Publisher. 25-Nov-2010: Today Check Point has provided protection against a critical vulnerability affecting Adobe Flash Media Server. A remote attacker could use this issue to create a denial of service condition and crash the vulnerable application. 16-Nov-2010: Today Adobe has posted regarding security releases for Adobe Reader and Acrobat.
The updates address critical security issues in the products, including a patch for CVE-2010-3654 addressed in in November 1st and CVE-2010-4091 addressed in. Check Point has also CVE-2010-3976 vulnerability referenced in. 09-Nov-2010: Microsoft delivered 3 bulletins addressing 11 vulnerabilities. One of the bulletins has a Critical severity rating, while the other two are rated Important. These vulnerabilities cover Microsoft Office and the Unified Access Gateway (UAG), which is a component of Microsoft Forefront. See the for the Check Point protections available.
07-Nov-2010: A memory corruption vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. As of November 7, 2010 Microsoft has not announced a patch for this vulnerability. However, Check Point and NGX SmartDefense provide immediate network protection in the latest IPS update by detecting and blocking attempts to exploit this issue. 01-Nov-2010: A critical remote code execution vulnerability has been reported in the way Adobe Flash Player parses Flash content inside Acrobat Portable Document Format (PDF) files. A remote attacker may exploit this vulnerability to take complete control of the affected system. Check Point R70/71 provides immediate protection by detecting and blocking PDF files that contain malformed Flash content.
28-Oct-2010: Adobe has released a security advisory that details several critical vulnerabilities in Shockwave Player, four of which were discovered by the Check Point IPS Research Team. A remote attacker can exploit these issues via specially crafted DIR files and potentially take complete control of an affected system. Check Point R70/71 provides immediate protection of unpatched systems by detecting malformed Adobe DIR files and blocking their transfer over HTTP. 27-Oct-2010: Check Point IPS Research Team has provided a protection against a memory corruption vulnerability identified in Adobe Shockwave Player. Shockwave Player is a multimedia application that allows animated content created in Adobe Director to viewed in a web browser that has the Shockwave plug-in installed. An attacker can exploit this issue via a specially crafted DIR file to take complete control of an affected system.
The protection detects and blocks transferring of malformed Adobe DIR files over HTTP. 15-Oct-2010: A remote code execution vulnerability has been discovered by the Check Point IPS Research Team in the mshtml.dll component that is part of Microsoft Internet Explorer. This component is used by IE and other applications to render HTML content. A remote attacker could exploit this issue by convincing a user to access a maliciously crafted Word document, subsequently allowing remote code execution.
Check Point, IPS-1, and NGX SmartDefense provide network protection in the latest IPS update by detecting and blocking attempts to exploit this vulnerability. 12-Oct-2010: Microsoft delivered 16 bulletins addressing 49 vulnerabilities.
These vulnerabilities cover Windows, Internet Explorer, Microsoft Office, and the.NET Framework. Four of the bulletins carry a Critical rating, ten are Important and two are Moderate. The vulnerability described at was discovered by the Check Point IPS Research Team. See the for the Check Point protections available. 06-Oct-2010: Microsoft has released its for the October Security Bulletins, which are scheduled for release Tuesday, October 12, 2010. This month Microsoft will be releasing 16 bulletins addressing 49 vulnerabilities. These vulnerabilities cover Windows, Internet Explorer, Microsoft Office, and the.NET Framework.
Four of the bulletins carry a Critical rating, ten are Important and two are Moderate. 19-Sep-2010: Microsoft has released an addressing an unpatched vulnerability in ASP.NET. ASP.Net uses encryption to hide sensitive data and protect it from tampering by the client. A vulnerability in the ASP.Net encryption implementation can allow an attacker to decrypt and tamper with this data. Check Point IPS Software Blade, IPS-1, and SmartDefense provide immediate protection against this vulnerability. 30-Sep-2010 Update: An out-of-cycle patch has been released by Microsoft, as detailed in Security Bulletin. 13-Sep-2010: Thousands of systems worldwide have been infected with an email-borne worm known by several names, including VBMania and Win32/Visal.B.
Microsoft Patch Tuesday July 2012 Tls And Office For Mac 2016
The worm spreads both via mass emailing itself via users’ and corporate address books, and by copying itself to local and network shared drives. Check Point customers using the AV Software Blade are already protected against this worm as of September 9 th. 16-Sep-2010 Update: Check Point has provided immediate. 12-Sep-2010: Adobe has released a zero-day advisory ( addressing a critical vulnerability discovered in the cooltype.dll component of the Reader and Acrobat products. This flaw can allow attackers to execute arbitrary code on an affected machine via a maliciously crafted PDF document file. The Check Point R70/71 IPS Software Blade provides protection for unpatched systems by detecting and blocking transferal of specially crafted PDF files over HTTP.
01-Sep-2010: The Check Point IPS Research team has discovered a vulnerability in the CoreGraphics framework used by Mac OS X to render PDF files. A maliciously crafted PDF can cause an unexpected application termination or arbitrary code execution, allowing an attacker to take complete control of the affected system. The Check Point R70/71 IPS Software Blade provides protection against this flaw for unpatched systems. 25-Aug-2010: Adobe has released a patch that addresses several vulnerabilities in the Shockwave Player application, six of which were discovered by the Check Point IPS Research Team. Some of the flaws can allow attackers to create a denial of service condition in the browser hosting the Shockwave plugin, while others can allow execution of malicious code on the affected system. The Check Point R70/71 IPS Software Blade provides protection against these flaws for unpatched systems.
19-Aug-2010: Adobe has released an out-of-cycle patch for a vulnerability discovered in the cooltype.dll component of the Reader and Acrobat products. This flaw can allow attackers to execute arbitrary code on an affected machine via a maliciously crafted PDF document file. The Check Point R70/71 IPS Software Blade provides protection for unpatched systems by detecting and blocking transferal of specially crafted PDF files over HTTP. 12-Aug-2010: On August 10, Microsoft patched a critical SSL/TLS vulnerability in Windows, six months after publicly disclosing that Windows was vulnerable to this exploit. Fortunately, Check Point integrated IPS products IPS Software Blade and SmartDefense have provided protection against this vulnerability since November 2009.
11-Aug-2010: The Check Point IPS Research Team has discovered a memory corruption vulnerability in Microsoft Word. A remote attacker can leverage this vulnerability by using maliciously crafted Word and Rich Text Format files to take complete control of an affected system. 10-Aug-2010: Microsoft delivered 15 security updates and patched 32 vulnerabilities in Windows, Internet Explorer (IE), Office and Silverlight.
Nine of the updates are rated Critical and six are rated Important. See the August Check Point Monthly Bulletin for the Check Point protections available. 05-Aug-2010: Microsoft announced it will deliver 14 security updates next week to patch a record-tying 34 vulnerabilities in Windows, Internet Explorer (IE), Office and Silverlight. Eight of the updates are rated Critical and six are rated Important. For more news on this update in the Check Point Monthly Bulletin on August 10th. 19-Jul-2010: Check Point integrated IPS products SmartDefense and the IPS Software Blade provide protection against a critical vulnerability affecting Microsoft Windows. Microsoft Windows fails to properly obtain icons for LNK files. A specially-crafted LNK file can cause Microsoft Windows to automatically execute code that is specified by the shortcut file.
Exploit code for this vulnerability is publicly available. 14-Jul-2010: The Check Point IPS Research Team has discovered a critical heap overflow vulnerability in the ToolTalk database server within several systems. A remote attacker can leverage this vulnerability by sending a crafted database message to the target host, to potentially inject and execute arbitrary code.
13-Jul-2010: The Microsoft July Security Update included 4 bulletins to address 5 vulnerabilities in Windows and Office, including two 0-days published in and. Three of the four updates were rated Critical with a fourth rated Important.Check Point IPS products provide protections from attempts to exploit these vulnerabilities providing defenses before vendor patches are applied throughout your network. 09-Jul-2010: Microsoft released its monthly advance notification, saying it will release four security updates to patch five vulnerabilities in Windows and Office, including two 0-days published in and. Three of the four updates will be rated Critical with a fourth rated Important. 30-Jun-2010: Adobe released a security update to address critical vulnerabilities in Adobe Reader and Adobe Acrobat 9.3.2 and earlier versions.
T hese vulnerabilities, including CVE-2010-1297 referenced in the Check Point, could cause the application to crash and could potentially allow an attacker to take control of the affected system. 13-Jun-2010: Check Point integrated IPS products SmartDefense and the IPS Software Blade provide protection against a vulnerability affecting Microsoft Help and Support Center. Microsoft Help and Support Center contains a programming error that may allow a remote attacker to bypass security restrictions and execute remote code on the affected system. 08-Jun-2010: The Microsoft June Security Update includes 10 bulletins to address 34 vulnerabilities in Windows, Microsoft Office, Internet Explorer and Internet Information Services (IIS). Check Point IPS products provide protections from attempts to exploit these vulnerabilities providing defenses before vendor patches are applied throughout your network.
07-Jun-2010: Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products. The vulnerability, described as critical, affects the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. A remote attacker may exploit this vulnerability to take complete control of an affected system. 20-May-2010: IPS Research Team has discovered a critical Syslog format string vulnerability in the rpc.pcnfsd service within several systems. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. Check Point Research and Response Centers conduct original research on network, protocol and application vulnerabilities.
11-May-2010: The Microsoft May Security Update includes two bulletins, MS10-030 and MS10-031, to address two vulnerabilities in Windows and Microsoft Office, both rated Critical. Check Point IPS products provide protections from attempts to exploit these vulnerabilities providing defenses before vendor patches are applied throughout your network. 05-May-2010: An R70 and R71 protection specifically for detection of the new zero-day Microsoft SharePoint Cross Site Scripting vulnerability is available.
See Microsoft Security Advisory. This vulnerability was first identified. To generically protect against other Cross-Site Scripting attacks in R70/R71 Software Blades and earlier NGX versions see Security Best Practice, which addresses the Cross-Site Scripting protection that has been available since early 2005. 29-Apr-2010: A new Cross Site Scripting vulnerability in SharePoint, was made public today with proof-of-concept code available. Following the publication, Microsoft issued a.
Today Check Point has issued a preemptive advisory, using a protection against these XSS vulnerabilities that has been available since 2005. 27-Apr-2010: Microsoft's re-release of is ready.
On April 21st after it received several reports that the patch did not protect against the vulnerability effectively Microsoft pulled this security update for Windows 2000 Server customers with Windows Media Services installed. Check Point users are advised to download the IPS update and patch their systems. 21-Apr-2010: Microsoft pulled its update on Wednesday, April 21 after it received several reports that it did not protect against the vulnerability effectively. MS10-025 is a security update that only affects Windows 2000 Server customers who have installed Windows Media Services (this is a non-default configuration). Microsoft is targeting a re-release of the update for next week. Check Point users are advised to download the IPS update and patch their systems once the patch is out.