Media Alert: Check Point IPS Solutions Protect Against Unpatched Microsoft ActiveX Vulnerability

Check Point® Software Technologies Ltd. (Nasdaq:CHKP), the worldwide leader in securing the Internet, today announced that Check Point IPS Software Blade shields customers against drive-by attacks associated with a newly discovered Microsoft DirectShow Video ActiveX Control vulnerability. The new attack has already compromised thousands of Web sites, which in turn infect endpoints with malware and expose companies to potential data leakage. Check Point IPS customers gain immediate protection against the exploit through Check Point’s automated IPS update services.

The still unpatched vulnerability works as users visit or are discreetly redirected to either a malicious Web site or a legitimate Web site that has been infected with malicious code. The moment a user visits an infected site, JavaScript is automatically executed to deliver malicious software unknowingly to the user’s computer, by way of an exploit that exists in Microsoft DirectShow video streaming software. The downloaded malicious software allows the attacker to gain the same user rights as the local user. These rights allow the attacker to download more malicious programs, redirect victim’s Web searches, intercept information the user types, or steal files that reside on the victim’s computer. This silent, unsolicited download is known as a drive-by download.

Enterprise users at risk for this drive-by download have either the Windows 2000 or XP operating system, or Windows server 2003. Users must also have the DirectShow Video ActiveX plug-in (msvidctl.dll), which is typically widely distributed among Windows users.

Check Point IPS Software Blade protects networks against attacks that leverage the DirectShow exploit by detecting and blocking attempts to utilize specific ActiveX components. The IPS Software Blade provides protection during delays in a company’s patching process to always ensure the security of the network. The protection is further strengthened by immediately available security updates, capable of detecting specific attempts to exploit newly emerging vulnerabilities. Check Point’s IPS Software Blade is supported by Check Point IPS update service, which provides ongoing and real-time updates and configuration advisories for defenses and security policies. Check Point protections are developed and distributed by Check Point’s Security Research and Response Centers located around the globe. Users of Check Point SmartDefense are also protected against the new vulnerability.

"This is a remotely exploitable vulnerability in which a hacker can infect a computer with malicious software over the Internet and infiltrate an enterprise network,” said Oded Gonda, vice president of network security products at Check Point. "Check Point’s innovative technology ensures that businesses have immediate protection from these types of exploits.”

Based on the Software Blade architecture, Check Point IPS Software Blade provides complete, integrated, next generation firewall intrusion prevention capabilities at multi-gigabit speeds, with preemptive threat coverage for clients, servers, OS and other vulnerabilities, malware/worm infections, and more. The IPS Software Blade is comprised of a Multi-Tier Threat Detection Engine that combines signatures, protocol validation, anomaly detection, behavioral analysis, and other methods to provide the highest levels of network IPS protection. Software Blades are independent and flexible security modules that enable companies to select the functions they need to build a custom Check Point Security Gateway.

Businesses interested in additional information on Check Point IPS solutions can visit: www.checkpoint.com/products/softwareblades/intrusion-prevention-system.html.

Businesses interested in subscribing to Check Point security update services can find more information at: www.checkpoint.com/defense/advisories/public/index.html.

More information on the Microsoft DirectShow exploit can be found at: http://www.checkpoint.com/defense/advisories/public/2009/cpai-07-Jul.html.

About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. (www.checkpoint.com), worldwide leader in securing the Internet, is the only vendor to deliver Total Security for networks, data and endpoints, unified under a single management framework. Check Point provides customers uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Today, Check Point continues to innovate with the development of the Software Blade architecture. The dynamic Software Blade architecture delivers secure, flexible and simple solutions that can be fully customized to meet the exact security needs of any organization or environment. Check Point customers include tens of thousands of businesses and organizations of all sizes including all Fortune 100 companies. Check Point's award-winning ZoneAlarm solutions protect millions of consumers from hackers, spyware and identity theft.

©2009 Check Point Software Technologies Ltd. All rights reserved.