MEDIA ALERT: Check Point Protects against Zero-Day Microsoft Server Service Vulnerability

Check Point® Software Technologies Ltd. (Nasdaq:CHKP), the worldwide leader in securing the Internet, today announced Check Point SmartDefense® Services protects Check Point users of VPN-1® NGX R65 and R62, VSX NGX R65, and IPS-1 NGX R65 from a new Microsoft Server service zero-day exploit. SmartDefense Services subscribers can gain immediate protection against the vulnerability well before deploying the patch provided by Microsoft.

The vulnerability (CVE-2008-4250) was announced today in the Microsoft Security Bulletin MS08-067 and affects users of Microsoft Windows based desktops, laptops and servers (for a full list of vulnerable products visit: www.microsoft.com/technet/security/Bulletin/MS08-067.mspx). When exploited the vulnerability allows a hacker to execute arbitrary code on a target system.

Due to an issue with the Windows Server service, it improperly handles specially crafted Remote Procedure Call (RPC) requests. A remote unauthenticated attacker could exploit the issue by creating a malicious RPC request and sending it to a vulnerable system, granting the attacker complete control of the system. The vulnerability could potentially be used to create an exploit that would propagate as a worm.

"By enabling the protection, SmartDefense will detect and block malformed RPC requests sent to vulnerable systems,” said Oded Gonda, vice president of network security products at Check Point. "The protection demonstrates Check Point’s commitment to providing total security against zero-day threats to customers through SmartDefense services.”

Check Point SmartDefense provides intrusion prevention capabilities that are integrated into Check Point gateways. SmartDefense is updated by SmartDefense Services, which provide ongoing and real-time updates and configuration advisories for defenses and security policies. SmartDefense protections are developed and distributed by SmartDefense Research and Response Centers located around the globe.

More information about the vulnerability and SmartDefense protection can be found at Check Point’s Microsoft Security website: www.checkpoint.com/defense/advisories/public/2008/cpai-23-Oct.html.

About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. (www.checkpoint.com) is the leader in securing the Internet. Check Point offers total security solutions featuring a unified gateway, single endpoint agent and single management architecture, customized to fit customers’ dynamic business needs. This combination is unique and is a result of our leadership and innovation in the enterprise firewall, personal firewall/endpoint, data security and VPN markets.

Check Point’s pure focus is on information security. Through its NGX platform, Check Point delivers a unified security architecture to protect business communications and resources, including corporate networks and applications, remote employees, branch offices and partner extranets. The company also offers market-leading endpoint and data security solutions with Check Point Endpoint Security products, protecting and encrypting sensitive corporate information stored on PCs and other mobile computing devices. Check Point's award-winning ZoneAlarm solutions protect millions of consumer PCs from hackers, spyware and identity theft. Check Point solutions are sold, integrated and serviced by a network of Check Point partners around the world and its customers include 100 percent of Fortune 100 companies and tens of thousands of businesses and organizations of all sizes.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved.