Check Point® Software Technologies Ltd. (Nasdaq: CHKP), the worldwide leader in securing the Internet, today announced through Check Point SmartDefense® Services, users of VPN-1® R65 and R62, VSX NGX R65 and IPS-1® R65 are already protected from an unpatched, publically available Microsoft SQL Server buffer overflow vulnerability.
An attacker can take advantage of the vulnerability by creating a specially crafted Structured Query Language (SQL) request and sending it to a targeted server, triggering a memory overwrite. Successful exploitation would cause a denial of service and may allow the attacker to execute arbitrary code on a vulnerable system. The threat affects users of SQL Server 2000 and 2005. Check Point rates the severity of vulnerability as critical.
"SQL Server vulnerabilities such as this are relatively easy for hackers to exploit and leave businesses quite vulnerable," said Oded Gonda, vice president of network security products at Check Point. "It's the goal of Check Point SmartDefense Services to provide our customers with immediate protection from the latest threats, which often arise before patches are available."
Check Point SmartDefense provides intrusion prevention capabilities that are integrated into Check Point gateways. SmartDefense is updated by SmartDefense Services, which provide ongoing and real-time updates and configuration advisories for defenses and security policies. SmartDefense protections are developed and distributed by SmartDefense Research and Response Centers located around the globe.
More information about the vulnerability and the SmartDefense protection can be found at Check Point's Security Research and Response website:
www.checkpoint.com/defense/advisories/public/index.html.
(Technology Marketing Corp.)