Check Point response to: KHOBE – 8.0 earthquake for Windows desktop security software

Symptoms 
 
www.matousec.com has published a new technique for evading OS firewall protections. 
The attack is described in http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php and in http://www.securityfocus.com/bid/39924/ 
 
 
Cause 

A race condition attack that evades access control checks by substituting system call arguments.
 
 
Solution 
 
ZoneAlarm Extreme Security 9.1.507.000 was reported to be vulnerable. However, ZoneAlarm has a protection against this type of attack.

To enable this protection ("Off" by Default), proceed as follows:

Launch the ZoneAlarm extreme Security GUI.

Select the "Program Control" menu item.

Under "Program Control", click "Custom". The "Custom Program Control Settings" popup appears.

Access the "Program Control" tab, and select "Advanced Control".

Select "Enable Timing Attack Prevention".

 

¿Tiene más preguntas? Enviar una solicitud

0 Comentarios

Inicie sesión para dejar un comentario.

Contacto

Más de 90,000,000 usuarios en todo el mundo