Check Point response to: KHOBE – 8.0 earthquake for Windows desktop security software

Symptoms 
 
www.matousec.com has published a new technique for evading OS firewall protections. 
The attack is described in http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php and in http://www.securityfocus.com/bid/39924/ 
 
 
Cause 

A race condition attack that evades access control checks by substituting system call arguments.
 
 
Solution 
 
ZoneAlarm Extreme Security 9.1.507.000 was reported to be vulnerable. However, ZoneAlarm has a protection against this type of attack.

To enable this protection ("Off" by Default), proceed as follows:

Launch the ZoneAlarm extreme Security GUI.

Select the "Program Control" menu item.

Under "Program Control", click "Custom". The "Custom Program Control Settings" popup appears.

Access the "Program Control" tab, and select "Advanced Control".

Select "Enable Timing Attack Prevention".

 

Vous avez d’autres questions ? Envoyer une demande

0 Commentaires

Veuillez vous connecter pour laisser un commentaire.

Nous Contacter

Adopté par plus de 90,000,000 utilisateurs à travers le monde