https://community.checkpoint.com/t5/General-Topics/Breaking-News-SandBlast-Agent-Protects-Against-BlueKeep-RDP/m-p/54498#M10887 <P><STRONG>Critical Vulnerability in Windows OS - Code execution using Remote Desktop Protocol (CVE-2019-0708)</STRONG></P> <P>&nbsp;</P> <P style="text-align: center;"><FONT size="5" color="#000000"><STRONG>SandBlast Agent is the First Endpoint Security Solution to </STRONG></FONT></P> <P style="text-align: center;"><FONT size="5" color="#000000"><STRONG>Protect Against BlueKeep RDP Vulnerability!&nbsp;</STRONG></FONT></P> <P class="StyleHeaderGray-80" style="margin-left: .15in;">&nbsp;</P> <P class="StyleHeaderGray-80" style="margin-left: .15in;"><SPAN style="font-weight: normal;"><FONT color="#000000">Recently, a security advisory was released for a vulnerability in RDP (Remote Desktop Protocol) affecting multiple Windows Operating Systems prior to 8.1. According to Microsoft’s advisory</FONT> </SPAN><A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708" target="_blank" rel="noopener"><SPAN style="color: blue; font-weight: normal;">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708</SPAN></A><SPAN style="color: windowtext; font-weight: normal;">, <FONT color="#000000">this vulnerability can be exploited for both remote code execution and denial of service attacks. All this without needing the credentials of the target machine.</FONT></SPAN></P> <P class="StyleHeaderGray-80" style="margin-left: .15in;"><FONT color="#000000"><SPAN style="color: windowtext; font-weight: normal;">Check Point’s SandBlast Agent Anti-Exploit now monitors the RDP service for both Windows 7 and Windows 2008R2 and is able to prevent this attack from occurring. Not only ןד SandBlast Agent able to prevent the exploit from being delivered on unpatched systems, but it is also able to prevent the exploit from being delivered to the previously vulnerable driver in patched systems.</SPAN></FONT></P> <P class="StyleHeaderGray-80" style="margin-left: .15in;"><FONT color="#000000">The protection is available in SandBlast Agent's E80.97 Client Version (Can be downloaded from&nbsp;</FONT><SPAN><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk154432&amp;partition=General&amp;product=Endpoint" target="_blank" rel="noopener">sk154432</A><FONT color="#000000">).</FONT></SPAN></P> <P class="StyleHeaderGray-80" style="margin-left: 0.15in;"><FONT color="#000000"><SPAN style="color: windowtext; font-weight: normal;">To see Anti-Exploit’s protection in action please see the following video, where our Threat Research Group’s POC used for exploitation is blocked. In addition, you can also see how we are able to block the scan of the Metasploit module that was recently developed to identify vulnerable systems.</SPAN></FONT></P> <P class="StyleHeaderGray-80" style="margin-left: .15in;"><FONT color="#000000"><U><STRONG><SPAN style="color: windowtext;">Video 1: SandBast Agent protects against Check Point's Threat Research group BlueKeep based exploit:</SPAN></STRONG></U></FONT></P> <P><div class="lia-vid-container video-embed-center"><div id="lia-vid-Z2eDh2aDE6pF4E1utWADPTjNmElHTa-gw1600h900r220" class="lia-video-brightcove-player-container"><video-js data-video-id="6065295769001" data-account="6058022097001" data-player="default" data-embed="default" class="vjs-fluid" controls="" data-application-id="" style="width: 100%; height: 100%;"></video-js></div><script src="https://players.brightcove.net/6058022097001/default_default/index.min.js"></script><script>(function() { var wrapper = document.getElementById('lia-vid-Z2eDh2aDE6pF4E1utWADPTjNmElHTa-gw1600h900r220'); var videoEl = wrapper ? wrapper.querySelector('video-js') : null; if (videoEl) { if (window.videojs) { window.videojs(videoEl).ready(function() { this.on('loadedmetadata', function() { this.el().querySelectorAll('.vjs-load-progress div[data-start]').forEach(function(bar) { bar.setAttribute('role', 'presentation'); bar.setAttribute('aria-hidden', 'true'); }); }); }); } }})();</script><a class="video-embed-link" href="https://community.checkpoint.com/t5/video/gallerypage/video-id/Z2eDh2aDE6pF4E1utWADPTjNmElHTa-g">(view in My Videos)</a></div></P> <P><U><STRONG>Video 2:&nbsp;<SPAN style="color: windowtext;">SandBast Agent protects against <SPAN style="color: windowtext;">Metasploit module developed to identify vulnerable systems</SPAN>:</SPAN></STRONG></U><U></U></P> <P><U><STRONG><SPAN style="color: windowtext;"><div class="lia-vid-container video-embed-center"><div id="lia-vid-MzeDh2aDE6R1dvzwvOykbzEjcw1TRfTBw1600h900r172" class="lia-video-brightcove-player-container"><video-js data-video-id="6065277746001" data-account="6058022097001" data-player="default" data-embed="default" class="vjs-fluid" controls="" data-application-id="" style="width: 100%; height: 100%;"></video-js></div><script src="https://players.brightcove.net/6058022097001/default_default/index.min.js"></script><script>(function() { var wrapper = document.getElementById('lia-vid-MzeDh2aDE6R1dvzwvOykbzEjcw1TRfTBw1600h900r172'); var videoEl = wrapper ? wrapper.querySelector('video-js') : null; if (videoEl) { if (window.videojs) { window.videojs(videoEl).ready(function() { this.on('loadedmetadata', function() { this.el().querySelectorAll('.vjs-load-progress div[data-start]').forEach(function(bar) { bar.setAttribute('role', 'presentation'); bar.setAttribute('aria-hidden', 'true'); }); }); }); } }})();</script><a class="video-embed-link" href="https://community.checkpoint.com/t5/video/gallerypage/video-id/MzeDh2aDE6R1dvzwvOykbzEjcw1TRfTB">(view in My Videos)</a></div></SPAN></STRONG></U></P> <P><U><STRONG><SPAN style="color: windowtext;">SandBlast Agent BlueKeep Event Forensics Report:</SPAN></STRONG></U></P> <P><U><STRONG><SPAN style="color: windowtext;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="BK.jpg" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1374iAE731A99E43BC111/image-size/large?v=v2&amp;px=999" role="button" title="BK.jpg" alt="BK.jpg" /></span></SPAN></STRONG></U></P> <H6>To learn more about SandBlast Agent's Anti-Exploit protection of BlueKeep, see:&nbsp;<SPAN><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk154232" target="_blank" rel="noopener">sk154232 - Anti-Exploit Protection for Remote Desktop Protocol Vulnerability (CVE-2019-0708)</A></SPAN></H6> <H6>Note: Users who run SandBlast Agent with a third party Anti-Virus (AV) should be aware that Anti-Exploit is turned off in the presence of third party AVs. For this protection to be enabled, you must allow Anti-Exploit to work with third party AVs as detailed in <SPAN><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk154454" target="_blank" rel="noopener">sk154454 - Enabling Anti-Exploit when deployed with a third party Anti-Virus.</A></SPAN></H6> Tue, 28 May 2019 12:16:21 GMT Yossi_Hasson 2019-05-28T12:16:21Z https://community.checkpoint.com/t5/General-Topics/Breaking-News-SandBlast-Agent-Protects-Against-BlueKeep-RDP/m-p/54498#M10887 <P><STRONG>Critical Vulnerability in Windows OS - Code execution using Remote Desktop Protocol (CVE-2019-0708)</STRONG></P> <P>&nbsp;</P> <P style="text-align: center;"><FONT size="5" color="#000000"><STRONG>SandBlast Agent is the First Endpoint Security Solution to </STRONG></FONT></P> <P style="text-align: center;"><FONT size="5" color="#000000"><STRONG>Protect Against BlueKeep RDP Vulnerability!&nbsp;</STRONG></FONT></P> <P class="StyleHeaderGray-80" style="margin-left: .15in;">&nbsp;</P> <P class="StyleHeaderGray-80" style="margin-left: .15in;"><SPAN style="font-weight: normal;"><FONT color="#000000">Recently, a security advisory was released for a vulnerability in RDP (Remote Desktop Protocol) affecting multiple Windows Operating Systems prior to 8.1. According to Microsoft’s advisory</FONT> </SPAN><A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708" target="_blank" rel="noopener"><SPAN style="color: blue; font-weight: normal;">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708</SPAN></A><SPAN style="color: windowtext; font-weight: normal;">, <FONT color="#000000">this vulnerability can be exploited for both remote code execution and denial of service attacks. All this without needing the credentials of the target machine.</FONT></SPAN></P> <P class="StyleHeaderGray-80" style="margin-left: .15in;"><FONT color="#000000"><SPAN style="color: windowtext; font-weight: normal;">Check Point’s SandBlast Agent Anti-Exploit now monitors the RDP service for both Windows 7 and Windows 2008R2 and is able to prevent this attack from occurring. Not only ןד SandBlast Agent able to prevent the exploit from being delivered on unpatched systems, but it is also able to prevent the exploit from being delivered to the previously vulnerable driver in patched systems.</SPAN></FONT></P> <P class="StyleHeaderGray-80" style="margin-left: .15in;"><FONT color="#000000">The protection is available in SandBlast Agent's E80.97 Client Version (Can be downloaded from&nbsp;</FONT><SPAN><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk154432&amp;partition=General&amp;product=Endpoint" target="_blank" rel="noopener">sk154432</A><FONT color="#000000">).</FONT></SPAN></P> <P class="StyleHeaderGray-80" style="margin-left: 0.15in;"><FONT color="#000000"><SPAN style="color: windowtext; font-weight: normal;">To see Anti-Exploit’s protection in action please see the following video, where our Threat Research Group’s POC used for exploitation is blocked. In addition, you can also see how we are able to block the scan of the Metasploit module that was recently developed to identify vulnerable systems.</SPAN></FONT></P> <P class="StyleHeaderGray-80" style="margin-left: .15in;"><FONT color="#000000"><U><STRONG><SPAN style="color: windowtext;">Video 1: SandBast Agent protects against Check Point's Threat Research group BlueKeep based exploit:</SPAN></STRONG></U></FONT></P> <P><div class="lia-vid-container video-embed-center"><div id="lia-vid-Z2eDh2aDE6pF4E1utWADPTjNmElHTa-gw1600h900r717" class="lia-video-brightcove-player-container"><video-js data-video-id="6065295769001" data-account="6058022097001" data-player="default" data-embed="default" class="vjs-fluid" controls="" data-application-id="" style="width: 100%; height: 100%;"></video-js></div><script src="https://players.brightcove.net/6058022097001/default_default/index.min.js"></script><script>(function() { var wrapper = document.getElementById('lia-vid-Z2eDh2aDE6pF4E1utWADPTjNmElHTa-gw1600h900r717'); var videoEl = wrapper ? wrapper.querySelector('video-js') : null; if (videoEl) { if (window.videojs) { window.videojs(videoEl).ready(function() { this.on('loadedmetadata', function() { this.el().querySelectorAll('.vjs-load-progress div[data-start]').forEach(function(bar) { bar.setAttribute('role', 'presentation'); bar.setAttribute('aria-hidden', 'true'); }); }); }); } }})();</script><a class="video-embed-link" href="https://community.checkpoint.com/t5/video/gallerypage/video-id/Z2eDh2aDE6pF4E1utWADPTjNmElHTa-g">(view in My Videos)</a></div></P> <P><U><STRONG>Video 2:&nbsp;<SPAN style="color: windowtext;">SandBast Agent protects against <SPAN style="color: windowtext;">Metasploit module developed to identify vulnerable systems</SPAN>:</SPAN></STRONG></U><U></U></P> <P><U><STRONG><SPAN style="color: windowtext;"><div class="lia-vid-container video-embed-center"><div id="lia-vid-MzeDh2aDE6R1dvzwvOykbzEjcw1TRfTBw1600h900r829" class="lia-video-brightcove-player-container"><video-js data-video-id="6065277746001" data-account="6058022097001" data-player="default" data-embed="default" class="vjs-fluid" controls="" data-application-id="" style="width: 100%; height: 100%;"></video-js></div><script src="https://players.brightcove.net/6058022097001/default_default/index.min.js"></script><script>(function() { var wrapper = document.getElementById('lia-vid-MzeDh2aDE6R1dvzwvOykbzEjcw1TRfTBw1600h900r829'); var videoEl = wrapper ? wrapper.querySelector('video-js') : null; if (videoEl) { if (window.videojs) { window.videojs(videoEl).ready(function() { this.on('loadedmetadata', function() { this.el().querySelectorAll('.vjs-load-progress div[data-start]').forEach(function(bar) { bar.setAttribute('role', 'presentation'); bar.setAttribute('aria-hidden', 'true'); }); }); }); } }})();</script><a class="video-embed-link" href="https://community.checkpoint.com/t5/video/gallerypage/video-id/MzeDh2aDE6R1dvzwvOykbzEjcw1TRfTB">(view in My Videos)</a></div></SPAN></STRONG></U></P> <P><U><STRONG><SPAN style="color: windowtext;">SandBlast Agent BlueKeep Event Forensics Report:</SPAN></STRONG></U></P> <P><U><STRONG><SPAN style="color: windowtext;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="BK.jpg" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1374iAE731A99E43BC111/image-size/large?v=v2&amp;px=999" role="button" title="BK.jpg" alt="BK.jpg" /></span></SPAN></STRONG></U></P> <H6>To learn more about SandBlast Agent's Anti-Exploit protection of BlueKeep, see:&nbsp;<SPAN><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk154232" target="_blank" rel="noopener">sk154232 - Anti-Exploit Protection for Remote Desktop Protocol Vulnerability (CVE-2019-0708)</A></SPAN></H6> <H6>Note: Users who run SandBlast Agent with a third party Anti-Virus (AV) should be aware that Anti-Exploit is turned off in the presence of third party AVs. For this protection to be enabled, you must allow Anti-Exploit to work with third party AVs as detailed in <SPAN><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk154454" target="_blank" rel="noopener">sk154454 - Enabling Anti-Exploit when deployed with a third party Anti-Virus.</A></SPAN></H6> Tue, 28 May 2019 12:16:21 GMT https://community.checkpoint.com/t5/General-Topics/Breaking-News-SandBlast-Agent-Protects-Against-BlueKeep-RDP/m-p/54498#M10887 Yossi_Hasson 2019-05-28T12:16:21Z