Thursday, June 14, 2012

Comsec detects security bug in one of Check Point's main security product

Comsec detects security bug in one of Check Point's main security product

Comsec Consulting has detected a security bug in Check Point's Endpoint Connect.  

‘Endpoint Connect’ unifies the protection of the user end-station under a single security management console. The product can be found in use across all sectors.

According to Moshe Ishai, CEO of Comsec Consulting, "the discovery was of a vulnerability, which could lead (if abused) to gaining control over any workstation the product is installed on. This vulnerability provides the attacker with potential to perform malicious activities, ranging from sniffing for information, to causing actual damage."

Moshe Ishai further added that, "Check Point is considered one of the leading security product companies on the market, offering high quality security solutions. It is possible to discover bugs in any products (software or hardware), and Check Point should be credited, as they immediately took all efforts to offer its customers an immediate fix. Check Point ensured a rapid remediation, which makes the product even more resilient than before. "

The bug was discovered by Comsec several weeks ago, but was kept secret and reported only to the product manufacturer. From this time, Check Point has worked vigorously in order to release an improved version which includes a fix for the risk identified by Comsec.

The affected product versions include: E75, E80.20, E80.30, R73 - (customers who update the version of their product will not be exposed to the aforementioned vulnerability).  

The Hot Fix for the bug can be downloaded from Check Point's website