TMCnet News
SonicWALL Internet Threat Prevention Has Customers Covered Automatically Against Exploits of Microsoft Internet Explorer VulnerabilitySUNNYVALE, Calif., July 7, 2009 /PRNewswire-FirstCall via COMTEX/ -- SonicWALL, Inc. (Nasdaq: SNWL), a leading secure network infrastructure company, confirmed today that users of its Gateway AV/IPS technology are automatically protected against the recently discovered vulnerability within Microsoft's Internet Explorer (IE) browser. SonicWALL's vulnerability and malware research team yesterday deployed Intrusion Prevention (IPS) signatures that address the flaws in Window's IE, without the customer needing to manually update the service. As a result, customers with a current subscription to SonicWALL's gateway threat prevention services are automatically protected against the Microsoft Windows Internet Explorer vulnerability. "While Microsoft is working to develop a patch update for this, there is a significant window of opportunity for hackers to exploit the vulnerability and infect PC's without the user's knowledge," commented Boris Yanovsky, Vice President of SonicWALL's vulnerability research team. "We expect to see social networking sites such as Facebook, Flickr and Twitter being leveraged to infect large numbers of computers worldwide. It's critical to protect our customers, so our gateway threat prevention services automatically defend against exploits of the Internet Explorer vulnerability." Anyone who visits a site that's been hacked due to the IE vulnerability could be at risk. By exploiting the IE vulnerability, hackers can remotely take control of a user's computer as soon as the user visits a site that contains malicious code. Exploiting a component of Microsoft DirectShow, hackers are able to create HTML pages with malicious JavaScript parsed in an IE browser to infect users' computers' without their knowledge. The URL JavaScript is used to instantiate an instance of the vulnerable control and feed it a malformed image, likely to be logo.gif, causing it to crash and execute the malcode. Once initiated the hacker is able to launch a wide range of attacks on the computer that could include opening random files on the target machine, thus causing potential denial of service attacks. The IPS signature names and their respective IDs, below, were deployed to production on Monday, July 6. 3015 MS DirectShow (msvidctl.dll) ActiveX Control Instantiation 1 3016 MS DirectShow (msvidctl.dll) ActiveX Control Instantiation 2 GAV: DirectShow_Msvidctl (Exploit) For further information on the signatures created please visit: https://www.mysonicwall.com/SonicAlert/index.asp?ev=article&id=145 SonicWALL has developed unique technologies to deliver zero day gateway anti-virus, anti-spyware and intrusion prevention signatures to its subscribers on a continual basis, allowing them to defend against new and existing Internet attacks and exploits such as phishing, viruses, DHA or DoS attacks and more. These technologies ensure that SonicWALL gateway threat prevention services customers are not affected by the Internet Explorer vulnerability. About SonicWALL, Inc. SonicWALL is committed to improving the performance and productivity of businesses of all sizes by engineering the cost and complexity out of running a secure network. Over one million SonicWALL appliances have been shipped through its global network of ten thousand channel partners to keep tens of millions of worldwide business computer users safe and in control of their data. SonicWALL's award-winning solutions include network security, secure remote access, content security, backup and recovery, and policy and management technology. For more information, visit the company web site at http://www.sonicwall.com/. Safe Harbor Regarding Forward-Looking Statements Certain statements in this press release are "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. The forward-looking statements include but are not limited to statements regarding the benefits associated with the Clean Wireless solution, added functionality associated with SonicOS 5.2 firmware, and the benefits associated with SonicPoint-N Dual Band Access point. These forward-looking statements are based on the opinions and estimates of management at the time the statements are made and are subject to certain risks and uncertainties that could cause actual results to differ materially from those anticipated in the forward-looking statements. In addition, please see the "Risk Factors" described in our Securities and Exchange Commission filings, including our Annual Report on Form 10-K for the year ended December 31, 2008, for a more detailed description of the risks facing our business. All forward-looking statements included in this release are based upon information available to SonicWALL as of the date of the release, and we assume no obligation to update any such forward-looking statement. NOTE: SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies. SOURCE SonicWALL, Inc. http://www.sonicwall.com |