SonicWALL, Inc., a leading secure network infrastructure company, confirmed today that users of its Gateway AV/IPS technology are automatically protected against the recently discovered vulnerability within Microsoft's Internet Explorer (IE) browser.
SonicWALL's vulnerability and malware research team yesterday deployed Intrusion Prevention (IPS) signatures that address the flaws in Window's IE, without the customer needing to manually update the service.
As a result, customers with a current subscription to SonicWALL's gateway threat prevention services are automatically protected against the Microsoft Windows Internet Explorer vulnerability.
"While Microsoft is working to develop a patch update for this, there is a significant window of opportunity for hackers to exploit the vulnerability and infect PC's without the user's knowledge," commented Boris Yanovsky, Vice President of SonicWALL's vulnerability research team.
"We expect to see social networking sites such as Facebook, Flickr and Twitter being leveraged to infect large numbers of computers worldwide. It's critical to protect our customers, so our gateway threat prevention services automatically defend against exploits of the Internet Explorer vulnerability."
Anyone who visits a site that's been hacked due to the IE vulnerability could be at risk. By exploiting the IE vulnerability, hackers can remotely take control of a user's computer as soon as the user visits a site that contains malicious code.
Exploiting a component of Microsoft DirectShow, hackers are able to create HTML pages with malicious JavaScript parsed in an IE browser to infect users' computers' without their knowledge. The URL JavaScript is used to instantiate an instance of the vulnerable control and feed it a malformed image, likely to be logo.gif, causing it to crash and execute the malcode.
Once initiated the hacker is able to launch a wide range of attacks on the computer that could include opening random files on the target machine, thus causing potential denial of service attacks.
The IPS signature names and their respective IDs, below, were deployed to production on Monday, July 6.
3015 MS DirectShow (msvidctl.dll) ActiveX Control Instantiation 1
3016 MS DirectShow (msvidctl.dll) ActiveX Control Instantiation 2
GAV: DirectShow_Msvidctl (Exploit)
For further information on the signatures created please visit: https://www.mysonicwall.com/SonicAlert/index.asp?ev=article&id=145
SonicWALL has developed unique technologies to deliver zero day gateway anti-virus, anti-spyware and intrusion prevention signatures to its subscribers on a continual basis, allowing them to defend against new and existing Internet attacks and exploits such as phishing, viruses, DHA or DoS attacks and more. These technologies ensure that SonicWALL gateway threat prevention services customers are not affected by the Internet Explorer vulnerability.
About SonicWALL, Inc.
SonicWALL is committed to improving the performance and productivity of businesses of all sizes by engineering the cost and complexity out of running a secure network. Over one million SonicWALL appliances have been shipped through its global network of ten thousand channel partners to keep tens of millions of worldwide business computer users safe and in control of their data. SonicWALL's award-winning solutions include network security, secure remote access, content security, backup and recovery, and policy and management technology. For more information, visit the company web site at http://www.sonicwall.com/. |
