Sonicwall Keeps Users Secure From WMF Remote Code Execution Exploit
Vulnerability prevention team keeps customers safe from critical vulnerability
SUNNYVALE, CALIF. January 6, 2006 SonicWALL, Inc. (NASDAQ: SNWL) today announced that users of its Internet threat prevention technology are actively being protected from the Metafile Format (WMF) Remote Code Execution exploit impacting Microsoft Windows users. Thus far, SonicWALL has monitored attempted exploits at a rate of tens of thousands a day.
SonicWALLs SonicALERT team first detected signs of the WMF exploit on December 28, and within hours launched a response across all SonicWALL security appliances worldwide using the companys dynamic protection capabilities.
Microsoft Windows WMF graphics rendering engine is affected by a remote code execution vulnerability, which could allow an attacker to execute arbitrary code in the security context of the logged-on user. The vulnerability is being exploited on fully patched systems. Researchers are tracking thousands of sites distributing the exploit code which, if successful, would allow the malicious software to surreptitiously install spyware on a user's PC or allow a hacker to control the machine remotely.
Our gateway threat prevention services subscribers have been protected automatically from this exploit from day zero, which is highly important since Microsofts patch reportedly will not be distributed until next week said Boris Yanovsky, vice president of security services at SonicWALL. Our ability to protect our customers from this threat is particularly notable since this flaw uses a file format that has not been used for previous attacks. As a result, providing protection may be more challenging for some anti-virus solution vendors.
If an attacker were able to execute local code within a users system, the potential for complete compromise exists, added Yanovsky.
SonicWALL, named the leader in Unified Threat Management (UTM) security appliances worldwide for the third consecutive quarter, according to IDCs Worldwide Quarterly Security Appliance Tracker, has delivered zero day gateway anti-virus and intrusion prevention signatures to its subscribers to defend against attacks and exploits based on the WMF remote code execution vulnerability.
Signatures added by the SonicALERT team are constantly updated and include:
Intrusion Prevention Service:
# EXPLOIT WMF Remote Code Execution Exploit, SID:3089
Gateway Anti-Virus:
# WMF.A (Exploit)
Further information is available at http://software.sonicwall.com/applications/ips/index.asp?ev=sig&sigid=3089
About SonicWALL, Inc.
SonicWALL, Inc. is a leading provider of integrated network security, mobility and productivity solutions for the SMB, enterprise, e-commerce, education, healthcare, retail/point-of-sale, and government markets. SonicWALL, Inc. is headquartered in Sunnyvale, CA. SonicWALL trades on the NASDAQ exchange under the symbol SNWL. For more information, contact SonicWALL at +1 (408) 745-9600 or visit the company web site at http://www.sonicwall.com/.
Source: SonicWALL
[ Comment, Edit or Article Submission ]
