Latest Internet Explorer exploit patched within 24 hours

The following message is from Ken Dang, Product Manager:

All,

What is the latest web security danger found when using Internet Explorer?

When Microsoft announced it was ending support and automatic security updates for Windows XP, the cybercriminal community stepped up its attacks, exploiting vulnerabilities wherever they found them. This led to the recent attack campaign against U.S-based defense and financial companies through a remote code execution vulnerability discovered in versions 6-11 of Internet Explorer (IE). 

The announced vulnerability in IE has become the latest headline story in the network security industry largely based on the fact that Microsoft has not stated when a patch for the vulnerability will be available for supported Windows platform but more importantly implied Windows XP PCs will not receive a patch since it has stop support on that platform.  As a result, organizations that have yet to upgrade or invest in a new system running a more recent version of Windows will find themselves at increased risk for hackers to exploit, ranging from simple opportunistic attacks to highly targeted malware infection campaigns. According to Microsoft, the danger arises from an attacker who successfully exploits the vulnerability to gain the same user privileges as the current user to either install programs, view, change or delete data, or create new accounts with full user rights if the current user is logged on with full administrative user rights. As a result, Microsoft has quickly released an out-of-band bulletin Microsoft Security Advisory 2963983 that was published on April 26, 2014 detailing the severity of the vulnerability and mitigation options for users.

What does this mean for Dell SonicWALL customers? 

As a member of the Microsoft Active Protections Program (MAPP), the Dell SonicWALL Threat Research Team reacted swiftly to the Microsoft Security Advisory and created countermeasures to detect and stop all attempted exploits with the new IPS signature IPS: 3787 Windows IE Remote Code Execution Vulnerability (CVE-2014-1776). Within 24 hours of the security advisory, the IPS (Dell SonicWALL Intrusion Prevention Service) signature was immediately pushed to all Dell SonicWALL next-generation firewalls owned by customers who have active security subscription services for their firewall.  Customers without an active security service should purchase or renew their security service as soon as possible to receive IPS signatures for the latest threats and ongoing protection against new threats as they occur.  This protection covers all Windows platforms including Windows XP without having to implement any of the recommended Microsoft workarounds.  However, Dell SonicWALL encourages a layered security approach when combating zero-day type vulnerabilities.   Additionally, we recommend that customers take additional security measures and perform audits as outlined below to minimize their security risk.

1.       Make sure IPS is enabled on the firewall

2.      Use the firewall advanced application control function to configure a policy that will block users from accessing the internet with affected versions of IE until all systems are patched

3.      Apply any workarounds as suggested by Microsoft under the Microsoft Security Advisory 2963983

In summary, this is a dramatic reminder that Dell SonicWALL not only offers security solutions that deliver a deeper level of network protection but more importantly, that our Threat Research Team has a deep and thorough understanding of the dynamic threat landscape and the endless dangers it poses for networks of all sizes.  With the sheer volume of vulnerabilities that are discovered across all computing platforms, identifying and developing the best possible countermeasures against these mutable threats can be challenging as no two threats are exactly the same. Customers can rely on Dell SonicWALL’s team of in-house threat research experts working around the clock gathering, correlating and analyzing data feeds from its Global Response Intelligent Defense (GRID) Network which now has more than one million security sensors globally.  Moreover, they conduct ongoing “in-the-wild” investigations and work with security advisory communities such as Microsoft MAAP to provide our next-generation firewalls and intrusion prevention systems with the threat intelligence required to stop new threats and threat variants with a high degree of effectiveness as they occur.   Stay connected with the latest news and security updates via Dell Security on Twitter, Facebook and LinkedIn.