MS article that started search: https://technet.microsoft.com/library/security/ms14-021
--FOUND THIS--
--AND THIS—
“Latest Internet Explorer
exploit patched within 24 hours”
What is
the latest web security danger found when using Internet Explorer?
When
Microsoft announced it was ending support and automatic security updates for
Windows XP, the cybercriminal community stepped up its attacks, exploiting
vulnerabilities wherever they found them. This
led to the recent attack campaign against U.S-based defense and financial
companies through a remote code execution vulnerability discovered in versions
6-11 of Internet Explorer (IE).
The
announced vulnerability in IE has become the latest headline story in the
network security industry largely based on the fact that Microsoft has not
stated when a patch for the vulnerability will be available for supported
Windows platform but more importantly implied Windows XP PCs will not receive a
patch since it has stop
support on that platform. As a result, organizations that have yet to
upgrade or invest in a new system running a more recent version of Windows will
find themselves at increased risk for hackers to exploit, ranging from simple
opportunistic attacks to highly targeted malware infection campaigns. According
to Microsoft, the danger arises from an attacker who successfully exploits the
vulnerability to gain the same user privileges as the current user to either install
programs, view, change or delete data, or create new accounts with full user
rights if the current user is logged on with full administrative user rights. As a result, Microsoft has quickly
released an out-of-band bulletin Microsoft
Security Advisory 2963983 that was
published on April 26, 2014 detailing the severity of the vulnerability and
mitigation options for users.
What does
this mean for
Dell SonicWALL customers?
As a member
of the Microsoft
Active Protections Program (MAPP), the Dell SonicWALL Threat Research Team reacted swiftly to the
Microsoft Security Advisory and created countermeasures to detect and stop all
attempted exploits with the new IPS signature IPS:
3787 Windows IE Remote Code Execution Vulnerability (CVE-2014-1776). Within
24 hours of the security advisory, the IPS (Dell SonicWALL Intrusion Prevention
Service) signature was immediately pushed to all Dell SonicWALL next-generation
firewalls owned by customers who have active security subscription services for
their firewall. Customers without an active security service should
purchase or renew their security service as soon as possible to receive IPS
signatures for the latest threats and ongoing protection against new threats as
they occur. This protection covers all Windows platforms including
Windows XP without having to implement any of the recommended Microsoft
workarounds. However, Dell SonicWALL encourages a layered security
approach when combating zero-day type vulnerabilities.
Additionally, we recommend that customers take additional security measures and
perform audits as outlined below to minimize their security risk.
- Make sure IPS is enabled on the
firewall
- Use the firewall advanced
application control function to configure a policy that will block
users from accessing the internet with affected versions of IE until all
systems are patched
- Apply any workarounds as
suggested by Microsoft under the Microsoft
Security Advisory 2963983
In summary,
this is a dramatic reminder that Dell SonicWALL not only offers security
solutions that deliver a deeper level of
network protection but more importantly, that our Threat Research Team has a deep and
thorough understanding of the dynamic threat landscape and the endless dangers
it poses for networks of all sizes. With the sheer volume of
vulnerabilities that are discovered across all computing platforms, identifying
and developing the best possible countermeasures against these mutable threats
can be challenging as no two threats are exactly the same. Customers can rely
on Dell SonicWALL’s team of in-house threat research experts working around the
clock gathering, correlating and analyzing data feeds from its Global Response
Intelligent Defense (GRID) Network which now has more than one million security
sensors globally. Moreover, they conduct ongoing “in-the-wild”
investigations and work with security advisory communities such as Microsoft
MAAP to provide our next-generation firewalls and intrusion prevention systems
with the threat intelligence required to stop new threats and threat variants
with a high degree of effectiveness as they occur. Stay connected
with the latest news and security updates via Dell Security on Twitter, Facebook and LinkedIn.
--AND THIS--“April 2014 IE
Vulnerability”April 2014 IE Vulnerability
– Next steps for customers to ensure they are protectedSituationOn April 26th, Microsoft
released Microsoft Security Advisory 2963983 that
addresses a remote code execution vulnerability, CVE-2014-1776,
in Microsoft Internet Explorer (IE) versions 6 to 11. A successful exploit
of this vulnerability will cause arbitrary code to run in the context of a
current user within IE. At this time, Microsoft has not stated when a
patch for the vulnerability will be available for supported Windows platforms
but, more importantly, it is likely that Windows XP PCs will not receive a
patch due to the EOL on that platform. For a view of the broader security
implications of Microsoft Windows XP end of support read our blog published
in December.Given that IE represents
roughly one quarter of the browser share, this potentially exposes a large
number of internet users’ computers to malware attacks. Reports of
malicious sites using the vulnerability to hijack PCs surfaced immediately upon
publication of the vulnerability (ArsTechnica).
This is a very typical, and highly successful, method of obtaining access to
company data utilizing readily available malware. Traditional stateful packet
inspection firewalls are blind to these attacks. Malicious traffic utilizing
this vulnerability used to attack end users inside a network appears as 100%
legitimate traffic to stateful firewalls. On the other hand,
next-generation firewalls and unified threat management firewalls, as well as
intrusion prevention systems, are designed to protect networks from such
attacks. First Priority: Protect
your networkDell SonicWALL firewall
customers that have the Intrusion Prevention Service enabled have been
protected against this attack since Sunday, April 27th through
an automatic update pushed out over the weekend with the following update:
- IPS: 3787 Windows IE Remote Code Execution Vulnerability (CVE-2014-1776)
--AND THIS--
There was a new/different
Microsoft Advisory (also for IE) issued on Tuesday. Once again, we had
protections that very day. https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=680
http://en.community.dell.com/techcenter/b/techcenter/archive/2014/05/01/double-trouble-critical-ie-vulnerability-weeks-after-windows-xp-end-of-life.aspx
ReplyDelete