SonicWALL Protects Users From Newly-Identified Vulnerabilities
SonicWALL Research Team Moves Fast to Deploy Signatures to Repel Possible Exploits Against New Wave of Security Threats
SUNNYVALE, Calif., Aug. 10 / SonicWALL, Inc. (NASDAQ:SNWL), a leading provider of continuous data protection and network, Web and email security solutions, today announced that it has deployed early protection against a range of newly-identified software, firewall and security vulnerabilities. Users of the company's Unified Threat Management technology receive updated signatures designed to repel security threats.
SonicWALL has deployed further signatures to protect against recent exploits including Microsoft HHCtrl ActiveX Control Memory Corruption Vulnerability (MS06-046), Microsoft Management Console Remote Code Execution Vulnerability (MS06-044), and Microsoft PowerPoint Malformed Record vulnerability (Exploit.PoC). Signatures created by SonicWALL's research team are already in place to other exploits, including those targeting the HLINK Day Zero vulnerability.
SonicWALL also deployed signatures designed to address possible remote code execution of vulnerabilities in Barracuda Spam Firewalls (version 3.3.01.001 to 3.3.02.053). These vulnerabilities could result in arbitrary file disclosure and remote command execution.
"To exploit this vulnerability, a valid user must be logged in to the Barracuda firewall," said Boris Yanovsky, vice president of security services at SonicWALL. "However, this restriction can be overcome if attackers use another, existing vulnerability. It's important for companies of all sizes to use dynamic threat prevention on their firewall so that their network defenses can be continually and automatically updated at the gateway, before any equipment behind the firewall can be compromised."
SonicWALL, named leader in unit share and factory revenues for Unified Threat Management security appliances worldwide for the fifth consecutive quarter, according to IDC's Worldwide Q1 06 Security Appliance Tracker, July 2006, delivers zero day gateway anti-virus, anti-spyware and intrusion prevention signatures to its subscribers on a continual basis, allowing them to defend against new and existing Internet attacks and exploits.
Further information on these and other vulnerabilities is available at
SID:3452 - EXPLOIT Windows HHCtrl ActiveX Control Memory Corruption Vulnerability (MS06-046)
http://software.sonicwall.com/applications/ips/index.asp?ev=sig&sigid=3452
SID:3451 - EXPLOIT Microsoft Management Console Remote Code Execution Vulnerability (MS06-044)
http://software.sonicwall.com/applications/ips/index.asp?ev=sig&sigid=3451
SID:3449 - EXPLOIT Barracuda Spam Firewall <= 3.3.03.053 Remote Code Execution (HTTP)
http://software.sonicwall.com/applications/ips/index.asp?ev=sig&sigid=3449
SID:3450 - EXPLOIT Barracuda Spam Firewall <= 3.3.03.053 Remote Code Execution (HTTPS)
http://software.sonicwall.com/applications/ips/index.asp?ev=sig&sigid=3450
About SonicWALL, Inc.
Founded in 1991, SonicWALL, Inc. designs, develops and manufactures comprehensive network security, email security, secure remote access, and continuous data protection solutions. For more information, contact SonicWALL at +1-408-745-9600 or visit the company web site at www.sonicwall.com/ .
Source: SonicWALL, Inc.
CONTACT: Mary McEvoy of SonicWALL, Inc., +1-408-962-7110, or mmcevoy@sonicwall.com; or Erin Collopy of The Hoffman Agency, +1-408-975 3041, or ecollopy@hoffman.com, for SonicWALL, Inc.
Web site: www.sonicwall.com/
