Well-known Zero-day Vulnerabilities 2012 Summary (Aug 9, 2012)

A zero-day attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, operation system etc. Multiple zero-day vulnerabilities can be found each year. The following are the well-known zero-day vulnerabilities for the first half year of 2012. Dell SonicWALL coverage for these vulnerabilities and references are also listed:

• CVE-2012-0779 Adobe Flash Player vulnerability
  * Covered by signature: [GAV:CVE-2012-0779.dc],[GAV:Malformed.swf.MP.6],[IPS:6231],[IPS:6511],[IPS:7610],[IPS:7772],[IPS:8068]
• CVE-2012-0152 (Microsoft Windows Remote Desktop Server Denial of Service)
  Covered by Firewall synflood protection feature “Always proxy WAN client connections”.
• CVE-2012-1675 Oracle TNS Poison vulnerability
  Covered by signature: [IPS:7757] REF: Oracle TNS Poison vulnerability
• CVE-2012-1875 Microsoft IE Same ID Property Remote Code Execution Vulnerability
  Covered by signature:[IPS:7454],[IPS:7963],[IPS:7998] REF: Cumulative Security Update for Internet Explorer (2699988)
• CVE-2012-1889 MSXML Uninitialized Memory Corruption Vulnerability
  Covered by signature: [IPS:7967], [IPS:7968], [IPS:7969], [IPS:7970], [IPS:7971] REF: Microsoft Security Bulletin Coverage (Jun 12, 2012)

With the deployed signatures, Dell SonicWALL has prevented the customers from being attacked. The following are the statistics within last 20 days:

To better protect our customers, Dell SonicWALL has partnered with Microsoft on the MAPP program, and here is the MAPP landing page: https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=380.

In the above page, you can find all the Microsoft released vulnerabilities and our coverage for the past two years. Dell SonicWALL has been successfully cooperated with Microsoft for the vulnerabilities detecting and preventing, for example, the latest 0day vulnerability CVE-2012-1889, we have deployed the signatures at the same day when Microsoft released the public advisory: MAPP Partners with Updated Protections

In addition to the signatures of detecting 0day vulnerabilities, we have more than 200 shellcode detection IPS signatures, which proactively detects and blocks many attacks in the wild. The following are some examples of the IPS signatures:

• 4569 HTTP Server Shellcode Exploit 8
• 4573 Server Application Shellcode Exploit 10
• 4574 HTTP Server Shellcode Exploit 10
• 4584 Server Application Shellcode Exploit 17
• 4598 Server Application Shellcode Exploit 3
• 4601 HTTP Server Shellcode Exploit 11

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.