Microsoft Security Bulletin Coverage (March 14, 2017)

/in /by

SonicWall has analyzed and addressed Microsoft’s security advisories for the month of March, 2017. A list of issues reported, along with SonicWall coverage information are as follows:

MS17-006 Cumulative Security Update for Internet Explorer (4013073)

  • CVE-2017-0008 Internet Explorer Information Disclosure Vulnerability
    IPS:12615 “Internet Explorer Information Disclosure Vulnerability (MS17-006)”

  • CVE-2017-0009 Microsoft Browser Information Disclosure Vulnerability
    IPS:12616 “Microsoft Browser Memory Corruption Vulnerability (MS17-006)”

  • CVE-2017-0012 Microsoft Browser Spoofing Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0018 Internet Explorer Memory Corruption Vulnerability
    IPS:12617 “Internet Explorer Information Disclosure Vulnerability (MS17-006) 2”

  • CVE-2017-0033 Microsoft Browser Spoofing Vulnerability
    IPS:12618 “Microsoft Browser Spoofing Vulnerability (MS17-006)”

  • CVE-2017-0037 Microsoft Browser Memory Corruption Vulnerability
    IPS:12620 “Microsoft Browser Memory Corruption Vulnerability (MS17-006) 2”

  • CVE-2017-0040 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0049 Scripting Engine Information Disclosure Vulnerability
    IPS:12621 “Scripting Engine Information Disclosure Vulnerability (MS17-006)”

  • CVE-2017-0059 Internet Explorer Information Disclosure Vulnerability
    IPS:12658 “Internet Explorer Information Disclosure Vulnerability (MS17-006) 3”

  • CVE-2017-0130 Scripting Engine Memory Corruption Vulnerability
    IPS:12664 “Scripting Engine Memory Corruption Vulnerability (MS17-006)”

  • CVE-2017-0149 Microsoft Internet Explorer Memory Corruption Vulnerability
    IPS:12666 “Internet Explorer Memory Corruption Vulnerability (MS17-006)”

  • CVE-2017-0154 Internet Explorer Elevation of Privilege Vulnerability
    IPS:12669 “Internet Explorer Elevation of Privilege Vulnerability (MS17-006)”

MS17-007 Security Update for Microsoft Edge (4013071)

  • CVE-2017-0009 Microsoft Browser Information Disclosure Vulnerability
    IPS:12616 “Microsoft Browser Memory Corruption Vulnerability (MS17-006)”

  • CVE-2017-0010 Scripting Engine Memory Corruption Vulnerability
    IPS:12622 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 2”

  • CVE-2017-0011 Microsoft Edge Information Disclosure Vulnerability
    IPS:12623 “Microsoft Edge Information Disclosure Vulnerability (MS17-007)”

  • CVE-2017-0012 Microsoft Browser Spoofing Vulnerability
    There are no known exploits in the wild.”

  • CVE-2017-0015 Scripting Engine Memory Corruption Vulnerability
    IPS:12624 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 3”

  • CVE-2017-0017 Microsoft Edge Information Disclosure Vulnerability
    IPS:12626 “Microsoft Edge Information Disclosure Vulnerability (MS17-007) 2”

  • CVE-2017-0023 Microsoft PDF Memory Corruption Vulnerability
    ASPY:2063 “Malformed-File pdf.MP.217”

  • CVE-2017-0032 Scripting Engine Memory Corruption Vulnerability
    IPS:4604 “HTTP Client Shellcode Exploit 1”

  • CVE-2017-0033 Microsoft Browser Spoofing Vulnerability
    IPS:12618 “Microsoft Browser Spoofing Vulnerability (MS17-006)”

  • CVE-2017-0034 Microsoft Edge Memory Corruption Vulnerability
    IPS:12672 “Microsoft Edge Memory Corruption Vulnerability (MS17-007) 2”

  • CVE-2017-0035 Scripting Engine Memory Corruption Vulnerability
    IPS:12613 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 1”

  • CVE-2017-0037 Microsoft Browser Memory Corruption Vulnerability
    IPS:12620 “Microsoft Browser Memory Corruption Vulnerability (MS17-006) 2”

  • CVE-2017-0046 Scripting Engine Memory Corruption Vulnerability
    IPS:12614 “Microsoft Edge Memory Corruption Vulnerability (MS17-006) 1”

  • CVE-2017-0065 Microsoft Browser Information Disclosure Vulnerability
    IPS:12673 “Microsoft Browser Information Disclosure Vulnerability (MS17-007)”

  • CVE-2017-0066 Microsoft Browser Security Feature Bypass Vulnerability
    IPS:12674 “Microsoft Browser Same Origin Policy Bypass (MS17-007)”

  • CVE-2017-0067 Scripting Engine Memory Corruption Vulnerability
    IPS:12675 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 9”

  • CVE-2017-0068 Microsoft Browser Information Disclosure Vulnerability
    IPS:6753 “Cross-Site Scripting (XSS) Attack 8”

  • CVE-2017-0069 Microsoft Edge Spoofing Vulnerability
    IPS:12678 “Microsoft Edge Spoofing Vulnerability (MS17-007)”

  • CVE-2017-0070 Scripting Engine Memory Corruption Vulnerability
    IPS:12662 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 4”

  • CVE-2017-0071 Scripting Engine Memory Corruption Vulnerability
    IPS:12663 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 5”

  • CVE-2017-0094 Scripting Engine Memory Corruption Vulnerability
    IPS:12665 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 6”

  • CVE-2017-0131 Microsoft Edge Memory Corruption Vulnerability
    IPS:12667 “Microsoft Edge Memory Corruption Vulnerability (MS17-007) 1”

  • CVE-2017-0132 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0133 Scripting Engine Memory Corruption Vulnerabilty
    IPS:12668 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 7”

  • CVE-2017-0134 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0135 Microsoft Edge Security Feature Bypass
    There are no known exploits in the wild.

  • CVE-2017-0136 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0137 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0138 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0140 Microsoft Edge Security Feature Bypass
    IPS:12670 “Microsoft Edge Same Origin Policy Bypass (MS17-007)”

  • CVE-2017-0141 Scripting Engine Memory Corruption Vulnerability
    IPS:12671 “Scripting Engine Memory Corruption Vulnerability (MS17-007) 8”

  • CVE-2017-0150 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0151 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0152 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS17-008 Security Update for Windows Hyper-V (4013082)

  • CVE-2017-0021 Hyper-V vSMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0051 Microsoft Hyper-V Network Switch Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0074 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0075 Hyper-V Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0076 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0095 Hyper-V vSMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0096 Hyper-V Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0097 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0098 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0099 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0109 Hyper-V Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS17-009 Security Update for Microsoft Windows PDF Library (4010319)

  • CVE-2017-0023 Microsoft PDF Memory Corruption Vulnerability
    ASPY:2063 “Malformed-File pdf.MP.217”

MS17-010 Security Update for Microsoft Windows SMB Server (4013389)

  • CVE-2017-0143 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0144 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0145 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0146 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0147 Windows SMB Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0148 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS17-011 Security Update for Microsoft Uniscribe (4013076)

  • CVE-2017-0072 Uniscribe Remote Code Execution Vulnerability
    ASPY:2094 “Malformed-File otf.MP.22”

  • CVE-2017-0083 Uniscribe Remote Code Execution Vulnerability
    ASPY:2095 “Malformed-File ttf.MP.10”

  • CVE-2017-0084 Uniscribe Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0085 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0086 Uniscribe Remote Code Execution Vulnerability
    ASPY:2096 “Malformed-File ttf.MP.11”

  • CVE-2017-0087 Uniscribe Remote Code Execution Vulnerability
    ASPY:2097 “Malformed-File ttf.MP.12”

  • CVE-2017-0088 Uniscribe Remote Code Execution Vulnerability
    ASPY:2098 “Malformed-File ttf.MP.13”

  • CVE-2017-0089 Uniscribe Remote Code Execution Vulnerability
    ASPY:3447 “Malformed-File ttf.MP.14”

  • CVE-2017-0090 Uniscribe Remote Code Execution Vulnerability
    ASPY:4784 “Malformed-File ttf.MP.15”

  • CVE-2017-0091 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0092 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0111 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0112 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0113 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0114 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0115 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0116 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0117 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0118 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0119 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0120 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0121 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0122 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0123 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0124 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0125 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0126 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0127 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0128 Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS17-012 Security Update for Microsoft Windows (4013078)

  • CVE-2017-0007 Device Guard Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0016 SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability
    IPS:12599 “Windows SMB Tree Connect Response DoS 2”

  • CVE-2017-0039 Windows DLL Loading Remote Code Execution Vulnerability
    IPS:12612 “Windows DLL Loading Remote Code Execution Vulnerability (MS17-012) 1”

  • CVE-2017-0057 Windows DNS Query Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0100 Windows COM Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0104 iSNS Server Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS17-013 Security Update for Microsoft Grap
hics Component (4013075)

  • CVE-2017-0001 Windows GDI Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0005 Windows GDI Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0014 Windows Graphics Component Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0025 Windows GDI Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0038 Windows Graphics Component Information Disclosure Vulnerability
    ASPY:1383 “Malformed-File emf.MP.12”

  • CVE-2017-0047 Windows GDI Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0060 GDI+ Information Disclosure vulnerability
    ASPY:4990 “Malformed-File emf.MP.10”

  • CVE-2017-0061 Microsoft Color Management Information Disclosure vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0062 GDI+ Information Disclosure Vulnerability
    ASPY:4991 “Malformed-File emf.MP.11”

  • CVE-2017-0063 Microsoft Color Management Information Disclosure vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0073 Windows GDI+ Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0108 Graphics Component Remote Code Execution Vulnerability
    ASPY:4992 “Malformed-File ttf.MP.9”

MS17-014 Security Update for Microsoft Office (4013241)

  • CVE-2017-0006 Microsoft Office Memory Corruption Vulnerability
    ASPY:4493 “Malformed-File psd.TL.1”

  • CVE-2017-0019 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0020 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0027 Microsoft Office Information Disclosure Vulnerability
    ASPY:1360 “Malformed-File xls.MP.55”

  • CVE-2017-0029 Microsoft Office Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0030 Microsoft Office Memory Corruption Vulnerability
    ASPY:1368 “Malformed-File doc.MP.43”

  • CVE-2017-0031 Microsoft Office Memory Corruption Vulnerability
    ASPY:1368 “Malformed-File doc.MP.43”

  • CVE-2017-0052 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0053 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0105 Microsoft Office Information Disclosure Vulnerability
    ASPY:4996 “Malformed-File rtf.MP.16”

  • CVE-2017-0107 Microsoft SharePoint XSS Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0129 Microsoft Lync for Mac Certificate Validation Vulnerability
    There are no known exploits in the wild.

MS17-015 Security Update for Microsoft Exchange Server (4013242)

  • CVE-2017-0110 Microsoft Exchange Server Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS17-016 Security Update for Windows IIS (4013074)

  • CVE-2017-0055 Microsoft IIS Server XSS Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS17-017 Security Update for Windows Kernel (4013081)

  • CVE-2017-0050 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0101 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0102 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0103 Windows Registry Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS17-018 Security Update for Windows Kernel-Mode Drivers (4013083)

  • CVE-2017-0024 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0026 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0056 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0078 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0079 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0080 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0081 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0082 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS17-019 Security Update for Active Directory Federation Services (4010320)

  • CVE-2017-0043 Microsoft Active Directory Federation Services Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS17-020 Security Update for Windows DVD Maker (3208223)

  • CVE-2017-0045 Windows DVD Maker Cross-Site Request Forgery Vulnerability
    There are no known exploits in the wild.

MS17-021 Security Update for Windows DirectShow (4010318)

  • CVE-2017-0042 Windows DirectShow Information Disclosure Vulnerabitliy
    GAV:12611 “Kovter.A_311”

MS17-022 Security Update for Microsoft XML Core Services (4010321)

  • CVE-2017-0022 Microsoft XML Core Services Information Disclosure Vulnerability
    IPS:12610 “Microsoft XML Information Disclosure Vulnerability (MS17-022)”

Microsoft Security Bulletin Coverage for April 2017

/in /by

SonicWall has analyzed and addressed Microsoft and Adobe’s security advisories for the month of April, 2017. A list of issues reported, along with SonicWall coverage information are as follows:

Microsoft Coverage

  • CVE-2017-0058 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0093 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0106 Microsoft Outlook Remote Code Execution Vulnerability
    SPY:4460 Malformed-File rtf.MP.18

  • CVE-2017-0155 Windows Graphics Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0156 Windows Graphics Component Elevation of Privilege Vulnerability
    SPY:1450 Malformed-File exe.MP.30

  • CVE-2017-0158 Scripting Engine Memory Corruption Vulnerability
    IPS:12715 Scripting Engine Memory Corruption Vulnerability (APR 17) 2

  • CVE-2017-0159 ADFS Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0160 .NET Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0162 Hyper-V Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0163 Hyper-V Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0164 Active Directory Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0165 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0166 LDAP Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0167 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0168 Hyper-V Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0169 Hyper-V Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0178 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0179 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0180 Hyper-V Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0181 Hyper-V Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0182 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0183 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0184 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0185 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0186 Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0188 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0189 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0191 Windows Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0192 ATMFD.dll Information Disclosure Vulnerability
    SPY:1433 Malformed-File pfb.MP.2

  • CVE-2017-0194 Microsoft Office Memory Corruption Vulnerability
    IPS:12716 Microsoft Office Memory Corruption Vulnerability (APR 17)

  • CVE-2017-0195 Microsoft Office XSS Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0197 Office DLL Loading Vulnerability
    IPS:12718 ceutil.dll Insecure Library Loading

  • CVE-2017-0199 Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API
    SPY:1446 Malformed-File rtf.MP.17

  • CVE-2017-0200 Microsoft Edge Memory Corruption Vulnerability
    IPS:12717 Microsoft Edge Memory Corruption Vulnerability (APR 17) 2

  • CVE-2017-0201 Scripting Engine Memory Corruption Vulnerability
    IPS:12708 Scripting Engine Memory Corruption Vulnerability (APR 17) 1

  • CVE-2017-0202 Internet Explorer Memory Corruption Vulnerability
    IPS:12709 Internet Explorer Memory Corruption Vulnerability (APR 17) 1

  • CVE-2017-0203 Microsoft Edge Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0204 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0205 Microsoft Edge Memory Corruption Vulnerability
    IPS:12710 Microsoft Edge Memory Corruption Vulnerability (APR 17) 1

  • CVE-2017-0207 Microsoft Office Spoofing Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0208 Scripting Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0210 Internet Explorer Elevation of Privilege Vulnerability
    IPS:12712 Internet Explorer Elevation of Privilege (APR 17) 1

  • CVE-2017-0211 Windows OLE Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2013-6629 libjpeg Information Disclosure Vulnerability
    There are no known exploits in the wild.

Adobe Coverage

APSB17-10 Security updates for Adobe Flash Player:

  • CVE-2017-3058 Adobe Flash Player Use After Free Vulnerability
    Spy:1417 Malformed-File swf.MP.549

  • CVE-2017-3059 Adobe Flash Player Use After Free Vulnerability
    Spy:1418 Malformed-File swf.MP.550

  • CVE-2017-3060 Adobe Flash Player Memory Corruption Vulnerability
    Spy:1419 Malformed-File swf.MP.551

  • CVE-2017-3061 Adobe Flash Player Memory Corruption Vulnerability
    Spy:1420 Malformed-File swf.MP.552

  • CVE-2017-3062 Adobe Flash Player Use After Free Vulnerability
    Spy:1421 Malformed-File swf.MP.553

  • CVE-2017-3063 Adobe Flash Player Use After Free Vulnerability
    Spy:1422 Malformed-File swf.MP.554

  • CVE-2017-3064 Adobe Flash Player Memory Corruption Vulnerability
    Spy:1423 Malformed-File swf.MP.555

APSB17-11 Security Updates for Adobe Acrobat and Reader:

  • CVE-2017-3013 Adobe Acrobat Reader Insecure Library Loading Vulnerability
    Spy:1406 M
    alformed-File pdf.MP.219

  • CVE-2017-3014 Adobe Acrobat Reader Use After Free Vulnerability
    Spy:1407 Malformed-File pdf.MP.220

  • CVE-2017-3017 Adobe Acrobat Reader Memory Corruption Vulnerability
    Spy:1408 Malformed-File pdf.MP.221

  • CVE-2017-3019 Adobe Acrobat Reader Memory Corruption Vulnerability
    Spy:1409 Malformed-File pdf.MP.222

  • CVE-2017-3020 Adobe Acrobat Reader Memory Address Leak Vulnerability
    Spy:1410 Malformed-File pdf.MP.223

  • CVE-2017-3021 Adobe Acrobat Reader Memory Address Leak Vulnerability
    Spy:1411 Malformed-File pdf.MP.224

  • CVE-2017-3022 Adobe Acrobat Reader Memory Address Leak Vulnerability
    Spy:1412 Malformed-File pdf.MP.225

  • CVE-2017-3023 Adobe Acrobat Reader Memory Corruption Vulnerability
    Spy:1413 Malformed-File pdf.MP.226

  • CVE-2017-3024 Adobe Acrobat Reader Memory Corruption Vulnerability
    Spy:1414 Malformed-File pdf.MP.227

  • CVE-2017-3025 Adobe Acrobat Reader Memory Corruption Vulnerability
    Spy:1415 Malformed-File pdf.MP.228

  • CVE-2017-3026 Adobe Acrobat Reader Use After Free Vulnerability
    Spy:1416 Malformed-File pdf.MP.229

  • CVE-2017-3029 Adobe Acrobat Reader Memory Address Leak Vulnerability
    Spy:1405 Malformed-File pdf.MP.218

  • CVE-2017-3032 Adobe Acrobat Reader Memory Address Leak Vulnerability
    Spy:1424 Malformed-File pdf.MP.235

  • CVE-2017-3033 Adobe Acrobat Reader Memory Address Leak Vulnerability
    Spy:1432 Malformed-File pdf.MP.232

  • CVE-2017-3042 Adobe Acrobat Reader Heap Overflow Vulnerability
    Spy:1425 Malformed-File tif.MP.5
    Spy:1426 Malformed-File tif.MP.6
    Spy:1428 Malformed-File tif.MP.7

  • CVE-2017-3044 Adobe Acrobat Reader Memory Corruption Vulnerability
    Spy:1430 Malformed-File pdf.MP.230

  • CVE-2017-3045 Adobe Acrobat Reader Memory Address Leak Vulnerability
    Spy:1431 Malformed-File pdf.MP.231

  • CVE-2017-3046 Adobe Acrobat Reader Memory Address Leak Vulnerability
    Spy:1434 Malformed-File pdf.MP.233

  • CVE-2017-3047 Adobe Acrobat Reader Use After Free Vulnerability
    Spy:1435 Malformed-File pdf.MP.234

  • CVE-2017-3048 Adobe Acrobat Reader Heap Overflow Vulnerability
    Spy:1436 Malformed-File tif.MP.8

  • CVE-2017-3049 Adobe Acrobat Reader Heap Overflow Vulnerability
    Spy:1437 Malformed-File tif.MP.9

  • CVE-2017-3050 Adobe Acrobat Reader Memory Corruption Vulnerability
    Spy:1438 Malformed-File gif.MP.1

  • CVE-2017-3051 Adobe Acrobat Reader Memory Corruption Vulnerability
    Spy:1441 Malformed-File jpg.MP.5

  • CVE-2017-3052 Adobe Acrobat Reader Memory Address Leak Vulnerability
    Spy:1443 Malformed-File emf.MP.13
    Spy:1445 Malformed-File emf.MP.14
  • CVE-2017-3053 Adobe Acrobat Reader Memory Address Leak Vulnerability
    Spy:1447 Malformed-File jpg.MP.6

  • CVE-2017-3055 Adobe Acrobat Reader Heap Overflow Vulnerability
    Spy:1448 Malformed-File pdf.MP.237

  • CVE-2017-3056 Adobe Acrobat Reader Memory Corruption Vulnerability
    Spy:4237 Malformed-File pdf.MP.238

  • CVE-2017-3057 Adobe Acrobat Reader Use After Free Vulnerability
    Spy:1449 Malformed-File pdf.MP.236

Evolution of Email Threats: The Rise of Ransomware, Spear Phishing and Whaling Attacks 

/0 Comments/in /by

Email has been around since the 1970s. Today, everyone and every business uses email for their communications. To put things in perspective, according to Radicati group – 122 business emails were sent and received per user per day in 2015! That is a lot of email for humans to process without making a bad judgement call. It has also become the vector of choice for threat actors to initiate advanced phishing campaigns.

Spam emails were the first form of email borne threats and the first documented email spam attack happened in 1996. Spam was unwanted mail that clogged up people’s inboxes. Malware was sent using spam emails to try to get confidential information or exfiltrate data. Spam was been seen as more of an annoyance.

Over the years, email-borne threats have transitioned to disruption of businesses and services. Today the attacks are more sophisticated and targeted, resulting in financial and reputation loss. It has become easy for hackers to monetize their attacks using zero-day malware, which is available on the dark web marketplace. Attacks such as ransomware and spear-phishing have a direct impact on an organization’s bottom line.

Threat actors used phishing tactics and sent mass email campaigns to try to dupe unsuspecting victims. These were mass email campaigns with a low success rate. Today, attackers carry out targeted and focused tactical email campaigns as part of a spear phishing attack. Social engineering plays a big part in phishing campaigns today.

Reports indicate that phishing campaigns now use ransomware and zero-day malware is the next evolution in phishing. According to the 2017 SonicWall Threat Report the most popular payload for malicious email campaigns in 2016 was ransomware, and the trend is expected to continue throughout 2017.

The top email-borne threats today are – ransomware, spear phishing and whaling or business email compromise.

Ransomware

Ransomware is a type of malware (usually zero-day on unknown) that is designed to encrypt data and block access to a computer system until a sum of money is paid.

According to a study conducted by SANS Institute, Ransomware delivered through phishing emails has emerged as the most identified type of attack for those organizations that had experienced a           breach. This is in line with the findings of the 2017 SonicWall Threat Report, in which ransomware was found to be the payload of choice for malicious email campaigns.

Another study conducted by that Osterman research group shows that nearly one-half of companies in North America were a victim of ransomware in the last 12 months. And no surprises here, as nearly 60% of ransomware was delivered through emails either using malicious links or malware-ridden attachments.

Ransomware is quickly becoming an epidemic for organizations worldwide.

Spear Phishing

Spear phishing attacks are targeted socially engineered campaigns designed to trick unsuspecting employees. Attackers create fake profiles on social media and networking sites to gather information and launch targeted email attacks in the future.

According to SANS 2016 Threat Landscape Survey, spear phishing and whaling are significant forms of attacks reported. Another survey by Cloudmark estimates that the cost of a spear phishing attack is 1.6M and 73% of companies acknowledge that spear phishing poses a significant threat.

Business Email Compromise (BEC)

BEC emails spoof trusted domains and imitate brands and corporate identities. In many cases, the emails appear from a legitimate trusted sender or from the company CEO typically asking for wire transfer of money.

According to the FBI – BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

This is a very real and a growing issue. The FBI has put up a public service announcement saying that BEC is a 3.1 billion dollar problem. Even the IRS has recently put up a notice on its website to educate people regarding this form of threat.

Today’s advanced threats require a new set of email security features in addition to the traditional capabilities. A multi-layered email security solution ensures protection to protect business communications. Businesses need a next-generation email security solution that offers comprehensive threat prevention capabilities.

Read our solution brief: What Your Next-Gen Email Security Needs to Stop Advanced Threats – to learn what your email security solution needs to block today’s advanced email-borne threats.

Read solution brief

Buffer overflow vulnerability in the WebDAV service of Microsoft IIS CVE-2017-7269 (Mar 31, 2017)

/in /by

Web Distributed Authoring and Versioning (WebDAV) is an extension of the Hypertext Transfer Protocol (HTTP) that allows clients to perform remote Web content authoring operations.
The WebDAV protocol provides a framework for users to create, change and move documents on a server, typically a web server or web share.

Buffer overflow exists in the ScStoragePathFromUrl function in the WebDAV service of Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2.This allows remote attackers
to execute arbitrary code via a long header beginning with “If:

The WebDAV PROPFIND Method retrieves properties for a resource identified by the request Uniform Resource Identifier (URI). The PROPFIND Method can be used on collection and property resources.
When a large “If” header is given with WebDAV PROPFIND, ScStoragePathFromUrl function is unable to parse it leading to a buffer overflow.

The exploit code in the PoC has shellcode which is sprayed in memory.This shellcode can be used to execute malicious command on the vulnerable system.

SonicWALL Threat Research Team has researched this vulnerability and released following signature to protect their customers.

  • IPS 12697 : Microsoft IIS Buffer Overflow (CVE-2017-7269)
  • WAF 1664: Internet Information Services (IIS) WebDAV Buffer Overflow

Chinese ransomware spotted in the wild (Apr 7, 2017)

/in /by

This week, SonicWALL Threats research team has received reports of a ransomware that appears to be targeting Chinese speaking users. The ransomware note has a translation in Mandarin and has recommended Bitcoin trading platforms in China. This ransomware variant comes from a group calling themselves Lambda Anti-Society team – Nuke Script team or LAST-NST.

Infection Cycle:

This Trojan uses the following icon:

Upon execution, it makes a copy of itself in the root directory:

  • %HOMEDRIVE%reloader.exe [Detected as GAV: Lambda.RSM (Trojan)]

It appeands “.lambda.l0cked” to all the encrypted files.

It also creates a log file where it writes all the names of all files that were encrypted:

  • %HOMEDRIVE%If.Lst

It then creates and opens the file READ_IT.html which shows the ransom note and instructions on how to pay. The note is written in English and also has the Mandarin translation on the same page as shown in the screenshots below:

It also drops the following files:

  • %HOMEDRIVE%#Cyb3rGh0st_S0c13tyF@ck3r – a config file
  • %HOMEDRIVE%!A_NOTICE_FROM_LAST

This ransomware does not encrypt any system executables therefore leaving the victim’s machine still adequately functional. During our analysis, it encrypted the files with the following file extensions:

asp, aspx, bak, bmp, c, class, conf, config, cpp, cs, dat, dbf, dmp, doc, doy, frm, gif, hta, htm, html, img, jar, jpg, mdb, mid, pdf, php, png, pot, ppt, rtf, sql, swf, tif, txt, txt, vbs, wav, wma, xls, xlt, zip

Checking the bitcoin address provided on the ransom note, it appears that this cybercriminal group has received a few Bitcoin transfers of what appears to be payment from victims based on the transactions shown below:

Because of the prevalence of these types of malware attacks, we urge our users to back up their files regularly.

SonicWALL Gateway AntiVirus provides protection against this threat with the following signature:

  • GAV: Lambda.RSM (Trojan)

Important CSS Directive Causes MS Outlook To Crash (Apr 7, 2017)

/in /by

Microsoft Outlook is an email client used to send and receive email messages. Recently, SonicWALL received reports of a bug in MS Outlook, wherein a specially crafted email causes it to crash shortly after reading.

The POC shows the email to contain both text and html portions, as shown below:

Retrieving this email via MS Outlook causes a crash as shown:

Debugging Outlook, we see that the crash occurs at wwlib.dll (not necessarily Outlook).

This dll is also used by other Office applications such as Word and Powerpoint. This is used for reading and displaying HTML content.

The problem arises with the “!important” directive in the CSS. Upon testing, removing this directive from the email message sent does not cause a crash.

SonicWALL Threat Research Team has researched this vulnerability and released following signature to protect their customers.

  • IPS 12702 : Microsoft Outlook Denial of Service

Why Defeating Encrypted Threats Should Be Your Top Priority

/0 Comments/in /by

Times are extremely restless for security teams as they face highly motivated adversaries, and the onslaught of very active and progressive cyber-attacks.  Today’s hacking techniques are stealthy, unpredictable in nature and waged by skillful attackers capable of developing innovative ways of circumventing security defenses. One new and more popular way that is becoming a status quo among malware writers today is the malicious use of encryption. Using encryption methods such as Transport Layer Security (TLS) or Secure Sockets Layer (SSL), attackers now cipher malicious payloads and command and control communication to evade detection. I offer some helpful tips to overcome these threats.

Based on a small sample of threat data recently collected by NSS Labs’ BaitNETTM test environment1, it shows the malicious use of encryption soared nearly 13,000% in 2016 compared to 2014.  Moreover, information gathered by Virus Total and SSL BlackList reveals the number of malware families using encryption increased almost 5,700%, and command and control communications involving these malware families leaped 20,000% in Q4 of 20152.  Although the sample size may be small considering it came from a single test harness, it does accurately reflects the tens of millions of systems of tens of thousands of organizations making TLS/SSL connections that are subjected to the unseen harm caused by encrypted threats.

Organizations that choose not to (or whose firewall is limited in its ability to) inspect encrypted traffic are missing a lot of the value of their security systems.  When there is no visibility, they are unable to view what is inside that traffic, spot malware downloads, identify ransomware and see the unauthorized transmission of privileged information to external systems.  With the rise of encrypted attacks threatening mobile devices, endpoint systems and data center applications, it is imperative that organizations quickly establish a security model that can decrypt and inspect encrypted traffic and neutralize the danger of hidden threats.  Otherwise, they cannot stop what they cannot see.

To make matters more problematic, the majority of current firewalls are inadequate in their ability to handle encrypted threats because decrypting and inspecting encrypted traffic can create performance problems.  The two key areas of TLS/SSL that affect inspection performance are establishing a trusted connection and decryption/re-encryption for secure data exchange.  Both are very complex and compute intensive because each TLS/SSL session handshake consumes 15 times more compute resources3 from the firewall side than from the client side.  Most firewall designs today do not provide the right combination of inspection technology, hardware processing power and scalability to handle the exponential increase in computing capacity required.  Therefore, they often collapse under the heavy load and eventually disrupt business operations.  According to NSS Labs, the performance penalty on a firewall when TLS/SSL inspection is enabled can be as high as 74% with 1024b ciphers and 81% with 2048b ciphers4.   In other words, your firewall performance degrades to an unusable level.

These important points should spark serious security conversations for security teams, and give them the opportunity to educate their leadership team and/or board about encrypted threats, as well as why inspecting TLS/SSL traffic must be one of the top priority to the breach prevention strategy.  To defeat encrypted threats effectively, the security system must be able to perform in a way that does not infringe on privacy and legal matters, while not becoming a choke point on their network that will cause any network and service disruption.  The right solution begins with the right inspection architecture as the foundation, because not all firewall inspections perform equally in the real world.  Security teams would want to avoid any post-deployment surprises by doing their full due diligence when shortlisting firewall vendors.  Slowly and thoroughly, you would want to conduct a proof-of-concept (POC) and validate the right firewall that demonstrates the desire security efficacy and performance without any hidden limitations.

For more detail information, read our Executive Brief titled, “Solution Brief: Best practices for stopping encrypted threats.”

Read Solution Brief

1 https://www.gartner.com/imagesrv/media-products/pdf/radware/Radware-1-2Y7FR0I.pdf
2 https://www.nsslabs.com/linkservid/13C7BD87-5056-9046-93FB736663C0B07A/

SonicOS 6.2.7 Delivers More Breach Prevention and Easier Management to Next-Gen Firewalls

/in /by

There is no end to the danger of cyber-criminal activities, as long as there is an underground marketplace that makes it almost impossible for authorities to intervene and enforce law and order.  We continue to see our adversaries relentlessly going after money by developing and experimenting with different methods and tools against new and existing vulnerabilities, in preparation for the next phase of their business model. To deal with this cybercriminal activity and have greater network security, I am excited to announce SonicOS 6.2.7, which provides enhanced breach prevention, a new threat API, improved scalability and connectivity while simplifying management to ensure small businesses and large distributed enterprises receive a high quality-of-service level, increased on-demand capacity and connectivity and better security.

Here are some of the historical cyber attacks that require deeper network security:

  1. CVE logged nearly 4,000 new vulnerabilities with more than two-thirds of them associated with network attacks.
  2. Ransomware was spotted as far back as 2005, but rarely seen until its recent return to the world stage as the most popular payload for spam, phishing and exploit campaigns, collecting an estimated of $200 million in ransom payout globally so far. The fear of infections and subsequent business disruptions has forced institutions to begin augmenting their existing defense model to address this threat.
  3. According to NSS Labs, the malicious use of encryption is rapidly growing and allowing criminals to use it as an effective evasion technique. When encrypted connections are improperly managed and go uninspected, they become defenseless tunnels for concealing malware downloads and command and control (C&C) communication, spreading infections and most serious of all, extracting massive amounts of data.
  4. In November, the Mirai botnet management framework launched the largest mass-scale distributed denial of service (DDoS) attacks on record, using hundreds of thousands of Linux-based IoT devices that took down a major DNS service provider. IoT-based attack is anticipated to be one of the fastest growing and most prevalent attack vectors in 2017.
  5. A new breed of exploit kits surfaced leveraging cryptographic algorithms to encrypt and obfuscate landing pages and malicious payloads to spread ransomware at scale more effectively.

Moreover, organizations are quickly embracing new technologies such as cloud and virtualization to advance their digital business ambition.  As they embrace these new technology platforms, they find themselves needing to augment their network architecture to meet new data, capacity and connectivity demands.

The biggest question now is what we can do differently in our cyberdefense model to scale performance, secure us from advanced threats and help enable organizations to grow and move securely forward. SonicWall introduces the latest update to its next-generation firewall SonicOS operating system, version 6.2.7.0.  Many of new features in the release are focused on three primary outcomes of the firewall system.

  1. Enhancing breach prevention capabilities
  • Deep packet inspection of SSH (DPI-SSH) to detect and prevent advanced encrypted attacks that leverage SSH, block encrypted malware downloads, cease the spread of infections, and thwart command and control (C&C) communications and data exfiltration
  • Threat API platform designed to receive any and all proprietary, OEM and third-party threat intelligence feeds to combat a wide variety of advanced threats such as zero-day, malicious insiders, compromised credentials, ransomware and APTs
  • Biometric authentication technology on the user mobile device such as fingerprints that cannot be easily duplicated or shared to securely authenticate the user identity for network access.
  • Additional security extensions include granular SSL controls and DPI-SSL of IPv6 encrypted traffic, DNS Proxy to securely control both incoming and outgoing DNS traffic to eliminate any potential DNS cache poisoning, DNS spoofing, and buffer overflow attacks transmitted through DNS commands and more
  1. Improving ease of use and management
  • Auto-provisioning VPN simplify and reduce complex distributed firewall deployments down to a trivial effort by automating the initial site-to-site VPN gateway provisioning while security and connectivity occurs instantly and automatically.  As an added advantage, policy changes are centrally managed and automatically updated on every VPN peer across the WAN environment.
  1. Increasing scalability and connectivity
  • Dell X-Series Switch extensibility enhanced network security flexibility and scalability that adapts to service-level increases and ensures network services and resources are continuously available and protected when capacity grows without having to upgrade the firewall system.

Download the SonicOS 6.2.7 today.

DOWNLOAD DATA SHEET

CAPTURE MORE. FEAR LESS: SonicWall Capture ATP for Ransomware Prevention

/0 Comments/in /by

If you pictured a specific technology exemplified as an animal what would it be?  Cars have been visualized as horses and bulls and the names like Mustang, Pinto, and Taurus all ring a bell with us. We see this in cyber security as well.  We have worms, bugs, and Trojan [horses] (I know that’s a stretch).  If you picture ransomware viruses as malicious bugs then you would see Capture Advanced Threat Protection (ATP) as a spider.

Spiders are the perfect foe of bugs. They sit in wait within perfectly designed traps and focus their energy on processing their prey.  SonicWall Capture ATP, multi-engine cloud-based sandbox, does just that; as a network sandbox it awaits suspicious code in order to process it to see what it wants to do from the application, to the OS, to the software residing on the hardware. If you read up on Cerber ransomware, you will see one of the most advanced persistent threats known today.  You will see how it evades traditional security and employs evasion tactics to get around network sandboxes. Thanks to Capture ATP’s parallel processing multi-engine sandbox, catching Cerber is easily done.

Capture ATP is not only successful versus Cerber and other nasty forms of ransomware, but it also finds many other forms of malware too.  Last year, SonicWall detected over 60 million new and updated malware; that’s roughly two per second.  With that volume of malware being processed on a daily basis, it’s important to have a network sandbox in place to catch yet-to-be-discovered malware before it can make itself known by locking your desktops and encrypting your files.

Watch the video below to see how Solutions Granted, Inc., a Platinum Partner, CEO, Michael Crean, sees the benefits of using Capture ATP.

Bringing a Focused Cybersecurity Education to the Front Lines with SonicWall University

/0 Comments/in /by

When the SonicWall community separated from Dell and announced our SecureFirst Partner Program 150 Days ago, we confirmed our commitment to 100 percent fulfillment through channel partners. Since then, more than 10,000 partners across 90 countries have registered as SonicWall resellers, including 2,000 new partners.

I cite these statistics not only as a testament to the global reach of SonicWall’s solutions but as a reminder of the heightened security landscape that causes businesses to seek out our partners and solutions in the first place. The cyber arms race intensifies every year as cybersecurity teams and criminals alike enhance their techniques for outwitting their respective opponents.

Because our goal is to outwit highly knowledgeable criminals, one of our greatest assets in this ongoing battle is cybersecurity education. Many small and mid-sized businesses (SMBs) rely on our partners as IT consultants to help them put the technology in place to detect and protect against breaches. This requires our partners to maintain real-time awareness of the constantly shifting threat landscape, a tall order that our partners have filled laudably. Still, many have expressed a desire for more real-time focused education that would help them provide the best possible advice based on a complete understanding of today’s current threats and technologies.

To meet this need, we are thrilled to announce an extension of SecureFirst called SonicWall University, which will help us more quickly and effectively communicate insights we have gleaned from our Global Response Intelligence Defense (GRID) Threat Network to the partner community. Partners can access the SonicWall University curriculum through a web-based platform and will receive specialized training and accreditation tailored to their role as a salesperson, systems engineer or support team member. In addition to our own curriculum, we’ll be sharing content from trusted industry sources as well as our partners themselves to ensure the full breadth of current knowledge is being distributed rapidly and effectively.

Partners have not only requested cybersecurity education for themselves, but for their customers and prospects, who may not always have up-to-date information on how to protect their infrastructure. Today we unveiled a major marketing campaign to educate SMBs on the three most prominent threats identified in the SonicWall 2017 Annual Threat Report – ransomware, encrypted communications (SSL/TLS), and advanced phishing and other email-borne attacks. Partners can apply for marketing development funds and earn special discounts and rebates for using these programs, which they can access through our new SecureFirst Partner Portal. We have had great momentum for our partners.

“As a long standing partner and direct marketer of SonicWall, we are seeing great business acceleration since SonicWall’s independence and the new programs such as the SonicWall University. We are delighted with the restoration of the SonicWall brand and the new marketing campaign ‘air cover’,” said Hillel Sackstein, President of Virtual Graffiti, Inc, a Platinum Partner and DMR.

“As a SonicWall partner, our team has already benefitted from the advantages of the SecureFirst Partner Program. The technical innovation in the SonicWall offerings are built from the ground up to secure the customer and benefit partners. The new SonicWall University with on-demand courses, certifications and accreditations will be an excellent way to deliver increased expertise to our customers.” said Eamon Moore, Managing Director of EMIT, a SecureFirst Silver partner based in Ireland.

“As a partner in Asia Pacific, we are delighted with the enhanced access and investment of the new on-demand technical resources and courses SonicWall University delivers to our teams. Since SonicWall has been independent, we have continued to push boundaries and together we have built more opportunity. SonicWall’s excellent track record of committing to innovation and delivering on their promise to better protect our customers is something we can always count on,” said Cary Wu, General Manager, SecuUnion in Asia Pacific.

“The introduction of SonicWall University is a great initiative from a company that remains committed to supporting its partners’ success. It’s critical that businesses facing today’s level of cybersecurity threats are prepared with both the latest technology and, equally as important, the cyber skills to manage that technology. With SonicWall University we’ll be able to provide our customers with even more support in a time when businesses are lacking the required in-house security skills needed. Everyone on our team is excited to get started on the SonicWall University training and accreditation to further enhance our customer offering,” said Jason Hill, Sales Director, Security, Exertis.

I could not be more delighted to introduce these initiatives and to be a part of the SonicWall community making them a reality. To our exceptional partner base, we’re excited and honored to be part of your business strategy, and it’s our great privilege to take an even more central role in educating you on today’s current threats and solutions. As you participate in SonicWall University courses and work to educate your SMB customers over the coming weeks and months, I look forward to your feedback and ideas for improving these programs. It’s our central goal to ensure you and your customers have the knowledge, training and technology you need to have more business and less fear.