Websense, Inc (NASDAQ: WBSN) and Networks Unlimited today announced that the Websense Security Labs research team was the first to discover an un-patched, high-risk vulnerability within the widely-used Microsoft Office Excel program in November 2007 - an exploit which today was patched by Microsoft.
This vulnerability allows code execution within an Excel document without the knowledge of the user.
Using intelligence gathered from its ThreatSeeker threat detection technology and "in the cloud" Websense Hosted Security services, Websense continually monitors for attacks and automatically protects Websense Web security customers.
Upon finding the vulnerability in November, Websense researchers immediately disclosed the details to Microsoft, which released a patch today. Microsoft has publicly acknowledged the Websense discovery within the release notes.
"This discovery demonstrates the value of our long-term investments in Web security research and unparalleled visibility into the threat environment in protecting our customers," said Dan Hubbard, vice-president, security research, Websense.
"Because Microsoft Office applications are so widely deployed, successful attacks using Microsoft Office exploits can severely impact the productivity and data security of business organisations. Protecting against these types of attacks during the window of vulnerability between discovery and patch is a critical business need and customers must be aware that traditional, signature-based security solutions are ineffective. Only through a combination of early threat discovery, real-time blocking of high-risk destination URLs, and data loss prevention techniques are customers truly protected. Websense alone delivers this level of security."
Through its world-class team of researchers around the world, the Websense Security Labs gather threat intelligence with Websense ThreatSeeker threat detection technology which scans more than 600 million Web sites per week searching for malicious code, along with Websense's Hosted Security services, which scans more than 500 million e-mails per week for e-mail security threats.
Websense pre-emptive threat research is at the foundation of the company's Web, messaging and data security solutions, which deliver Essential Information Protection from data leaks and Web and e-mail-based threats. Since the introduction of its first URL filtering solution in 1996, Websense has continuously pioneered the discovery and classification of the Web and Web-based threats. This cumulative knowledge of the Web, combined with unparalleled visibility into attacks in progress provided by the company's hosted security solutions, allows Websense Web and messaging security solutions to anticipate and adapt to threats as they emerge.
As a result, customers' confidential information such as their financial data, employee information and intellectual property is effortlessly and automatically safeguarded no matter where it resides - whether in Web, e-mail or even an Excel spreadsheet.
More details on the vulnerability can be found in the Websense Security Labs Alert issued today.
Share