SOURCE: Websense, Inc.

March 11, 2008 14:20 ET

Websense First to Discover and Protect Against New Microsoft Excel Vulnerability

SAN DIEGO, CA--(Marketwire - March 11, 2008) - Websense, Inc. (NASDAQ: WBSN) today announced that the Websense Security Labs™ research team was the first to discover an un-patched, high-risk vulnerability within the widely-used Microsoft® Office Excel® program in November 2007 -- an exploit which today was patched by Microsoft. This vulnerability allows code execution within an Excel document without the knowledge of the user. Using intelligence gathered from its ThreatSeeker™ threat detection technology and "in the cloud" Websense Hosted Security services, Websense continually monitors for attacks and automatically protects Websense Web security customers.

Upon finding the vulnerability in November, Websense researchers immediately disclosed the details to Microsoft, who released a patch today. Microsoft has publicly acknowledged the Websense discovery within the release notes.

"This discovery demonstrates the value of our long-term investments in Web security research and unparalleled visibility into the threat environment in protecting our customers," said Dan Hubbard, vice president security research, Websense. "Because Microsoft Office applications are so widely deployed, successful attacks using Microsoft Office exploits can severely impact the productivity and data security of business organizations. Protecting against these types of attacks during the window of vulnerability between discovery and patch is a critical business need and customers must be aware that traditional, signature-based security solutions are ineffective. Only through a combination of early threat discovery, real-time blocking of high-risk destination URLs, and data loss prevention techniques are customers truly protected. Websense alone delivers this level of security."

Through its world-class team of researchers around the world, the Websense Security Labs gather threat intelligence with Websense ThreatSeeker threat detection technology which scans more than 600 million Web sites per week searching for malicious code, along with Websense's Hosted Security services, which scans more than 500 million emails per week for email security threats.

Websense preemptive threat research is at the foundation of the company's Web, messaging and data security solutions, which deliver Essential Information Protection™ from data leaks and Web and email-based threats. Since the introduction of its first URL filtering solution in 1996, Websense has continuously pioneered the discovery and classification of the Web and Web-based threats. This cumulative knowledge of the Web, combined with unparalleled visibility into attacks in progress provided by the company's hosted security solutions, allows Websense Web and messaging security solutions to anticipate and adapt to threats as they emerge. As a result, customers' confidential information such as their financial data, employee information and intellectual property is effortlessly and automatically safeguarded no matter where it resides -- whether in Web, email or even an Excel spreadsheet.

More details on the vulnerability can be found in the Websense Security Labs Alert issued today.

About Websense, Inc.

Websense, Inc. (NASDAQ: WBSN), a global leader in integrated Web, messaging and data protection technologies, provides Essential Information Protection™ for more than 42 million employees at more than 50,000 organizations worldwide. Distributed through its global network of channel partners, Websense software and hosted security solutions help organizations block malicious code, prevent the loss of confidential information and enforce Internet use and security policies. For more information, visit

Websense and SurfControl are registered trademarks of Websense, Inc. in the United States and certain international markets. Websense has numerous other registered and unregistered trademarks in the United States and internationally. All other trademarks are the property of their respective owners.

Contact Information