3Com's Security Team and Zero Day Initiative Discover Critical Microsoft Vulnerabilities; 3Com Provides Customers with Same Day Protection Against All Critical Microsoft Bulletins Disclosed Today.MARLBOROUGH, Mass. -- 3Com and its TippingPoint division today announced that its security research team discovered a critical vulnerability in Microsoft Windows See Windows. (operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. . Additionally, 3Com's Zero Day Initiative (ZDI ZDI Zero Day Initiative (3Com/Tippingpoint) ) discovered another critical Microsoft vulnerability in its Excel software. Upon validating the vulnerabilities, 3Com reported the issues to Microsoft, which in turn applied the necessary resources to address the vulnerability and issued the patch today. 3Com customers using the TippingPoint(TM) Intrusion Prevention See IPS and IDS. Systems (IPS (1) (Inches Per Second) The measurement of the speed of tape passing by a read/write head or paper passing through a pen plotter. (2) (IPS) (Intrusion Prevention S ) were preemptively protected against potential zero day attacks targeting the vulnerability through its Digital Vaccine(R) update service. The critical vulnerability (CVE-2006-1314), discovered by the TippingPoint Security Research Team (TSRT TSRT Texas Society of Radiological Technologists ), allows remote attackers to execute arbitrary code In computer security, arbitrary code is executable code introduced externally that runs despite the intent of the original programmer. The code is injected into a currently-running application or its memory space, thus making the application execute the code. on vulnerable installations of the Microsoft Windows operating system. This vulnerability can lead to a network worm that could have a widespread impact. The critical vulnerability (CVE-2006-2388), discovered through the ZDI, allows remote attackers to execute arbitrary code if a malformed mal·formed adj. Abnormally or faultily formed. Excel spreadsheet is opened by a victim. The TSRT consists of industry recognized security researchers that apply their cutting-edge engineering, reverse engineering and analysis talents in TippingPoint's daily operations. The by-product by·prod·uct or by-prod·uct n. 1. Something produced in the making of something else. 2. A secondary result; a side effect. by-product Noun 1. of these efforts fuels the creation of vulnerability filters that are automatically delivered to TippingPoint customers through the Digital Vaccine service. For more information about the TippingPoint Security Research Team, please visit: http://www.tippingpoint.com/security The goal of the ZDI program is to enable the responsible disclosure of vulnerabilities in order to make technology more secure for users and businesses. A zero day vulnerability is one that is unknown or one that has been publicly disclosed without a corresponding patch. Through the program, 3Com rewards security researchers for responsibly informing 3Com of newly discovered zero day vulnerabilities. Once its security experts validate that authenticity of the vulnerability, 3Com notifies the affected vendor so a patch can be developed, and the researcher agrees to keep the information confidential until the patch is issued so affected organizations are not at risk. In addition to protecting all users from zero day threats by ensuring information is kept confidential until a patch is issued, TippingPoint customers are also protected against zero day attacks through security filters delivered through the Digital Vaccine service. In addition to protecting customers from the two aforementioned a·fore·men·tioned adj. Mentioned previously. n. The one or ones mentioned previously. aforementioned Adjective mentioned before Adj. 1. vulnerabilities, TippingPoint Intrusion Prevention Systems were inoculated against issues in all of today's critical Microsoft bulletins through the Digital Vaccine service. The TippingPoint IPS provides protection for the following security bulletins announced by Microsoft today: (1) MS06-033 Vulnerability in ASP.NET Could Allow Information Disclosure (Rating: Important) (2) MS06-035 Vulnerability in Server Service Could Allow Remote Code Execution (Rating: Critical) (3) MS06-036 Vulnerability in DHCP Client Service Could Allow Remote Code Execution (Rating: Critical) (4) MS06-037 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (Rating: Critical) (5) MS06-038 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (Rating: Critical) (6) MS06-039 Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (Rating: Critical) For more information on the Microsoft vulnerabilities, please visit: http://www.microsoft.com/technet/security/bulletin/ms06-july.mspx For a full list of TippingPoint Security Research Team current and upcoming advisories, please visit http://www.tippingpoint.com/security For a full list of ZDI advisories, please visit: http://www.zerodayinitiative.com/advisories.html. About TippingPoint, a division of 3Com TippingPoint, a division of 3Com, is the leading provider of network-based intrusion prevention systems. The TippingPoint IPS is the most decorated dec·o·rate tr.v. dec·o·rat·ed, dec·o·rat·ing, dec·o·rates 1. To furnish, provide, or adorn with something ornamental; embellish. 2. in its industry. For a full list of awards, visit http://www.tippingpoint.com/products_certifications.html. Our innovative approach offers customers unmatched network-based security with ultra-high performance, scalability and reliability. TippingPoint is based in Austin, Texas, and can be contacted through its Web site at www.tippingpoint.com or by telephone at 1-888-TRUE-IPS. About 3Com Corporation 3Com Corporation (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : COMS COMS 3Com Corporation (stock symbol) COMS Certified Orientation and Mobility Specialist COMS Continuous Opacity Monitoring Systems COMS City of Manchester Stadium (UK) ) is a leading provider of secure, converged voice and data networking solutions for enterprises of all sizes. 3Com offers a broad line of innovative products backed by world class sales, service and support, which excel at Verb 1. excel at - be good at; "She shines at math" shine at excel, surpass, stand out - distinguish oneself; "She excelled in math" delivering business value for its customers. Through its TippingPoint division, 3Com is the leading provider of network-based intrusion prevention systems that deliver in-depth application protection, infrastructure protection, and performance protection. 3Com also is the majority owner of Huawei-3Com Co., Ltd. (H-3C), a China-based joint venture formed by 3Com and Huawei in November 2003. H-3C brings innovative and cost-effective product development and manufacturing and a strong footprint in one of the world's most dynamic markets. For further information, please visit www.3com.com, or the press site www.3com.com/pressbox. Copyright (C) 2006 3Com Corporation. 3Com, the 3Com logo and Digital Vaccine are registered trademarks and TippingPoint is a trademark of 3Com Corporation or its subsidiaries. All other company and product names may be trademarks of their respective holders. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion