3Com's Security Team and Zero Day Initiative Discover Critical Microsoft Vulnerabilities; 3Com Provides Customers with Same Day Protection Against Critical Microsoft Bulletins Disclosed Today.MARLBOROUGH, Mass. -- 3Com and its TippingPoint division today announced that its security research team discovered three critical Microsoft vulnerabilities that were fixed today. Additionally, 3Com's Zero Day Initiative (ZDI ZDI Zero Day Initiative (3Com/Tippingpoint) ) discovered two additional critical Microsoft vulnerabilities in Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. that were also fixed. Upon validating the vulnerabilities, 3Com reported the issues to Microsoft, which in turn applied the necessary resources to address the vulnerabilities and issue patches today. 3Com customers using the TippingPoint(TM) Intrusion Prevention See IPS and IDS. Systems (IPS (1) (Inches Per Second) The measurement of the speed of tape passing by a read/write head or paper passing through a pen plotter. (2) (IPS) (Intrusion Prevention S ) were preemptively protected against potential zero day attacks targeting the vulnerabilities through its Digital Vaccine(R) update service. The vulnerabilities (CVE-2006-3357, CVE-2006-3086, CVE-2006-3638), discovered by members of the TippingPoint Security Research Team (TSRT TSRT Texas Society of Radiological Technologists ), allow remote attackers to execute arbitrary code In computer security, arbitrary code is executable code introduced externally that runs despite the intent of the original programmer. The code is injected into a currently-running application or its memory space, thus making the application execute the code. on vulnerable installations of the Microsoft Windows See Windows. (operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. upon visiting a malicious website. The critical Internet Explorer vulnerabilities (CVE-2006-3450, CVE-2006-3451), discovered through the ZDI Program, also allows remote attackers to execute arbitrary code if a malicious website is visited by a victim. The TSRT consists of industry recognized security researchers that apply their cutting-edge engineering, reverse engineering and analysis talents in our daily operations. The by-product by·prod·uct or by-prod·uct n. 1. Something produced in the making of something else. 2. A secondary result; a side effect. by-product Noun 1. of these efforts fuels the creation of vulnerability filters that are automatically delivered to TippingPoint customers through the Digital Vaccine service. For more information about TSRT, please visit: http://www.tippingpoint.com/security. The goal of the ZDI program is to enable the responsible disclosure of vulnerabilities in order to make technology more secure for users and businesses. A zero day vulnerability is one that is unknown or one that has been publicly disclosed without a corresponding patch. Through the program, 3Com rewards security researchers for responsibly informing 3Com of newly discovered zero day vulnerabilities. Once its security experts validate that authenticity The correct attribution of origin such as the authorship of an e-mail message or the correct description of information such as a data field that is properly named. Authenticity is one of the six fundamental components of information security (see Parkerian Hexad). of the vulnerability, 3Com notifies the affected vendor so a patch can be developed. The researcher agrees to keep the information confidential until the patch is issued so affected organizations are not at risk. In addition to protecting all users from zero day threats by ensuring information is kept confidential until a patch is issued, TippingPoint customers are also protected against zero day attacks through security filters delivered through the Digital Vaccine service. In addition to protecting customers from the five aforementioned a·fore·men·tioned adj. Mentioned previously. n. The one or ones mentioned previously. aforementioned Adjective mentioned before Adj. 1. vulnerabilities, TippingPoint Intrusion Prevention Systems were inoculated against issues in the following Microsoft bulletins through the Digital Vaccine service: (1) MS06-040 Vulnerability in Server Service Could Allow Remote Code Execution (Rating: Critical) (2) MS06-041 Vulnerability in DNS Resolution Could Allow Remote Code Execution (Rating: Critical) (3) MS06-042 Cumulative Security Update for Internet Explorer (Rating: Critical) (4) MS06-043 Vulnerability in Microsoft Windows Could Allow Remote Code Execution (Rating: Critical) (5) MS06-044 Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (Rating: Critical) (6) MS06-045 Vulnerability in Windows Explorer Could Allow Remote Code Execution (Rating: Critical) (7) MS06-046 Vulnerability in HTML Help Could Allow Remote Code Execution (Rating: Critical) (8) MS06-047 Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (Rating: Critical) (9) MS06-048 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (Rating: Critical) (10) MS06-050 Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (Rating: Important) For more information on the Microsoft vulnerabilities, please visit: http://www.microsoft.com/technet/security/bulletin/ms06-aug.mspx. For a full list of TippingPoint Security Research Team advisories, please visit http://www.tippingpoint.com/security. For a full list of ZDI advisories and specific information on the Microsoft vulnerabilities, please visit: http://www.zerodayinitiative.com/advisories.html. About TippingPoint, a division of 3Com TippingPoint, a division of 3Com, is the leading provider of network-based intrusion prevention systems. The TippingPoint IPS is the most decorated dec·o·rate tr.v. dec·o·rat·ed, dec·o·rat·ing, dec·o·rates 1. To furnish, provide, or adorn with something ornamental; embellish. 2. in its industry. For a full list of awards, visit http://www.tippingpoint.com/products_certifications.html. Our innovative approach offers customers unmatched network-based security with ultra-high performance, scalability and reliability. TippingPoint is based in Austin, Texas, and can be contacted through its Web site at www.tippingpoint.com or by telephone at 1-888-TRUE-IPS. About 3Com Corporation 3Com Corporation (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : COMS COMS 3Com Corporation (stock symbol) COMS Certified Orientation and Mobility Specialist COMS Continuous Opacity Monitoring Systems COMS City of Manchester Stadium (UK) ) is a leading provider of secure, converged voice and data networking solutions for enterprises of all sizes. 3Com offers a broad line of innovative products backed by world class sales, service and support, which excel at Verb 1. excel at - be good at; "She shines at math" shine at excel, surpass, stand out - distinguish oneself; "She excelled in math" delivering business value for its customers. Through its TippingPoint division, 3Com is the leading provider of network-based intrusion prevention systems that deliver in-depth application protection, infrastructure protection, and performance protection. 3Com also is the majority owner of Huawei-3Com Co., Ltd. (H-3C), a China-based joint venture formed by 3Com and Huawei in November 2003. H-3C brings innovative and cost-effective product development and manufacturing and a strong footprint in one of the world's most dynamic markets. For further information, please visit www.3com.com, or the press site www.3com.com/pressbox. Copyright (C) 2006 3Com Corporation. 3Com, the 3Com logo and Digital Vaccine are registered trademarks and TippingPoint is a trademark of 3Com Corporation or its subsidiaries. All other company and product names may be trademarks of their respective holders. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion