TippingPoint's Zero Day Initiative Uncovers Three Microsoft Vulnerabilities and Protects Customers from Zero Day Attacks.TippingPoint Protects Customers Against Vulnerabilities in Microsoft Bulletins Disclosed Today AUSTIN, Texas -- TippingPoint, a division of 3Com and the leader in intrusion prevention See IPS and IDS. , today announced that three of the Microsoft vulnerabilities published and patched in today's Microsoft bulletins were discovered through TippingPoint's Zero Day Initiative (ZDI ZDI Zero Day Initiative (3Com/Tippingpoint) ). TippingPoint(TM) Intrusion Prevention System (IPS (1) (Inches Per Second) The measurement of the speed of tape passing by a read/write head or paper passing through a pen plotter. (2) (IPS) (Intrusion Prevention S ) customers were preemptively protected against these vulnerabilities and other bulletins announced by Microsoft today through the TippingPoint Digital Vaccine([R]) update service. The three vulnerabilities discovered by TippingPoint's ZDI were in Microsoft Excel (tool) Microsoft Excel - A spreadsheet program from Microsoft, part of their Microsoft Office suite of productivity tools for Microsoft Windows and Macintosh. Excel is probably the most widely used spreadsheet in the world. Latest version: Excel 97, as of 1997-01-14. (MS06-059: CVE-2006-2387), Microsoft Office Microsoft's primary desktop applications for Windows and Mac. Depending on the package, it includes some combination of Word, Excel, PowerPoint, Access and Outlook along with various Internet and other utilities. (MS06-062: CVE-2006-3650), and Microsoft PowerPoint (MS06-058: CVE-2006-3435). All of the vulnerabilities could allow an attacker to take complete control over a victim's computer if that user logged in with administrative rights. Upon validating the vulnerabilities, TippingPoint reported the discoveries to Microsoft, which in turn quickly applied the necessary resources to address the vulnerabilities and issued the patches today. In addition to protecting TippingPoint's customers from these three vulnerabilities, customers were also preemptively protected from another zero day vulnerability in today's bulletin, known as the Windows Shell An add-on user interface for Windows. Numerous shells were created for Windows 3.x to streamline or replace Program Manager by providing such features as foldering, customized toolbars and quick access to the DOS command line. For example, Norton Desktop for Windows was popular. vulnerability (MS06-057). This vulnerability had already had been exploited in the wild to install malicious Involving malice; characterized by wicked or mischievous motives or intentions. An act done maliciously is one that is wrongful and performed willfully or intentionally, and without legal justification. DESERTION, MALICIOUS. programs on users' systems. TippingPoint's customers have been protected from zero day exploitation of this vulnerability since July 26. Since Microsoft had not issued a patch until today, the TippingPoint IPS was one of the few methods of protection against this zero day attack. The goal of the Zero Day Initiative is to enable the responsible disclosure of vulnerabilities in order to make technology more secure for users and businesses. A zero day vulnerability is one that is unknown or one that has been publicly disclosed without a corresponding patch. Through the program, TippingPoint rewards security researchers for responsibly informing TippingPoint of newly discovered zero day vulnerabilities. TippingPoint notifies the affected vendor so a patch can be developed, and the researcher agrees to keep the information confidential until the patch is issued so affected organizations are not at risk. In addition to protecting all users from zero day threats by ensuring information is kept confidential until a patch is issued, TippingPoint's customers are protected against zero day attacks through security filters delivered through the Digital Vaccine service. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. David Endler, director of security research at TippingPoint, "The 10 Microsoft bulletins announced today include 26 individual vulnerabilities. This marks the highest volume of vulnerabilities ever addressed at one time by Microsoft. Intrusion prevention systems are ideal solutions to provide vulnerability-based, preemptive pre·emp·tive or pre-emp·tive adj. 1. Of, relating to, or characteristic of preemption. 2. Having or granted by the right of preemption. 3. a. protection from zero day attacks targeting these issues." TippingPoint's customers were protected from other bulletins released by Microsoft today. For more information on the Microsoft vulnerabilities, please visit: http://www.microsoft.com/technet/security/bulletin/ms06-oct.mspx. For a full list of ZDI advisories and specific information on the Microsoft vulnerabilities in today's bulletin, please visit: http://www.zerodayinitiative.com/advisories.html. About TippingPoint, a division of 3Com TippingPoint, a division of 3Com, is the leading provider of network-based intrusion prevention systems. The TippingPoint IPS is the most decorated dec·o·rate tr.v. dec·o·rat·ed, dec·o·rat·ing, dec·o·rates 1. To furnish, provide, or adorn with something ornamental; embellish. 2. in its industry. For a full list of awards, visit http://www.tippingpoint.com/products_certifications.html. Our innovative approach offers customers unmatched network-based security with ultra-high performance, scalability and reliability. TippingPoint is based in Austin, Texas, and can be contacted through its Web site at www.tippingpoint.com or by telephone at 1-888-TRUE-IPS. About 3Com Corporation 3Com Corporation (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : COMS COMS 3Com Corporation (stock symbol) COMS Certified Orientation and Mobility Specialist COMS Continuous Opacity Monitoring Systems COMS City of Manchester Stadium (UK) ) is a leading provider of secure, converged voice and data networking solutions for enterprises of all sizes. 3Com offers a broad line of innovative products backed by world class sales, service and support, which excel at Verb 1. excel at - be good at; "She shines at math" shine at excel, surpass, stand out - distinguish oneself; "She excelled in math" delivering business value for its customers. Through its TippingPoint division, 3Com is the leading provider of network-based intrusion prevention systems that deliver in-depth application protection, infrastructure protection, and performance protection. 3Com also is the majority owner of Huawei-3Com Co., Ltd. (H-3C), a China-based joint venture formed by 3Com and Huawei in November 2003. H-3C brings innovative and cost-effective product development and manufacturing and a strong footprint in one of the world's most dynamic markets. For further information, please visit www.3com.com, or the press site www.3com.com/pressbox. Copyright [c] 2006 3Com Corporation. 3Com, the 3Com logo and Digital Vaccine are registered trademarks and TippingPoint is a trademark of 3Com Corporation or its subsidiaries. All other company and product names may be trademarks of their respective holders. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion