TippingPoint Discovers Two Flaws in Microsoft Bulletins Released Today.

AUSTIN, Texas -- TippingPoint, the leader in intrusion prevention See IPS and IDS. , today announced that it is responsible for the discovery of two flaws released in today's Microsoft Bulletins due to its Zero Day Initiative (ZDI ZDI Zero Day Initiative (3Com/Tippingpoint) ) global researcher network. TippingPoint(TM) Intrusion Prevention Systems (IPS (1) (Inches Per Second) The measurement of the speed of tape passing by a read/write head or paper passing through a pen plotter.

(2) (IPS) (Intrusion Prevention S ) also provide complete protection against all vulnerabilities disclosed in today's Microsoft bulletins.

The first vulnerability uncovered by the Zero Day Initiative, MS07-027, affects Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. and could allow an attacker to execute arbitrary code In computer security, arbitrary code is executable code introduced externally that runs despite the intent of the original programmer. The code is injected into a currently-running application or its memory space, thus making the application execute the code. on vulnerable installations. The second issue uncovered by the ZDI this month, MS07-023, affects Microsoft Office Microsoft's primary desktop applications for Windows and Mac. Depending on the package, it includes some combination of Word, Excel, PowerPoint, Access and Outlook along with various Internet and other utilities. Excel, and could also lead to arbitrary code execution if a user opens a malicious .xls file. TippingPoint IPS customers have been preemptively protected against both flaws.

TippingPoint also protected its customers' networks from another zero-day buffer overflow A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. affecting Microsoft DNS Microsoft DNS is the name given to the implementation of domain name system services provided in Microsoft Windows operating systems. Overview
The Domain Name System support in Microsoft Windows NT, and thus its derivatives Windows 2000, Windows XP, and Windows Server servers. This vulnerability, being patched by Microsoft Security Bulletin MS07-029 today, has been exploited in the wild since April 12, 2007. "Compromising a DNS server A dedicated server or a service within a server that provides DNS name resolution in an IP network. It turns names for Web sites and network resources into numeric IP addresses. DNS servers are used in large companies, in all ISPs and within the DNS system in the Internet, a vital service can be exploited for large scale malware deployment on computer systems by redirecting users to attacker-controlled domains," said Rohit Dhamankar, senior research manager of TippingPoint's DVLabs. "With the rise in zero-day and targeted attacks, the importance of virtual patching via intrusion prevention systems cannot be over-emphasized."

TippingPoint Intrusion Prevention Systems were inoculated against the issues in today's Microsoft bulletins through the Digital Vaccine[R] service. The TippingPoint IPS provides protection for the following security bulletins announced by Microsoft today:

(1) MS07-023
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
(Rating: Critical)

(2) MS07-024
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution
(Rating: Critical)

(3) MS07-025
Vulnerability in Microsoft Office Could Allow Remote Code Execution
(Rating: Critical)

(4) MS07-026
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution
(Rating: Critical)

(5) MS07-027
Cumulative Security Update for Internet Explorer
(Rating: Critical)

(6) MS07-028
Vulnerability in CAPICOM Could Allow Remote Code Execution
(Rating: Critical)

(7) MS07-029
Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution
(Rating: Critical)

For more information on the Microsoft vulnerabilities, please visit:

http://www.microsoft.com/technet/security/bulletin/ms07-may.mspx

About TippingPoint, a division of 3Com

TippingPoint, the leader in intrusion prevention systems (IPS), provides the IPS-secured network, which delivers attack control, access control, and application control. Its foundation is the TippingPoint IPS, the most decorated in its industry with unparalleled performance and security, as evidenced by nearly 35 awards. For a full list, visit: http://www.tippingpoint.com/products_certifications.html. The IPS obtains evergreen protection from the Digital Vaccine service, powered by DVLabs, the largest body of security researchers in the world. DVLabs is made up of expert internal researchers and over 400 Zero Day Initiative researchers. For more information on TippingPoint, please visit: www.tippingpoint.com or call 1-888-TRUE-IPS.

About 3Com Corporation

3Com Corporation (NASDAQ NASDAQ
in full National Association of Securities Dealers Automated Quotations

U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : COMS COMS 3Com Corporation (stock symbol)
COMS Certified Orientation and Mobility Specialist
COMS Continuous Opacity Monitoring Systems
COMS City of Manchester Stadium (UK) ) is a leading provider of secure, converged voice and data networking solutions for enterprises of all sizes. 3Com offers a broad line of innovative products backed by world class sales, service and support, which excel at Verb 1. excel at - be good at; "She shines at math"
shine at

excel, surpass, stand out - distinguish oneself; "She excelled in math" delivering business value for its customers. Through its TippingPoint division, 3Com is the leading provider of network-based intrusion prevention systems that deliver in-depth application protection, infrastructure protection, and performance protection. 3Com also owns H3C Technologies Co., Limited (H3C), a China-based provider of network infrastructure products. H3C brings innovative and cost-effective product development and manufacturing and a strong footprint in one of the world's most dynamic markets. For further information, please visit www.3com.com, or the press site www.3com.com/pressbox.

Copyright (c) 2007 3Com Corporation. 3Com, the 3Com logo and Digital Vaccine are registered trademarks and TippingPoint is a trademark of 3Com Corporation or its subsidiaries. All other company and product names may be trademarks of their respective holders.

COPYRIGHT 2007 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Publication:	Business Wire
Date:	May 8, 2007
Words:	620
Previous Article:	Lake Sammamish Bank Files FDIC Application for New Bank Charter.
Next Article:	Fitch Teleconf: 2007 Water and Sewer Sector Outlook, Monday, 5/14 at 2:00PM EDT.
Topics:	Computer network equipment industry Computer software industry Network hardware industry Network security software Security software Software industry

Related Articles
MICROSOFT TEAM TOILS TO SOLVE BROWSER FLAW.(Business)
MICROSOFT POSTS REPAIR KIT TO REMEDY SECURITY FLAWS.(News)
BRIEFCASE RESIDENTIAL SALES STRONG IN MARCH.(Business)
Security flaw in Internet Explorer and Access. (Security).
Microsoft critical flaw.(Security)(Brief Article)
BRIEFLY.(Business)
Third busy patch month for Microsoft.(Security)
Bug hunters turn the tables on software makers.(SOFTWARE INTELLIGENCE)
TippingPoint's Zero Day Initiative Uncovers Three Microsoft Vulnerabilities and Protects Customers from Zero Day Attacks.
Security and products; ISS helps safeguard customers.(SOFTWARE WORLD DIGEST)