TippingPoint Responsible for Discovery of Two Microsoft Vulnerabilities, and Offers Protection for Microsoft Bulletins Released Today

JavaScriptSearch
Wednesday, December 13, 2006; 04:00 AM

TippingPoint, a division of 3Com and leader in intrusion prevention, today announced the discovery and patch of two new vulnerabilities in Microsoft Internet Explorer disclosed through TippingPoint’s Zero Day Initiative (ZDI). Patches for the security flaws were released in today’s Microsoft Bulletin. TippingPoint reported the issues to Microsoft on June 15 and August 31 after validating the vulnerabilities. TippingPointTM Intrusion Prevention System customers have been preemptively protected against potential zero day attacks targeting these vulnerabilities.

The first vulnerability involves a flaw in how Internet Explorer handles malicious JavaScript (CVE-2006-5581), and the second vulnerability relates to an ActiveX control (CVE-2006-4704). Both vulnerabilities could allow an attacker to take control over a victim’s computer if the targeted user viewed a malicious Web page. TippingPoint also provided protection for all critical Microsoft Bulletins released today.

“More zero day exploits targeting Microsoft products have been emerging in the last few months,” said David Endler, director of security research for TippingPoint. “Through the Zero Day Initiative, we’re unearthing these issues ahead of time and working responsibly with Microsoft and other affected vendors to protect our mutual customers.”

The goal of the Zero Day Initiative is to enable the responsible disclosure of vulnerabilities in order to make technology more secure for users and businesses. A zero day vulnerability is one that is unknown or one that has been publicly disclosed without a corresponding patch. Through the program, 3Com rewards security researchers for responsibly informing 3Com of newly discovered zero day vulnerabilities.

In addition to protecting customers from the Internet Explorer vulnerabilities, TippingPoint Intrusion Prevention Systems were inoculated against all remotely exploitable issues in today’s Microsoft bulletins through the Digital Vaccine® service. The TippingPoint IPS provides protection for the following security bulletins announced by Microsoft today:

(1) MS06-072

Cumulative Security Update for Internet Explorer

(Rating: Critical)

(2) MS06-073

Vulnerability in Visual Studio Could Allow Remote Code Execution

(Rating: Critical)

(3) MS06-074

Vulnerability in SNMP Could Allow Remote Code Execution

(Rating: Important)

(4) MS06-076

Cumulative Security Update for Outlook Express

(Rating: Important)

(5) MS06-077

Vulnerability in Remote Installation Service Could Allow Remote Code Execution

(Rating: Important)

(6) MS06-078

Vulnerability in Windows Media Player Could Allow Remote Code Execution

(Rating: Critical)

For more information on the Microsoft vulnerabilities, please visit: http://www.microsoft.com/technet/security/bulletin/ms06-dec.mspx. For a full list of ZDI advisories, please visit: http://www.zerodayinitiative.com/advisories.html.

About TippingPoint, a division of 3Com

TippingPoint, a division of 3Com, is the leading provider of network-based intrusion prevention systems. The TippingPoint IPS is the most decorated in its industry. For a full list of awards, visit http://www.tippingpoint.com/products_certifications.html. Our innovative approach offers customers unmatched network-based security with ultra-high performance, scalability and reliability. TippingPoint is based in Austin, Texas, and can be contacted through its Web site at www.tippingpoint.com or by telephone at 1-888-TRUE-IPS.

About 3Com Corporation

3Com Corporation is a leading provider of secure, converged voice and data networking solutions for enterprises of all sizes. 3Com offers a broad line of innovative products backed by world class sales, service and support, which excel at delivering business value for its customers. Through its TippingPoint division, 3Com is the leading provider of network-based intrusion prevention systems that deliver in-depth application protection, infrastructure protection, and performance protection. 3Com also is the majority owner of Huawei-3Com Co., Ltd. (H3C), a China-based joint venture formed by 3Com and Huawei in November 2003. H3C brings innovative and cost-effective product development and manufacturing and a strong footprint in one of the world’s most dynamic markets. For further information, please visit www.3com.com, or the press site www.3com.com/pressbox.

Copyright © 2005 3Com Corporation. 3Com, the 3Com logo and Digital Vaccine are registered trademarks and TippingPoint is a trademark of 3Com Corporation or its subsidiaries. All other company and product names may be trademarks of their respective holders.