WebKnowHow Wednesday, July 12, 2006; 02:28 AM
3Com and its TippingPoint division announced that its security
research team discovered a critical vulnerability in Microsoft Windows
operating system. Additionally, 3Com's Zero Day Initiative (ZDI)
discovered another critical Microsoft vulnerability in its Excel
software. Upon validating the vulnerabilities, 3Com
reported the issues to Microsoft, which in turn applied the necessary
resources to address the vulnerability and promtly issued the patch. 3Com said its
customers using the TippingPoint Intrusion Prevention Systems (IPS)
were preemptively protected against potential zero day attacks
targeting the vulnerability through its Digital Vaccine update
service. The critical vulnerability (CVE-2006-1314),
discovered by the TippingPoint Security Research Team (TSRT), allows
remote attackers to execute arbitrary code on vulnerable installations
of the Microsoft Windows operating system. This vulnerability can lead
to a network worm that could have a widespread impact. The critical
vulnerability (CVE-2006-2388), discovered through the ZDI, allows
remote attackers to execute arbitrary code if a malformed Excel
spreadsheet is opened by a victim. The TSRT consists of
industry recognized security researchers that apply their cutting-edge
engineering, reverse engineering and analysis talents in TippingPoint's
daily operations. The by-product of these efforts fuels the creation of
vulnerability filters that are automatically delivered to TippingPoint
customers through the Digital Vaccine service.
The goal of the ZDI program is to enable the responsible disclosure of
vulnerabilities in order to make technology more secure for users and
businesses. A zero day vulnerability is one that is unknown or one that
has been publicly disclosed without a corresponding patch. Through the
program, 3Com rewards security researchers for responsibly informing
3Com of newly discovered zero day vulnerabilities. Once its security
experts validate that authenticity of the vulnerability, 3Com notifies
the affected vendor so a patch can be developed, and the researcher
agrees to keep the information confidential until the patch is issued
so affected organizations are not at risk. In addition to protecting
all users from zero day threats by ensuring information is kept
confidential until a patch is issued, TippingPoint customers are also
protected against zero day attacks through security filters delivered
through the Digital Vaccine service. In addition to protecting
customers from the two aforementioned vulnerabilities, TippingPoint
Intrusion Prevention Systems were inoculated against issues in all of the critical Microsoft bulletins through the Digital Vaccine
service.
|