TippingPoint Touts ZDI

AUSTIN, Texas -- TippingPoint, a division of 3Com and the leader in intrusion prevention, today announced that three of the Microsoft vulnerabilities published and patched in today’s Microsoft bulletins were discovered through TippingPoint’s Zero Day Initiative (ZDI). TippingPoint Intrusion Prevention System (IPS) customers were preemptively protected against these vulnerabilities and other bulletins announced by Microsoft today through the TippingPoint Digital Vaccine® update service.

The three vulnerabilities discovered by TippingPoint’s ZDI were in Microsoft Excel (MS06-059: CVE-2006-2387), Microsoft Office (MS06-062: CVE-2006-3650), and Microsoft PowerPoint (MS06-058: CVE-2006-3435). All of the vulnerabilities could allow an attacker to take complete control over a victim’s computer if that user logged in with administrative rights. Upon validating the vulnerabilities, TippingPoint reported the discoveries to Microsoft, which in turn quickly applied the necessary resources to address the vulnerabilities and issued the patches today.

In addition to protecting TippingPoint’s customers from these three vulnerabilities, customers were also preemptively protected from another zero day vulnerability in today’s bulletin, known as the Windows Shell vulnerability (MS06-057). This vulnerability had already had been exploited in the wild to install malicious programs on users’ systems. TippingPoint’s customers have been protected from zero day exploitation of this vulnerability since July 26. Since Microsoft had not issued a patch until today, the TippingPoint IPS was one of the few methods of protection against this zero day attack.

TippingPoint Technologies Inc.