TippingPoint Provides Protection Two Years Prior to Disclosure of Latest Microsoft Zero Day Vulnerability

TippingPoint announces that its TippingPoint Intrusion Prevention Systems provided preemptive, zero day protection two years prior to the discovery and disclosure of a new Microsoft Windows buffer overflow vulnerability that exists in the handling of certain malformed "Animated Cursor" files. According to the Microsoft Security Advisory KB935423, the vulnerability affects Windows 2000, XP, and 2003 as well as Vista.

In December 2004, TippingPoint released security filters through its Digital Vaccine service to update its customers' Intrusion Prevention Systems with protection against file format anomalies for Windows Animated Cursor, Bitmap, and Icon files. Today, one of those filters continues to provide preemptive protection for the new zero day attack, discovered on March 28, 2007, exploiting a new Microsoft Windows Animated Cursor vulnerability. The new vulnerability is being exploited in the wild by a large number of Web sites that are hosting the exploit code. Users are compromised when they click on a link in spam messages that re-directs them to these malicious sites.

Microsoft is expected to release a patch for the vulnerability today. Prior to the release of a patch, there is very little an organization can do to prevent a zero day attack. TippingPoint Intrusion Prevention Systems provide vulnerability-based protection. Because TippingPoint protects the underlying vulnerability, one security filter can protect against several different types of exploits. In addition to offering vulnerability-based protection, TippingPoint also offers protocol anomaly and statistical anomaly-based protection so that it can block or throttle malicious behavior.

write your comments about the article :: 2007 Computing News :: home page