contents

software
 
New Microsoft Vulnerability is Discovered by 3Com

3Com and its TippingPoint division has announced that a new vulnerability in Microsoft Excel was discovered and disclosed through the Zero Day Initiative (ZDI). Through ZDI, 3Com notified Microsoft of the vulnerability, who worked quickly to issue a corresponding patch in this month's Microsoft bulletin, eliminating the threat of a zero day attack. In addition, TippingPoint Intrusion Prevention Systems (IPS) provided preemptive protection for the critical bulletin announced by Microsoft.

The vulnerability in Microsoft Excel is a critical vulnerability in the widespread Microsoft Office suite that allows attackers to take complete control of targeted systems. Upon validating the vulnerability, 3Com reported the threat to Microsoft on January 24, 2006, which in turn applied the necessary resources to address the vulnerability and issued the patch today. 3Com customers using the TippingPoint Intrusion Prevention Systems (IPS) have been preemptively protected against potential zero day attacks targeting the vulnerability.

The goal of the Zero Day Initiative is to enable the responsible disclosure of vulnerabilities in order to make technology more secure for users and businesses. A zero day vulnerability is one that is unknown or one that has been publicly disclosed without a corresponding patch. Through the program, 3Com rewards security researchers for responsibly informing 3Com of newly discovered zero day vulnerabilities. 3Com notifies the affected vendor so a patch can be developed, and the researcher agrees to keep the information confidential until the patch is issued so affected organizations are not at risk. In addition to protecting all users from zero day threats by ensuring information is kept confidential until a patch is issued, TippingPoint customers are protected against zero day attacks through security filters delivered through the Digital Vaccine service.

In addition to protecting customers from the Microsoft Excel vulnerability, TippingPoint Intrusion Prevention Systems were inoculated against other threats in today's critical Microsoft bulletin through the Digital Vaccine service, a remote update service that provides regular protection against the latest threats. Today's bulletin is:

(1) MS06-012
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
(Rating: Critical).



write your comments about the article :: © 2006 Computing News :: home page