contents | software | |||||||
| Microsoft Vulnerability Disclosed and Patched through ZDI 3Com and its TippingPoint division finally announce that a new vulnerability in Microsoft Outlook Express was discovered and disclosed through the Zero Day Initiative. Through ZDI, 3Com notified Microsoft of the vulnerability, who worked quickly to issue a corresponding patch today in this month's Microsoft bulletins, eliminating the threat of a zero day attack. Through the Digital Vaccine update service, TippingPoint Intrusion Prevention Systems (IPS) provided preemptive protection for the Outlook Express vulnerability and all other bulletins announced by Microsoft. The vulnerability in the widespread Microsoft Outlook Express software occurs when using a Windows Address Book file, and could allow attackers to take complete control of targeted systems. Upon validating the vulnerability, 3Com reported the threat to Microsoft, which in turn applied the necessary resources to address the vulnerability and issued the patch today. 3Com customers using the TippingPoint Intrusion Prevention Systems (IPS) have been preemptively protected against potential zero day attacks targeting the vulnerability. The goal of the Zero Day Initiative is to enable the responsible disclosure of vulnerabilities in order to make technology more secure for users and businesses. A zero day vulnerability is one that is unknown or one that has been publicly disclosed without a corresponding patch. Through the program, 3Com rewards security researchers for responsibly informing 3Com of newly discovered zero day vulnerabilities. 3Com notifies the affected vendor so a patch can be developed, and the researcher agrees to keep the information confidential until the patch is issued so affected organizations are not at risk. In addition to protecting all users from zero day threats by ensuring information is kept confidential until a patch is issued, TippingPoint customers are protected against zero day attacks through security filters delivered through the Digital Vaccine service. In addition to protecting customers from the Microsoft Outlook Express vulnerability, TippingPoint Intrusion Prevention Systems were inoculated against issues in all of today's Microsoft bulletins through the Digital Vaccine service. The TippingPoint IPS provides protection for the following security bulletins announced by Microsoft: (1) MS06-013 Cumulative Security Update for Internet Explorer (Rating: Critical) (2) MS06-014 Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (Rating: Critical) (3) MS06-015 Vulnerability in Windows Explorer Could Allow Remote Code Execution (Rating: Critical) (4) MS06-016 Cumulative Security Update for Outlook Express (Rating: Important) (5) MS06-017 Vulnerability in Microsoft Front Page Server Extensions Could Allow Cross Site Scripting (Rating: Moderate) For more information on the Microsoft vulnerabilities, please clickhere. write your comments about the article :: © 2006 Computing News :: home page |