TippingPoint’s UnityOne Protects Against Web Attacks Exploiting Internet Explorer Vulnerabilities

AUSTIN, Texas – June 29, 2004 – TippingPoint Technologies, Inc. (NASDAQ: TPTI), the leader in intrusion prevention, today announced that UnityOneTM Intrusion Prevention Systems protect customers against the recent Web attacks that exploit Microsoft Internet Explorer vulnerabilities, for which a patch currently does not exist.

Early last week, several Managed Security Service Providers witnessed exploitation of Web sites running Microsoft IIS. Attackers modified the Web sites to silently deliver malicious content and install “back door’ programs to unsuspecting visitors. The back door downloaded to the victim’s computer is a variant of the Berbew Trojan, and is able to steal passwords and provide remote access to an attacker. It is believed these widespread Web infections are caused by Russian organized crime.

The attackers took advantage of a combination of three Microsoft Internet Explorer vulnerabilities that currently have no official vendor patches. TippingPoint’s UnityOne was protecting customers before these attacks even surfaced. TippingPoint delivered a Virtual Software Patch in a Digital Vaccine update to UnityOne Intrusion Prevention Systems that guarded exploitation of the critical vulnerabilities announced in Microsoft’s Advisory MS04-011 and in the most recent zero-day Internet Explorer exploit, publicly discovered on June 7.

“Attackers are moving more and more quickly to leverage vulnerabilities before vendors can provide a patch,” said TippingPoint’s Chief Technology and Strategy Officer Marc Willebeek-LeMair. “Most organizations struggle to patch new vulnerabilities the minute they are discovered because they simply do not have the resources for emergency patching. However, this round of Web attacks was exacerbated by the fact that there simply were no patches available for Internet Explorer. Intrusion prevention is the only network-based method of protection against this type of exploit.”

TippingPoint’s UnityOne provides Application Protection, Performance Protection and Infrastructure Protection at gigabit speeds through total packet inspection. Application Protection capabilities provide fast, accurate, reliable protection from internal and external cyber attacks. Through its Infrastructure Protection capabilities, UnityOne protects routers, switches, and other critical infrastructure from targeted attacks and traffic anomalies. UnityOne Performance Protection capabilities enable customers to throttle non-mission critical applications that hijack valuable bandwidth and IT resources, thereby aligning network resources and business-critical application performance.

To obtain immediate network-based protection against the Internet Explorer exploits, contact TippingPoint at 88-UNITYONE.

About TippingPoint Technologies
TippingPoint is the leading provider of network-based intrusion prevention systems that deliver in-depth Application Protection, Infrastructure Protection, and Performance Protection for corporate enterprises, government agencies, service providers and academic institutions. Our innovative approach offers customers unmatched network-based security with unrivaled economics, ultra-high performance, scalability and reliability. TippingPoint is based in Austin, Texas, and can be contacted through its Web site at www.tippingpoint.com or by telephone at 1-88UNITYONE.