TippingPoint’s UnityOne Delivers Protection for New Microsoft Vulnerabilities

AUSTIN, Texas – Oct. 14, 2004 – TippingPoint Technologies, Inc. (NASDAQ: TPTI), the leader in intrusion prevention, today announced that its UnityOneTM Intrusion Prevention Systems (IPS) provide protection for critical vulnerabilities disclosed by Microsoft Tuesday in the following advisories: MS04-031, MS04-032, MS04-034, MS04-035, MS04-036, MS04-037, and MS04-038.

The new vulnerability filters, developed by TippingPoint’s Digital Vaccine team, protect against zero-day attacks that attempt to exploit the announced vulnerabilities. TippingPoint already had prior coverage for several of the vulnerabilities. The rest of the vulnerability coverage was distributed through TippingPoint’s Digital Vaccine service yesterday after extensive accuracy and performance testing.

“This is the most vulnerabilities ever announced by Microsoft since their new monthly release cycle,” said TippingPoint’s Chief Technology Officer Marc Willebeek-LeMair. “Our world-class Digital Vaccine service is able to rapidly deliver cutting edge virtual patch protection to our customers regardless of the time of day or number of critical vulnerabilities that have been disclosed. This rapid response is crucial in light of the shrinking window of time it takes for exploits to emerge.”

The vulnerabilities that TippingPoint’s UnityOne protects include:

(1) MS04-031
Vulnerability in NetDDE Could Allow Remote Code Execution – CAN-2004-0206
(Rating: Important)

(2) MS04-032
Graphics Rendering Engine Vulnerability – CAN -2004-0211
(Rating: Critical)

(3) MS04-034
Vulnerability in Compressed Folder Could Allow Remote Code Execution –
CAN-2004-0575 (Rating: Critical)

(4) MS04-035
Vulnerability in SMTP Could Allow Remote Code Execution – CAN-2004-0840
(Rating: Critical)

(5) MS04-036
Vulnerability in NNTP Could Allow Remote Code Execution – CAN-2004-0574
(Rating: Critical)

(6) MS04-037
” Shell Vulnerability – CAN-2004-0214 (Rating: Critical)

” Program Group Converter Vulnerability – CAN-2004-0572 (Rating: Important)

(7) MS04-038
” Cascading Style Sheets Heap Memory Corruption Vulnerability – CAN-2004-0842
(Rating: Critical)

” Similar Method Name Redirection Cross Domain Vulnerability – CAN-2004-0727
(Rating: Critical)

” Install Engine Vulnerability – CAN-2004-0216 (Rating: Critical)

” Drag and Drop Vulnerability – CAN-2004-0839 (Rating: Important)

” Script in Image Tag File Download Vulnerability – CAN-2004-0841 (Rating: Important)

The majority of remaining vulnerabilities are local vulnerabilities that can be exploited by an attacker with physical access to the vulnerable machine, denial of service (DoS) vulnerabilities (TippingPoint’s DoS coverage protects against these attacks), or information disclosure vulnerabilities. TippingPoint continuously updates UnityOne Intrusion Prevention Systems through the Digital Vaccine service as new vulnerabilities emerge.

For more information on the Microsoft vulnerabilities, click here:

TippingPoint’s UnityOne provides Application Protection, Performance Protection and Infrastructure Protection at gigabit speeds through total packet inspection. Application Protection capabilities provide fast, accurate, reliable protection from internal and external cyber attacks. Through its Infrastructure Protection capabilities, UnityOne protects VoIP infrastructure, routers, switches, DNS and other critical infrastructure from targeted attacks and traffic anomalies. UnityOne Performance Protection capabilities enable customers to throttle non-mission critical applications that hijack valuable bandwidth and IT resources, thereby aligning network resources and business-critical application performance.

About TippingPoint

TippingPoint is the leading provider of network-based intrusion prevention systems that deliver in-depth Application Protection, Infrastructure Protection, and Performance Protection for corporate enterprises, government agencies, service providers and academic institutions. Our innovative approach offers customers unmatched network-based security with unrivaled economics, ultra-high performance, scalability and reliability. TippingPoint is based in Austin, Texas, and can be contacted through its Web site at www.tippingpoint.com or by telephone at 1-88UNITYONE.


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss