3Com's Zero Day Initiative Uncovers Microsoft Vulnerability Disclosed and Patched Today; Program Leads to Responsible Disclosure of Vulnerability through Collaboration with Vendor; 3Com Protects Customers Before Flaw Disclosed Publicly

Business Wire, March 14, 2006

MALBOROUGH, Mass. -- 3Com and its TippingPoint division, today announced that a new vulnerability in Microsoft Excel was discovered and disclosed through the Zero Day Initiative (ZDI). Through ZDI, 3Com notified Microsoft of the vulnerability, who worked quickly to issue a corresponding patch today in this month's Microsoft bulletin, eliminating the threat of a zero day attack. In addition, TippingPoint(TM) Intrusion Prevention Systems (IPS) provided preemptive protection for the critical bulletin announced by Microsoft today. E[acute accent]The vulnerability in Microsoft Excel is a critical vulnerability in the widespread Microsoft Office suite that allows attackers to take complete control of targeted systems. Upon validating the vulnerability, 3Com reported the threat to Microsoft on January 24, 2006, which in turn applied the necessary resources to address the vulnerability and issued the patch today. 3Com customers using the TippingPoint Intrusion Prevention Systems (IPS) have been preemptively protected against potential zero day attacks targeting the vulnerability. E[acute accent]The goal of the Zero Day Initiative is to enable the responsible disclosure of vulnerabilities in order to make technology more secure for users and businesses. A zero day vulnerability is one that is unknown or one that has been publicly disclosed without a corresponding patch. Through the program, 3Com rewards security researchers for responsibly informing 3Com of newly discovered zero day vulnerabilities. 3Com notifies the affected vendor so a patch can be developed, and the researcher agrees to keep the information confidential until the patch is issued so affected organizations are not at risk. In addition to protecting all users from zero day threats by ensuring information is kept confidential until a patch is issued, TippingPoint customers are protected against zero day attacks through security filters delivered through the Digital Vaccine(R) service. E[acute accent]"We believe ZDI is the only research reward program that adheres to responsible disclosure, keeping the information confidential until a solution is available," said David Endler, director of security research for 3Com's TippingPoint division. "By carefully managing this vulnerability, we did more than protect our customers through our TippingPoint Intrusion Prevention System. We eliminated the threat of a zero day attack for all Microsoft users, which represent the majority of computer users." E[acute accent]In addition to protecting customers from the Microsoft Excel vulnerability, TippingPoint Intrusion Prevention Systems were inoculated against other threats in today's critical Microsoft bulletin through the Digital Vaccine service, a remote update service that provides regular protection against the latest threats. Today's bulletin is:

E[acute accent](1) MS06-012

E[acute accent]Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

E[acute accent](Rating: Critical)

E[acute accent]For more information on the Microsoft vulnerabilities, please visit: http://www.microsoft.com/technet/security/bulletin/ms06-mar.mspx.> E[acute accent]For a full list of ZDI advisories and specific information on the Microsoft vulnerability, please visit: http://www.zerodayinitiative.com/advisories.html.> E[acute accent]About TippingPoint, a division of 3Com

E[acute accent]TippingPoint, a division of 3Com, is the leading provider of network-based intrusion prevention systems. The TippingPoint IPS is the most decorated in its industry. For a full list of awards, visit http://www.tippingpoint.com/products_certifications.html. Our innovative approach offers customers unmatched network-based security with ultra-high performance, scalability and reliability. TippingPoint is based in Austin, Texas, and can be contacted through its Web site at www.tippingpoint.com or by telephone at 1-888-TRUE-IPS.

E[acute accent]About 3Com Corporation

E[acute accent]3Com Corporation (NASDAQ: COMS) is a leading provider of secure, converged voice and data networking solutions for enterprises of all sizes. 3Com offers a broad line of innovative products backed by world class sales, service and support, which excel at delivering business value for its customers. Through its TippingPoint division, 3Com is the leading provider of network-based intrusion prevention systems that deliver in-depth application protection, infrastructure protection, and performance protection for corporate enterprises, government agencies, service providers and academic institutions. For further information, please visit www.3com.com, or the press site www.3com.com/pressbox.> E[acute accent]Copyright (C) 2006 3Com Corporation. 3Com, the 3Com logo and Digital Vaccine are registered trademarks and TippingPoint is a trademark of 3Com Corporation or its subsidiaries. All other company and product names may be trademarks of their respective holders.

COPYRIGHT 2006 Business Wire

COPYRIGHT 2008 Gale, Cengage Learning