TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 12, 2017

“What can you sit on, sleep on, and brush your teeth with?” This was the question posed to Steve Martin’s character C.D. Bales in the 1987 movie Roxanne. In a modern take of Edmond Rostand’s 1897 verse play Cyrano de Bergerac, the movie centers around C.D.’s attempt to win the love of a woman while navigating life with his unusually large nose. When C.D. wonders what the point of the question is, his god sister responds, “The point is that sometimes the answer is so obvious, you don’t even realize it. It’s as plain as the nose on your face.” By the way, the answer to the question is so obvious: a chair, a bed, and a toothbrush.

At the Gartner Security and Risk Summit in Washington, D.C., held earlier this week, I heard a recurring theme across the various sessions I attended. The theme was around the fact that the discipline of patching isn’t where it needs to be. As we witnessed with the recent WannaCry ransomware attack, which utilized vulnerabilities that were disclosed by The Shadow Brokers and subsequently patched by Microsoft, many organizations were still affected because they hadn’t patched their systems. The general guidance given at various sessions: Patch your systems. While the answer is so obvious, it may not be practical for some organizations, especially those with thousands of systems. Our solutions can help through the use of “virtual patching.” While virtual patching is a term that is now pretty common in the security world, where we stand out is when vulnerabilities haven’t been patched by the vendor. If a vulnerability comes to us via the Zero Day Initiative, we will have protection for our customers ahead of a patch that’s made available by the vendor. This is even more important if a vulnerability is brought to us for a solution that is no longer supported by the vendor. Interestingly enough, with this month’s Microsoft Patch Tuesday, Microsoft has issued SMB patches for Windows XP, which reached its end of support deadline in April 2014. While Microsoft states that doing this is an exception and not the norm, it could create a false “safety net” for those who haven’t upgraded their systems. The precedent that this might set in the future is an answer that isn’t so obvious.

Microsoft Update

This week’s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before June 13, 2017. Microsoft released patches for almost 100 new CVEs in Internet Explorer, Edge, Office, Windows, and Skype. A total of 18 of these CVEs are rated Critical. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ June 2017 Security Update Review from the Zero Day Initiative:

CVE # Digital Vaccine Filter # Status
CVE-2017-0173 No Vendor Intelligence Provided
CVE-2017-0193 No Vendor Intelligence Provided
CVE-2017-0215 28628
CVE-2017-0216 No Vendor Intelligence Provided
CVE-2017-0218 No Vendor Intelligence Provided
CVE-2017-0219 No Vendor Intelligence Provided
CVE-2017-0260 No Vendor Intelligence Provided
CVE-2017-0282 No Vendor Intelligence Provided
CVE-2017-0283 No Vendor Intelligence Provided
CVE-2017-0284 No Vendor Intelligence Provided
CVE-2017-0285 No Vendor Intelligence Provided
CVE-2017-0286 No Vendor Intelligence Provided
CVE-2017-0287 No Vendor Intelligence Provided
CVE-2017-0288 No Vendor Intelligence Provided
CVE-2017-0289 No Vendor Intelligence Provided
CVE-2017-0291 No Vendor Intelligence Provided
CVE-2017-0292 No Vendor Intelligence Provided
CVE-2017-0294 No Vendor Intelligence Provided
CVE-2017-0295 No Vendor Intelligence Provided
CVE-2017-0296 Insufficient Vendor Information
CVE-2017-0297 No Vendor Intelligence Provided
CVE-2017-0298 No Vendor Intelligence Provided
CVE-2017-0299 No Vendor Intelligence Provided
CVE-2017-0300 No Vendor Intelligence Provided
CVE-2017-8460 No Vendor Intelligence Provided
CVE-2017-8461 No Vendor Intelligence Provided
CVE-2017-8462 No Vendor Intelligence Provided
CVE-2017-8464 28614
CVE-2017-8465 28616
CVE-2017-8466 28618
CVE-2017-8468 28620
CVE-2017-8469 No Vendor Intelligence Provided
CVE-2017-8470 No Vendor Intelligence Provided
CVE-2017-8471 No Vendor Intelligence Provided
CVE-2017-8472 No Vendor Intelligence Provided
CVE-2017-8473 No Vendor Intelligence Provided
CVE-2017-8474 No Vendor Intelligence Provided
CVE-2017-8475 No Vendor Intelligence Provided
CVE-2017-8476 No Vendor Intelligence Provided
CVE-2017-8477 No Vendor Intelligence Provided
CVE-2017-8478 No Vendor Intelligence Provided
CVE-2017-8479 No Vendor Intelligence Provided
CVE-2017-8480 No Vendor Intelligence Provided
CVE-2017-8481 No Vendor Intelligence Provided
CVE-2017-8482 No Vendor Intelligence Provided
CVE-2017-8483 No Vendor Intelligence Provided
CVE-2017-8484 No Vendor Intelligence Provided
CVE-2017-8485 No Vendor Intelligence Provided
CVE-2017-8487 No Vendor Intelligence Provided
CVE-2017-8488 No Vendor Intelligence Provided
CVE-2017-8489 No Vendor Intelligence Provided
CVE-2017-8490 No Vendor Intelligence Provided
CVE-2017-8491 No Vendor Intelligence Provided
CVE-2017-8492 No Vendor Intelligence Provided
CVE-2017-8493 No Vendor Intelligence Provided
CVE-2017-8494 No Vendor Intelligence Provided
CVE-2017-8496 28613
CVE-2017-8497 28615
CVE-2017-8498 No Vendor Intelligence Provided
CVE-2017-8499 No Vendor Intelligence Provided
CVE-2017-8504 No Vendor Intelligence Provided
CVE-2017-8506 No Vendor Intelligence Provided
CVE-2017-8507 No Vendor Intelligence Provided
CVE-2017-8508 No Vendor Intelligence Provided
CVE-2017-8509 28619
CVE-2017-8510 28621
CVE-2017-8511 No Vendor Intelligence Provided
CVE-2017-8512 No Vendor Intelligence Provided
CVE-2017-8513 No Vendor Intelligence Provided
CVE-2017-8514 No Vendor Intelligence Provided
CVE-2017-8515 No Vendor Intelligence Provided
CVE-2017-8517 No Vendor Intelligence Provided
CVE-2017-8519 No Vendor Intelligence Provided
CVE-2017-8520 No Vendor Intelligence Provided
CVE-2017-8521 No Vendor Intelligence Provided
CVE-2017-8522 No Vendor Intelligence Provided
CVE-2017-8523 No Vendor Intelligence Provided
CVE-2017-8524 28622
CVE-2017-8527 No Vendor Intelligence Provided
CVE-2017-8528 No Vendor Intelligence Provided
CVE-2017-8529 Insufficient Vendor Information
CVE-2017-8530 No Vendor Intelligence Provided
CVE-2017-8531 No Vendor Intelligence Provided
CVE-2017-8532 No Vendor Intelligence Provided
CVE-2017-8533 No Vendor Intelligence Provided
CVE-2017-8534 No Vendor Intelligence Provided
CVE-2017-8543 28629
CVE-2017-8544 No Vendor Intelligence Provided
CVE-2017-8545 No Vendor Intelligence Provided
CVE-2017-8547 28611
CVE-2017-8548 No Vendor Intelligence Provided
CVE-2017-8549 No Vendor Intelligence Provided
CVE-2017-8550 No Vendor Intelligence Provided
CVE-2017-8551 No Vendor Intelligence Provided
CVE-2017-8553 No Vendor Intelligence Provided
CVE-2017-8554 No Vendor Intelligence Provided
CVE-2017-8555 No Vendor Intelligence Provided

 

Zero-Day Filters

There are 11 new zero-day filters covering three vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (5)

  • 28543: ZDI-CAN-4719: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 28544: ZDI-CAN-4729: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 28546: ZDI-CAN-4730: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 28547: ZDI-CAN-4731: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 28548: ZDI-CAN-4732: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) 

Trend Micro (5)

  • 28536: ZDI-CAN-4652: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)
  • 28537: ZDI-CAN-4653: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)
  • 28538: ZDI-CAN-4659: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)
  • 28541: ZDI-CAN-4664: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)
  • 28542: ZDI-CAN-4671,4675: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise) 

Hewlett Packard Enterprise (1)

  • 28608: HTTPS: HPE Network Automation RedirectServlet SQL Injection Vulnerability (ZDI-17-331) 

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

Leave a Reply