TippingPoint Threat Intelligence and Zero-Day Coverage – Week of October 9, 2017

Even though “Patch Tuesday” isn’t supposed to exist anymore, here I am blogging about it. As I looked at the October updates from Microsoft, the usual suspects were there. But this month was a little different. We usually see critical vulnerabilities on the browser side, but Microsoft Office is in the spotlight with CVE-2017-11826 under active attack.

The scenario involves a specially crafted file with an affected version of Microsoft Office software. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. So, just imagine if a user is logged on with administrative user rights – an attacker could take over the system and install programs; view, change, or delete data; or create new accounts with full user rights. The table below highlights the Digital Vaccine® filters available for the Microsoft October updates.

Microsoft Update

This week’s Digital Vaccine® (DV) package includes coverage for Microsoft updates released on or before October 10, 2017. Microsoft had another big month with 62 security patches for September covering Windows, Internet Explorer (IE), Edge, Office, and Skype for Business. 27 of the patches are listed as Critical and 35 are rated Important. Eight of the Microsoft CVEs came through the Zero Day Initiative program. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month’s security updates from Dustin Childs’ October 2017 Security Update Review from the Zero Day Initiative:

Zero-Day Filters

There are four new zero-day filters covering two vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Microsoft (2)

|

• 29695: ZDI-CAN-5067: Zero Day Initiative Vulnerability (Microsoft Chakra)
• 29741: HTTP: Microsoft Windows WAV File Denial-of-Service Vulnerability (ZDI-17-838)
  —|—
  |

Trend Micro (2)

|

• 29701: HTTPS: Trend Micro Mobile Security Enterprise slink_id SQL Injection (ZDI-17-803)
• 29710: HTTPS:Trend Micro InterScan Messaging Security Proxy Command Injection Vulnerability (ZDI-17-502,504)
  —|—
  |

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.