Elisa Lippincott (TippingPoint Global Product Marketing)TRENDMICROBLOG:278CA36BE7BE1D87941A99D03E2C3D5BTippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 8, 2017
0.974 High
EPSS
Percentile
99.9%
Although I’m still dreaming of the sandy beaches of Cancun, it’s time to get back to reality. Security vulnerabilities never take a holiday and this week is no exception. In addition to our normal Digital Vaccine (DV) package delivered earlier this week, we also issued an out-of-band DV package to address zero-day vulnerabilities for Intel Active Management Technology (AMT) (CVE-2017-5689) and Windows Defender (CVE-2017-0290).
The Intel AMT vulnerability is an escalation of privilege vulnerability that allows an unprivileged attacker to gain control of the manageability features provided by the affected Intel AMT products. The Windows Defender vulnerability is much scarier because allows a remote attacker to take over a system without any interaction from the system owner. Just the mere execution of Windows Defender scanning an email or instant message from an attacker is enough. But don’t worry – customers using TippingPoint solutions are protected from these vulnerabilities with the following DV filters:
|
- 28214: HTTP: Null response digest
- 28221: HTTP: Microsoft Malware Protection Engine mpengine Type Confusion Vulnerability
—|—
|
Microsoft Update
This week’s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before May 9, 2017. Microsoft released patches for 55 new CVEs in Internet Explorer, Edge, Office, Windows, and .NET Framework. A total of 14 of these CVEs are rated Critical while the rest are rated Important in severity. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an (*) shipped prior to this DV package, providing zero-day protection for our customers. You can get more detailed information on this month’s security updates from Dustin Childs’ May 2017 Security Update Review:
| CVE # | Digital Vaccine Filter # | Status |
|---|---|---|
| CVE-2017-0064 | Insufficient Vendor Information | |
| CVE-2017-0077 | 28112 | |
| CVE-2017-0171 | Insufficient Vendor Information | |
| CVE-2017-0175 | 28183 | |
| CVE-2017-0190 | Insufficient Vendor Information | |
| CVE-2017-0212 | Insufficient Vendor Information | |
| CVE-2017-0213 | 28184 | |
| CVE-2017-0214 | 28189 | |
| CVE-2017-0220 | 28198 | |
| CVE-2017-0221 | 28114 | |
| CVE-2017-0222 | Insufficient Vendor Information | |
| CVE-2017-0224 | Insufficient Vendor Information | |
| CVE-2017-0226 | Insufficient Vendor Information | |
| CVE-2017-0227 | 28130 | |
| CVE-2017-0228 | *27538 | |
| CVE-2017-0229 | Insufficient Vendor Information | |
| CVE-2017-0230 | Insufficient Vendor Information | |
| CVE-2017-0231 | Insufficient Vendor Information | |
| CVE-2017-0233 | Insufficient Vendor Information | |
| CVE-2017-0234 | *27532 | |
| CVE-2017-0235 | Insufficient Vendor Information | |
| CVE-2017-0236 | *27536 | |
| CVE-2017-0238 | *27540 | |
| CVE-2017-0240 | *27541, *27542 | |
| CVE-2017-0241 | Insufficient Vendor Information | |
| CVE-2017-0242 | Insufficient Vendor Information | |
| CVE-2017-0243 | 28192 | |
| CVE-2017-0244 | Insufficient Vendor Information | |
| CVE-2017-0245 | 28185 | |
| CVE-2017-0246 | 28111 | |
| CVE-2017-0248 | Insufficient Vendor Information | |
| CVE-2017-0254 | Insufficient Vendor Information | |
| CVE-2017-0255 | Insufficient Vendor Information | |
| CVE-2017-0258 | 28199 | |
| CVE-2017-0259 | 28200 | |
| CVE-2017-0261 | Insufficient Vendor Information | |
| CVE-2017-0262 | Insufficient Vendor Information | |
| CVE-2017-0263 | 28186 | |
| CVE-2017-0264 | Insufficient Vendor Information | |
| CVE-2017-0265 | Insufficient Vendor Information | |
| CVE-2017-0266 | 28193 | |
| CVE-2017-0267 | Insufficient Vendor Information | |
| CVE-2017-0268 | Insufficient Vendor Information | |
| CVE-2017-0269 | Insufficient Vendor Information | |
| CVE-2017-0270 | Insufficient Vendor Information | |
| CVE-2017-0271 | Insufficient Vendor Information | |
| CVE-2017-0272 | Insufficient Vendor Information | |
| CVE-2017-0273 | Insufficient Vendor Information | |
| CVE-2017-0274 | Insufficient Vendor Information | |
| CVE-2017-0275 | Insufficient Vendor Information | |
| CVE-2017-0276 | Insufficient Vendor Information | |
| CVE-2017-0277 | Insufficient Vendor Information | |
| CVE-2017-0278 | Insufficient Vendor Information | |
| CVE-2017-0279 | Insufficient Vendor Information | |
| CVE-2017-0280 | Insufficient Vendor Information | |
| CVE-2017-0281 | Insufficient Vendor Information |
Zero-Day Filters
There are 14 new zero-day filters covering three vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Adobe (5)
|
- 28094: ZDI-CAN-4564: Zero Day Initiative Vulnerability (Adobe Flash)
- 28099: ZDI-CAN-4565: Zero Day Initiative Vulnerability (Adobe Flash)
- 28100: ZDI-CAN-4566: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- 28101: ZDI-CAN-4567: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- 28202: ZDI-CAN-4715, 4716: Zero Day Initiative Vulnerability (Adobe Reader DC)_ _
—|—
|
EMC (6)
|
- 28102: ZDI-CAN-4694: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)
- 28103: ZDI-CAN-4695: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)
- 28104: ZDI-CAN-4696: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)
- 28105: ZDI-CAN-4698: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)
- 28106: ZDI-CAN-4699: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)
- 28107: ZDI-CAN-4710: Zero Day Initiative Vulnerability (EMC AppSync)_ _
—|—
|
NetGain (3)
|
- 28108: ZDI-CAN-4749: Zero Day Initiative Vulnerability (NetGain Enterprise Manager)
- 28109: ZDI-CAN-4750: Zero Day Initiative Vulnerability (NetGain Enterprise Manager)
- 28110: ZDI-CAN-4751: Zero Day Initiative Vulnerability (NetGain Enterprise Manager)_ _
—|—
|
Updated Existing Zero-Day Filters
This section highlights specific filter(s) of interest in this week’s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its Disclosure Policy.
Three of the filters we have for this month’s Microsoft bulletins are a direct result of the Zero Day Initiative’s Pwn2Own contest held in March. These filters have been updated to reflect the fact that the vulnerabilities have been patched:
|
- 27532: HTTP: Microsoft Edge Chakra JIT Array Memory Corruption Vulnerability (Pwn2Own)
- 27538: HTTP: Microsoft Edge Chakra Array Splice Use-After-Free Vulnerability (Pwn2Own)
- 27540: HTTP: Microsoft Edge Chakra Array Unshift Buffer Overflow Vulnerability (Pwn2Own)_ _
—|—
|
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.
Related
