Lucene search

K
trendmicroblog
Elisa Lippincott (TippingPoint Global Product Marketing)TRENDMICROBLOG:278CA36BE7BE1D87941A99D03E2C3D5B
HistoryMay 12, 2017 - 4:47 p.m.

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 8, 2017

2017-05-1216:47:57
Elisa Lippincott (TippingPoint Global Product Marketing)
blog.trendmicro.com
368

0.974 High

EPSS

Percentile

99.9%

Although I’m still dreaming of the sandy beaches of Cancun, it’s time to get back to reality. Security vulnerabilities never take a holiday and this week is no exception. In addition to our normal Digital Vaccine (DV) package delivered earlier this week, we also issued an out-of-band DV package to address zero-day vulnerabilities for Intel Active Management Technology (AMT) (CVE-2017-5689) and Windows Defender (CVE-2017-0290).

The Intel AMT vulnerability is an escalation of privilege vulnerability that allows an unprivileged attacker to gain control of the manageability features provided by the affected Intel AMT products. The Windows Defender vulnerability is much scarier because allows a remote attacker to take over a system without any interaction from the system owner. Just the mere execution of Windows Defender scanning an email or instant message from an attacker is enough. But don’t worry – customers using TippingPoint solutions are protected from these vulnerabilities with the following DV filters:

|

  • 28214: HTTP: Null response digest
  • 28221: HTTP: Microsoft Malware Protection Engine mpengine Type Confusion Vulnerability
    —|—
    |

Microsoft Update

This week’s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before May 9, 2017. Microsoft released patches for 55 new CVEs in Internet Explorer, Edge, Office, Windows, and .NET Framework. A total of 14 of these CVEs are rated Critical while the rest are rated Important in severity. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an (*) shipped prior to this DV package, providing zero-day protection for our customers. You can get more detailed information on this month’s security updates from Dustin Childs’ May 2017 Security Update Review:

CVE # Digital Vaccine Filter # Status
CVE-2017-0064 Insufficient Vendor Information
CVE-2017-0077 28112
CVE-2017-0171 Insufficient Vendor Information
CVE-2017-0175 28183
CVE-2017-0190 Insufficient Vendor Information
CVE-2017-0212 Insufficient Vendor Information
CVE-2017-0213 28184
CVE-2017-0214 28189
CVE-2017-0220 28198
CVE-2017-0221 28114
CVE-2017-0222 Insufficient Vendor Information
CVE-2017-0224 Insufficient Vendor Information
CVE-2017-0226 Insufficient Vendor Information
CVE-2017-0227 28130
CVE-2017-0228 *27538
CVE-2017-0229 Insufficient Vendor Information
CVE-2017-0230 Insufficient Vendor Information
CVE-2017-0231 Insufficient Vendor Information
CVE-2017-0233 Insufficient Vendor Information
CVE-2017-0234 *27532
CVE-2017-0235 Insufficient Vendor Information
CVE-2017-0236 *27536
CVE-2017-0238 *27540
CVE-2017-0240 *27541, *27542
CVE-2017-0241 Insufficient Vendor Information
CVE-2017-0242 Insufficient Vendor Information
CVE-2017-0243 28192
CVE-2017-0244 Insufficient Vendor Information
CVE-2017-0245 28185
CVE-2017-0246 28111
CVE-2017-0248 Insufficient Vendor Information
CVE-2017-0254 Insufficient Vendor Information
CVE-2017-0255 Insufficient Vendor Information
CVE-2017-0258 28199
CVE-2017-0259 28200
CVE-2017-0261 Insufficient Vendor Information
CVE-2017-0262 Insufficient Vendor Information
CVE-2017-0263 28186
CVE-2017-0264 Insufficient Vendor Information
CVE-2017-0265 Insufficient Vendor Information
CVE-2017-0266 28193
CVE-2017-0267 Insufficient Vendor Information
CVE-2017-0268 Insufficient Vendor Information
CVE-2017-0269 Insufficient Vendor Information
CVE-2017-0270 Insufficient Vendor Information
CVE-2017-0271 Insufficient Vendor Information
CVE-2017-0272 Insufficient Vendor Information
CVE-2017-0273 Insufficient Vendor Information
CVE-2017-0274 Insufficient Vendor Information
CVE-2017-0275 Insufficient Vendor Information
CVE-2017-0276 Insufficient Vendor Information
CVE-2017-0277 Insufficient Vendor Information
CVE-2017-0278 Insufficient Vendor Information
CVE-2017-0279 Insufficient Vendor Information
CVE-2017-0280 Insufficient Vendor Information
CVE-2017-0281 Insufficient Vendor Information

Zero-Day Filters

There are 14 new zero-day filters covering three vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (5)

|

  • 28094: ZDI-CAN-4564: Zero Day Initiative Vulnerability (Adobe Flash)
  • 28099: ZDI-CAN-4565: Zero Day Initiative Vulnerability (Adobe Flash)
  • 28100: ZDI-CAN-4566: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 28101: ZDI-CAN-4567: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 28202: ZDI-CAN-4715, 4716: Zero Day Initiative Vulnerability (Adobe Reader DC)_ _
    —|—
    |

EMC (6)

|

  • 28102: ZDI-CAN-4694: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)
  • 28103: ZDI-CAN-4695: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)
  • 28104: ZDI-CAN-4696: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)
  • 28105: ZDI-CAN-4698: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)
  • 28106: ZDI-CAN-4699: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)
  • 28107: ZDI-CAN-4710: Zero Day Initiative Vulnerability (EMC AppSync)_ _
    —|—
    |

NetGain (3)

|

  • 28108: ZDI-CAN-4749: Zero Day Initiative Vulnerability (NetGain Enterprise Manager)
  • 28109: ZDI-CAN-4750: Zero Day Initiative Vulnerability (NetGain Enterprise Manager)
  • 28110: ZDI-CAN-4751: Zero Day Initiative Vulnerability (NetGain Enterprise Manager)_ _
    —|—
    |

Updated Existing Zero-Day Filters

This section highlights specific filter(s) of interest in this week’s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its Disclosure Policy.

Three of the filters we have for this month’s Microsoft bulletins are a direct result of the Zero Day Initiative’s Pwn2Own contest held in March. These filters have been updated to reflect the fact that the vulnerabilities have been patched:

|

  • 27532: HTTP: Microsoft Edge Chakra JIT Array Memory Corruption Vulnerability (Pwn2Own)
  • 27538: HTTP: Microsoft Edge Chakra Array Splice Use-After-Free Vulnerability (Pwn2Own)
  • 27540: HTTP: Microsoft Edge Chakra Array Unshift Buffer Overflow Vulnerability (Pwn2Own)_ _
    —|—
    |

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

Be first who know about 0-days in popular software

Do not waste time on finding information in tons of articles. Subscribe yourself and your colleagues on news and articles about products you need and you use!

Subscribe on news

0.974 High

EPSS

Percentile

99.9%

Related for TRENDMICROBLOG:278CA36BE7BE1D87941A99D03E2C3D5B