Lucene search

K
trendmicroblogElisa Lippincott (TippingPoint Global Product Marketing)TRENDMICROBLOG:3BC4D55C7B197F32FEF9A2D171ACD8AB
HistoryAug 18, 2017 - 12:00 p.m.

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 14, 2017

2017-08-1812:00:42
Elisa Lippincott (TippingPoint Global Product Marketing)
blog.trendmicro.com
162

0.34 Low

EPSS

Percentile

96.6%

One of my favorite movies is the 1999 comedy “Galaxy Quest,” which features the cast of a science-fiction television series similar to Star Trek. In the movie, the crew is visited by real aliens who ask them for help against an intergalactic adversary because they believe that Galaxy Quest is a documentary of historical documents – not a TV show. There’s a scene in the movie where someone pressed the button that destroys the ship. The crew makes it to the center of the ship where they can stop the process but the stop button doesn’t work. The countdown to destruction continues, but when the clock hits one second, it stops. Why? Because on a TV show, the clock always stops at one second before total destruction.

Sometimes, we can’t control the script of our real-life security world and the clock doesn’t stop at one second. Yesterday, the Zero Day Initiative (ZDI) published two zero-day advisories for vulnerabilities in Foxit Reader per the guidelines outlined in the ZDI disclosure policy. The two advisories, ZDI-17-691 and ZDI-17-692, allow remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. For more detailed analysis of the Foxit Reader vulnerabilities, you can read the ZDI blog: Busting Myths in Foxit Reader.

Adobe Security Update

This week’s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before August 8, 2017. The following table maps Digital Vaccine filters to the Adobe updates. Filters marked with an (*) shipped prior to this week’s DV package, providing zero-day protection for our customers. You can get more detailed information on this month’s security updates from Dustin Childs’ August 2017 Security Update Review from the Zero Day Initiative:

Bulletin # CVE # Digital Vaccine Filter # Status
APSB17-23 CVE-2017-3085 Local Only
APSB17-23 CVE-2017-3106 29353
APSB17-24 CVE-2017-3113 *26537
APSB17-24 CVE-2017-3115 *27233
APSB17-24 CVE-2017-3116 29354
APSB17-24 CVE-2017-3117 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB17-24 CVE-2017-3118 29358
APSB17-24 CVE-2017-3119 29359
APSB17-24 CVE-2017-3120 *27751
APSB17-24 CVE-2017-3121 *27948
APSB17-24 CVE-2017-3122 *28005
APSB17-24 CVE-2017-3123 *28032
APSB17-24 CVE-2017-3124 *28034
APSB17-24 CVE-2017-11209 *28035
APSB17-24 CVE-2017-11210 *28092
APSB17-24 CVE-2017-11211 *28218
APSB17-24 CVE-2017-11212 *28100
APSB17-24 CVE-2017-11214 *28216
APSB17-24 CVE-2017-11216 *27821
APSB17-24 CVE-2017-11217 *27812
APSB17-24 CVE-2017-11218 *27753
APSB17-24 CVE-2017-11219 *27820
APSB17-24 CVE-2017-11220 29360
APSB17-24 CVE-2017-11221 29413
APSB17-24 CVE-2017-11222 29352
APSB17-24 CVE-2017-11223 *28202
APSB17-24 CVE-2017-11224 *28202
APSB17-24 CVE-2017-11226 29349
APSB17-24 CVE-2017-11227 *28473
APSB17-24 CVE-2017-11228 *28475
APSB17-24 CVE-2017-11229 29361
APSB17-24 CVE-2017-11230 *28476
APSB17-24 CVE-2017-11231 *28478
APSB17-24 CVE-2017-11232 *28479
APSB17-24 CVE-2017-11233 *28481
APSB17-24 CVE-2017-11234 *28543
APSB17-24 CVE-2017-11235 29362
APSB17-24 CVE-2017-11236 29363
APSB17-24 CVE-2017-11237 29370
APSB17-24 CVE-2017-11238 29371
APSB17-24 CVE-2017-11239 *28544
APSB17-24 CVE-2017-11241 *28547
APSB17-24 CVE-2017-11242 28480, 28548
APSB17-24 CVE-2017-11243 *28663
APSB17-24 CVE-2017-11244 *28664
APSB17-24 CVE-2017-11245 *28666
APSB17-24 CVE-2017-11246 29414
APSB17-24 CVE-2017-11248 *28463
APSB17-24 CVE-2017-11249 *28464
APSB17-24 CVE-2017-11251 29418
APSB17-24 CVE-2017-11252 *28477
APSB17-24 CVE-2017-11254 29350
APSB17-24 CVE-2017-11255 *28741
APSB17-24 CVE-2017-11256 *28735
APSB17-24 CVE-2017-11257 *28734
APSB17-24 CVE-2017-11258 *28732
APSB17-24 CVE-2017-11259 *28733
APSB17-24 CVE-2017-11260 *28731
APSB17-24 CVE-2017-11261 *28730
APSB17-24 CVE-2017-11262 29355
APSB17-24 CVE-2017-11263 29369
APSB17-24 CVE-2017-11265 *28916
APSB17-24 CVE-2017-11267 29364
APSB17-24 CVE-2017-11268 29365
APSB17-24 CVE-2017-11269 29366
APSB17-24 CVE-2017-11270 29367
APSB17-24 CVE-2017-11271 29368

TippingPoint Operating System (TOS) v3.9.2 Release

Earlier this week, we issued a maintenance release version 3.9.2 build 4784 of the TippingPoint Operating System (TOS) for the N/NX Platform family. For the complete list of enhancements and changes, please refer to the product Release Notes located on the Threat Management center (TMC) Web site at <https://tmc.tippingpoint.com>. Customers with questions or technical assistance can contact the TippingPoint Technical Assistance Center (TAC).

Zero-Day Filters

There are 14 new zero-day filters covering two vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (11)

|

  • 29362: HTTP: Adobe Acrobat Pro DC ImageConversion JPEG Use-After-Free Vulnerability (ZDI-17-590)
  • 29363: HTTP: Adobe Acrobat Pro DC Forms Information Disclosure Vulnerability (ZDI-17-591)
  • 29364: HTTP: Adobe Acrobat Pro DC ImageConversion Memory Corruption Vulnerability (ZDI-17-621)
  • 29365: HTTP: Adobe Acrobat Pro DC ImageConversion Information Disclosure Vulnerability (ZDI-17-622)
  • 29366: HTTP: Adobe Acrobat Pro DC ImageConversion Information Disclosure Vulnerability (ZDI-17-623)
  • 29367: HTTP: Adobe Acrobat Pro DC ImageConversion Information Disclosure Vulnerability (ZDI-17-625)
  • 29368: HTTP: Adobe Acrobat Pro DC ImageConversion Memory Corruption Vulnerability (ZDI-17-629)
  • 29370: HTTP: Adobe Acrobat Pro DC Font Parsing Information Disclosure Vulnerability (ZDI-17-592)
  • 29371: HTTP: Adobe Acrobat Pro DC ImageConversion EMF Information Disclosure Vulnerability (ZDI-17-593)
  • 29414: HTTP: Adobe Acrobat Pro ImageConversion JPEG Information Disclosure Vulnerability (ZDI-17-603)
  • 29418: HTTP: Adobe Acrobat Pro DC JPEG2000 Memory Corruption Vulnerability (ZDI-17-609)_ _
    —|—

_ _

Trend Micro (3)

|

  • 29333: HTTPS: Trend Micro SafeSync for Enterprise replace_local_disk Command Injection (ZDI-17-119)
  • 29337: HTTP: Trend Micro SafeSync for Enterprise dead_local_disk Command Injection (ZDI-17-118)
  • 29338: HTTPS: Trend Micro SafeSync for Enterprise dead_local_disk Command Injection (ZDI-17-118)
    —|—
    |

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.