TippingPoint Threat Intelligence and Zero-Day Coverage – Week of January 8, 2018

2018-01-12T15:09:44
ID TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034
Type trendmicroblog
Reporter Elisa Lippincott (TippingPoint Global Product Marketing)
Modified 2018-01-12T15:09:44

Description

Last week, three interesting vulnerabilities popped up on the news and security feeds. Researchers disclosed CVE-2017-5753 and CVE-2017-5715, collectively known as Spectre, and CVE-2017-5754, known as Meltdown. These vulnerabilities take advantage of “speculative execution” of instructions performed by many modern microprocessors and can potentially allow an unprivileged attacker to read privileged memory allocated to the operating system kernel resulting in unintended information disclosure.

In order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Trend Micro’s TippingPoint devices are closed systems that only allow our trusted code to be executed. The underlying CPU and OS combination in the TippingPoint devices may be affected by these vulnerabilities; however, because our systems are closed with an inability to run arbitrary code, there is no vector to exploit. As of the writing of this blog, there are no known attacks that impact TippingPoint products. Our team will continue to monitor the situation and inform our customers of any updates.

On January 5, 2018, we released DV filter 30191 outside of our normal schedule to provide protection against a published remote JavaScript exploit of the Spectre vulnerability. Our team will continue to monitor the situation and will release additional filters as needed. Customers with concerns or further questions can contact the Trend Micro TippingPoint Technical Assistance Center (TAC). If you have other Trend Micro solutions, you can visit Trend Micro Business Support to get additional information.

TippingPoint Product Updates

Earlier this week, we released the following new releases for TippingPoint products:

Security Management System (SMS) Patches

The following patches include minor enhancements, bug fixes and address security issues:

SMS Version | Patch | Software
---|---|---
SMS v4.4.0 | 2 | SMS_Patch-4.4.0.57192.2.pkg
SMS v4.5.0 | 1 | SMS_Patch-4.5.0.98012.1.pkg
SMS v4.6.0 | 1 | SMS_Patch-4.6.0.101914.1.pkg
SMS v5.0.0 | 1 | SMS_Patch-5.0.0.106258.1.pkg

TippingPoint Operating System (TOS) v5.0.1 for Threat Protection System (TPS)

Version 5.0.1 build 4821 has been released for the TPS family (vTPS, 440T, 2200T, 8200TX, 8400TX) of devices.

TOS version 5.0.1.4821 will be released to manufacturing on March 31, 2018. All TPS family hardware appliances (440T, 2200T, 8200TX, 8400TX) will be manufactured with 5.0.1.4821 as January 9, 2018. This TOS release improves the overall security of the TPS and vTPS security devices, and resolves a number of issues.

For the complete list of enhancements and changes, customers can refer to the product release notes located on the Threat Management Center (TMC) website or contact the TippingPoint Technical Assistance Center (TAC) for questions or technical assistance.

Microsoft Updates

Due to the Meltdown and Spectre vulnerabilities, Microsoft issued an out-of-band update. The following table maps Digital Vaccine filters to the Microsoft updates issued on January 3, 2018:

CVE # | Digital Vaccine Filter # | Status
---|---|---
CVE-2018-0741 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0743 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0744 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0745 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0746 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0747 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0748 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0749 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0750 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0751 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0752 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0753 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0754 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0758 | 30160 |
CVE-2018-0762 | 30167 |
CVE-2018-0766 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0767 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0768 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0769 | 30168 |
CVE-2018-0770 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0772 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0773 | 30169 |
CVE-2018-0774 | 30185 |
CVE-2018-0775 | 30186 |
CVE-2018-0776 | 30164 |
CVE-2018-0777 | 30162 |
CVE-2018-0778 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0780 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0781 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0788 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0800 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0803 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0818 | | Vendor Deemed Reproducibility or Exploitation Unlikely

This week’s Digital Vaccine® (DV) package includes coverage for Microsoft updates released on or before January 9, 2018. Security patches were released by Microsoft covering Internet Explorer (IE), Microsoft Edge, ChakraCore, Microsoft Windows, Microsoft Office, ASP.NET, and the .NET Framework. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ January 2018 Security Update Review from the Zero Day Initiative:

CVE # | Digital Vaccine Filter # | Status
---|---|---
CVE-2018-0764 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0784 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0785 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0786 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0789 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0790 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0791 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0792 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0793 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0794 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0795 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0796 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0797 | 30163 |
CVE-2018-0798 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0799 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0801 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0802 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0804 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0805 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0806 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0807 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0812 | | Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0819 | | Vendor Deemed Reproducibility or Exploitation Unlikely

Adobe Security Update

This week’s Digital Vaccine® (DV) package also includes coverage for Adobe updates released on or before January 9, 2018. The following table maps Digital Vaccine filters to the Adobe updates.

Bulletin # | CVE # | Digital Vaccine Filter # | Status
---|---|---|---
APSB18-01 | CVE-2018-4871 | 30201 |

Zero-Day Filters

There are five new zero-day filters covering one vendor in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Adobe (5)

|

  • 29948: ZDI-CAN-5154: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 29962: ZDI-CAN-5210: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 29967: ZDI-CAN-5223: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 29971: ZDI-CAN-5227: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 29973: ZDI-CAN-5239: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
    ---|---
    |

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.