Elisa Lippincott (TippingPoint Global Product Marketing)TRENDMICROBLOG:7C04AD3395CF22028CC84BEFD34A2090TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 12, 2017
0.975 High
EPSS
Percentile
100.0%
“What can you sit on, sleep on, and brush your teeth with?” This was the question posed to Steve Martin’s character C.D. Bales in the 1987 movie Roxanne. In a modern take of Edmond Rostand’s 1897 verse play Cyrano de Bergerac, the movie centers around C.D.’s attempt to win the love of a woman while navigating life with his unusually large nose. When C.D. wonders what the point of the question is, his god sister responds, “The point is that sometimes the answer is so obvious, you don’t even realize it. It’s as plain as the nose on your face.” By the way, the answer to the question is so obvious: a chair, a bed, and a toothbrush.
At the Gartner Security and Risk Summit in Washington, D.C., held earlier this week, I heard a recurring theme across the various sessions I attended. The theme was around the fact that the discipline of patching isn’t where it needs to be. As we witnessed with the recent WannaCry ransomware attack, which utilized vulnerabilities that were disclosed by The Shadow Brokers and subsequently patched by Microsoft, many organizations were still affected because they hadn’t patched their systems. The general guidance given at various sessions: Patch your systems. While the answer is so obvious, it may not be practical for some organizations, especially those with thousands of systems. Our solutions can help through the use of “virtual patching.” While virtual patching is a term that is now pretty common in the security world, where we stand out is when vulnerabilities haven’t been patched by the vendor. If a vulnerability comes to us via the Zero Day Initiative, we will have protection for our customers ahead of a patch that’s made available by the vendor. This is even more important if a vulnerability is brought to us for a solution that is no longer supported by the vendor. Interestingly enough, with this month’s Microsoft Patch Tuesday, Microsoft has issued SMB patches for Windows XP, which reached its end of support deadline in April 2014. While Microsoft states that doing this is an exception and not the norm, it could create a false “safety net” for those who haven’t upgraded their systems. The precedent that this might set in the future is an answer that isn’t so obvious.
Microsoft Update
This week’s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before June 13, 2017. Microsoft released patches for almost 100 new CVEs in Internet Explorer, Edge, Office, Windows, and Skype. A total of 18 of these CVEs are rated Critical. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ June 2017 Security Update Review from the Zero Day Initiative:
| CVE # | Digital Vaccine Filter # | Status |
|---|---|---|
| CVE-2017-0173 | No Vendor Intelligence Provided | |
| CVE-2017-0193 | No Vendor Intelligence Provided | |
| CVE-2017-0215 | 28628 | |
| CVE-2017-0216 | No Vendor Intelligence Provided | |
| CVE-2017-0218 | No Vendor Intelligence Provided | |
| CVE-2017-0219 | No Vendor Intelligence Provided | |
| CVE-2017-0260 | No Vendor Intelligence Provided | |
| CVE-2017-0282 | No Vendor Intelligence Provided | |
| CVE-2017-0283 | No Vendor Intelligence Provided | |
| CVE-2017-0284 | No Vendor Intelligence Provided | |
| CVE-2017-0285 | No Vendor Intelligence Provided | |
| CVE-2017-0286 | No Vendor Intelligence Provided | |
| CVE-2017-0287 | No Vendor Intelligence Provided | |
| CVE-2017-0288 | No Vendor Intelligence Provided | |
| CVE-2017-0289 | No Vendor Intelligence Provided | |
| CVE-2017-0291 | No Vendor Intelligence Provided | |
| CVE-2017-0292 | No Vendor Intelligence Provided | |
| CVE-2017-0294 | No Vendor Intelligence Provided | |
| CVE-2017-0295 | No Vendor Intelligence Provided | |
| CVE-2017-0296 | Insufficient Vendor Information | |
| CVE-2017-0297 | No Vendor Intelligence Provided | |
| CVE-2017-0298 | No Vendor Intelligence Provided | |
| CVE-2017-0299 | No Vendor Intelligence Provided | |
| CVE-2017-0300 | No Vendor Intelligence Provided | |
| CVE-2017-8460 | No Vendor Intelligence Provided | |
| CVE-2017-8461 | No Vendor Intelligence Provided | |
| CVE-2017-8462 | No Vendor Intelligence Provided | |
| CVE-2017-8464 | 28614 | |
| CVE-2017-8465 | 28616 | |
| CVE-2017-8466 | 28618 | |
| CVE-2017-8468 | 28620 | |
| CVE-2017-8469 | No Vendor Intelligence Provided | |
| CVE-2017-8470 | No Vendor Intelligence Provided | |
| CVE-2017-8471 | No Vendor Intelligence Provided | |
| CVE-2017-8472 | No Vendor Intelligence Provided | |
| CVE-2017-8473 | No Vendor Intelligence Provided | |
| CVE-2017-8474 | No Vendor Intelligence Provided | |
| CVE-2017-8475 | No Vendor Intelligence Provided | |
| CVE-2017-8476 | No Vendor Intelligence Provided | |
| CVE-2017-8477 | No Vendor Intelligence Provided | |
| CVE-2017-8478 | No Vendor Intelligence Provided | |
| CVE-2017-8479 | No Vendor Intelligence Provided | |
| CVE-2017-8480 | No Vendor Intelligence Provided | |
| CVE-2017-8481 | No Vendor Intelligence Provided | |
| CVE-2017-8482 | No Vendor Intelligence Provided | |
| CVE-2017-8483 | No Vendor Intelligence Provided | |
| CVE-2017-8484 | No Vendor Intelligence Provided | |
| CVE-2017-8485 | No Vendor Intelligence Provided | |
| CVE-2017-8487 | No Vendor Intelligence Provided | |
| CVE-2017-8488 | No Vendor Intelligence Provided | |
| CVE-2017-8489 | No Vendor Intelligence Provided | |
| CVE-2017-8490 | No Vendor Intelligence Provided | |
| CVE-2017-8491 | No Vendor Intelligence Provided | |
| CVE-2017-8492 | No Vendor Intelligence Provided | |
| CVE-2017-8493 | No Vendor Intelligence Provided | |
| CVE-2017-8494 | No Vendor Intelligence Provided | |
| CVE-2017-8496 | 28613 | |
| CVE-2017-8497 | 28615 | |
| CVE-2017-8498 | No Vendor Intelligence Provided | |
| CVE-2017-8499 | No Vendor Intelligence Provided | |
| CVE-2017-8504 | No Vendor Intelligence Provided | |
| CVE-2017-8506 | No Vendor Intelligence Provided | |
| CVE-2017-8507 | No Vendor Intelligence Provided | |
| CVE-2017-8508 | No Vendor Intelligence Provided | |
| CVE-2017-8509 | 28619 | |
| CVE-2017-8510 | 28621 | |
| CVE-2017-8511 | No Vendor Intelligence Provided | |
| CVE-2017-8512 | No Vendor Intelligence Provided | |
| CVE-2017-8513 | No Vendor Intelligence Provided | |
| CVE-2017-8514 | No Vendor Intelligence Provided | |
| CVE-2017-8515 | No Vendor Intelligence Provided | |
| CVE-2017-8517 | No Vendor Intelligence Provided | |
| CVE-2017-8519 | No Vendor Intelligence Provided | |
| CVE-2017-8520 | No Vendor Intelligence Provided | |
| CVE-2017-8521 | No Vendor Intelligence Provided | |
| CVE-2017-8522 | No Vendor Intelligence Provided | |
| CVE-2017-8523 | No Vendor Intelligence Provided | |
| CVE-2017-8524 | 28622 | |
| CVE-2017-8527 | No Vendor Intelligence Provided | |
| CVE-2017-8528 | No Vendor Intelligence Provided | |
| CVE-2017-8529 | Insufficient Vendor Information | |
| CVE-2017-8530 | No Vendor Intelligence Provided | |
| CVE-2017-8531 | No Vendor Intelligence Provided | |
| CVE-2017-8532 | No Vendor Intelligence Provided | |
| CVE-2017-8533 | No Vendor Intelligence Provided | |
| CVE-2017-8534 | No Vendor Intelligence Provided | |
| CVE-2017-8543 | 28629 | |
| CVE-2017-8544 | No Vendor Intelligence Provided | |
| CVE-2017-8545 | No Vendor Intelligence Provided | |
| CVE-2017-8547 | 28611 | |
| CVE-2017-8548 | No Vendor Intelligence Provided | |
| CVE-2017-8549 | No Vendor Intelligence Provided | |
| CVE-2017-8550 | No Vendor Intelligence Provided | |
| CVE-2017-8551 | No Vendor Intelligence Provided | |
| CVE-2017-8553 | No Vendor Intelligence Provided | |
| CVE-2017-8554 | No Vendor Intelligence Provided | |
| CVE-2017-8555 | No Vendor Intelligence Provided |
Zero-Day Filters
There are 11 new zero-day filters covering three vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Adobe (5)
|
- 28543: ZDI-CAN-4719: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- 28544: ZDI-CAN-4729: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- 28546: ZDI-CAN-4730: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- 28547: ZDI-CAN-4731: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- 28548: ZDI-CAN-4732: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)_ _
—|—
|
Trend Micro (5)
|
- 28536: ZDI-CAN-4652: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)
- 28537: ZDI-CAN-4653: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)
- 28538: ZDI-CAN-4659: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)
- 28541: ZDI-CAN-4664: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)
- 28542: ZDI-CAN-4671,4675: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)_ _
—|—
|
Hewlett Packard Enterprise (1)
|
- 28608: HTTPS: HPE Network Automation RedirectServlet SQL Injection Vulnerability (ZDI-17-331)_ _
—|—
|
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.
Related
