TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 18, 2017


![](http://blog.trendmicro.com/wp-content/uploads/2017/08/TippingPoint-300x205.jpg) The Morton Salt slogan “When it rains it pours” refers to its free flowing salt with a pouring spot and is a variation of the proverb “It never rains but it pours.” Unfortunately, Mother Nature has taken the proverb literally. This has been a devastating hurricane season for the United States and surrounding countries in the Caribbean. Two category 4 hurricanes made landfall in the United States in the same year two weeks apart (Harvey and Irma) and a third (Maria) hit Puerto Rico, a US territory, earlier this week. Other islands have been completely destroyed and many are still without power and supplies. It will take months, if not longer, for people to rebuild and get their lives back to normal. As I mentioned in a previous blog, please find it in your heart to donate what you can to the charity of your choice to help those in need. **Frost & Sullivan Analysis of the Global Public Vulnerability Research Market, 2016** Trend Micro was recently recognized as the leader in global threat expertise due to the strength of its vulnerability research program. In 2016, the Trend Micro Zero Day Initiative (ZDI) reported the most verified vulnerabilities, with 52.2 percent of the global total of 1,262, according to the report. Recognized as the global leader in vulnerability research and discovery since 2007, ZDI continues to lead the industry in the identification of high-severity and critical bugs. To read the full report, click [here](<https://resources.trendmicro.com/rs/945-CXD-062/images/Frost-and-Sullivan_2016-Global-Public-Vulnerability-Research-Market.pdf>). **Apache Server Options Information Disclosure Vulnerability ** Earlier this week, Trend Micro released DVToolkit CSW file CVE-2017-9798.csw for customers using TippingPoint solutions: | * Filter C1000002: HTTP: Apache Server Options Information Disclosure Vulnerability ---|--- | This filter detects an attempt to exploit an information disclosure vulnerability in Apache server. The specific flaw exists due to a failure to properly handle OPTIONS requests sent to an Apache server. A successful attack leads to disclosure of sensitive information. Note: While not inherently malicious, a misconfigured Apache server will leak sensitive information to any OPTIONS request. Reference: Common Vulnerabilities and Exposures: <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798> **REMINDER: TippingPoint® Threat Management Center (TMC) and ThreatLinQ Planned System Outage Notification** Effective Sunday, September 24, 2017, Trend Micro is introducing an enhanced License Manager feature to allow for easier management of licenses for the TippingPoint Threat Protection System (TPS) family of products. In order to deploy the new feature, both the Threat Management Center (TMC) and ThreatLinQ Web sites will be intermittently unavailable during the following dates and times: **From** | **Time** | **To** | **Time** ---|---|---|--- Friday, September 22, 2017 | 7:00 PM (CDT) | Sunday, September 24, 2017 | 8:00 PM (CDT) Saturday, September 23, 2017 | 12:00 AM (UTC) | Monday, September 25, 2017 | 1:00 AM (UTC) During the upgrade window, the Security Management System (SMS), Intrusion Prevention System (IPS), Next Generation Firewall (NGFW), Threat Protection System (TPS) and ArcSight Enterprise Security Manager (ESM) connectivity to the TMC will be intermittently unavailable. This will prevent Digital Vaccine (DV), Threat Digital Vaccine (ThreatDV), Reputation Security Monitor (RepSM) and TippingPoint Operating System (TOS) updates from occurring until the upgrade is completed. Customers with any questions or concerns can contact the TippingPoint Technical Assistance Center (TAC). **Adobe Security Update** This week’s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before September 12, 2017. The following table maps Digital Vaccine filters to the Adobe updates. You can get more detailed information on this month’s security updates from Dustin Childs’ [September 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/9/12/the-september-2017-security-update-review>) from the Zero Day Initiative: **Bulletin #** | **CVE #** | **Digital Vaccine Filter #** | **Status** ---|---|---|--- APSB17-28 | CVE-2017-11281 | 29632 | APSB17-28 | CVE-2017-11282 | 29603 | **Zero-Day Filters** There are four new zero-day filters covering three vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. **_Foxit (1)_** | * 29567: ZDI-CAN-5030: Zero Day Initiative Vulnerability (Foxit Reader) ---|--- | **_Hewlett Packard Enterprise (1)_** | * 29589: TCP: HPE Intelligent Management Center imcwlandm Buffer Overflow Vulnerability (ZDI-17-315) ---|--- | **_UCanCode (3)_** | * 29551: HTTP: E-XD++ Visualization Suite UCCVIEWER Vulnerable ActiveX InstanZDItiation (ZDI-17-420) * 29554: HTTP: E-XD++ Visualization Enterprise Suite UCCDRAW Vulnerable Activex Instantiation (ZDI-17-421) ---|--- | **Missed Last Week’s News?** Catch up on last week’s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-september-11-2017/>).