TippingPoint Threat Intelligence and Zero-Day Coverage – Week of January 8, 2018

Credit to Author: Cara West-Wainwright| Date: Fri, 12 Jan 2018 15:09:44 +0000

Last week, three interesting vulnerabilities popped up on the news and security feeds. Researchers disclosed CVE-2017-5753 and CVE-2017-5715, collectively known as Spectre, and CVE-2017-5754, known as Meltdown. These vulnerabilities take advantage of “speculative execution” of instructions performed by many modern microprocessors and can potentially allow an unprivileged attacker to read privileged memory allocated to the operating system kernel resulting in unintended information disclosure.

In order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Trend Micro’s TippingPoint devices are closed systems that only allow our trusted code to be executed. The underlying CPU and OS combination in the TippingPoint devices may be affected by these vulnerabilities; however, because our systems are closed with an inability to run arbitrary code, there is no vector to exploit. As of the writing of this blog, there are no known attacks that impact TippingPoint products. Our team will continue to monitor the situation and inform our customers of any updates.

On January 5, 2018, we released DV filter 30191 outside of our normal schedule to provide protection against a published remote JavaScript exploit of the Spectre vulnerability. Our team will continue to monitor the situation and will release additional filters as needed. Customers with concerns or further questions can contact the Trend Micro TippingPoint Technical Assistance Center (TAC). If you have other Trend Micro solutions, you can visit Trend Micro Business Support to get additional information.

TippingPoint Product Updates

Earlier this week, we released the following new releases for TippingPoint products:

Security Management System (SMS) Patches

The following patches include minor enhancements, bug fixes and address security issues:

SMS VersionPatchSoftware
SMS v4.4.02SMS_Patch-4.4.0.57192.2.pkg
SMS v4.5.01SMS_Patch-4.5.0.98012.1.pkg
SMS v4.6.01SMS_Patch-4.6.0.101914.1.pkg
SMS v5.0.01SMS_Patch-5.0.0.106258.1.pkg

 

TippingPoint Operating System (TOS) v5.0.1 for Threat Protection System (TPS)

Version 5.0.1 build 4821 has been released for the TPS family (vTPS, 440T, 2200T, 8200TX, 8400TX) of devices.

TOS version 5.0.1.4821 will be released to manufacturing on March 31, 2018. All TPS family hardware appliances (440T, 2200T, 8200TX, 8400TX) will be manufactured with 5.0.1.4821 as January 9, 2018. This TOS release improves the overall security of the TPS and vTPS security devices, and resolves a number of issues.

For the complete list of enhancements and changes, customers can refer to the product release notes located on the Threat Management Center (TMC) website or contact the TippingPoint Technical Assistance Center (TAC) for questions or technical assistance.

Microsoft Updates

Due to the Meltdown and Spectre vulnerabilities, Microsoft issued an out-of-band update. The following table maps Digital Vaccine filters to the Microsoft updates issued on January 3, 2018:

CVE #Digital Vaccine Filter #Status
CVE-2018-0741Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0743Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0744Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0745Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0746Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0747Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0748Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0749Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0750Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0751Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0752Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0753Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0754Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-075830160
CVE-2018-076230167
CVE-2018-0766Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0767Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0768Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-076930168
CVE-2018-0770Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0772Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-077330169
CVE-2018-077430185
CVE-2018-077530186
CVE-2018-077630164
CVE-2018-077730162
CVE-2018-0778Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0780Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0781Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0788Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0800Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0803Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0818Vendor Deemed Reproducibility or Exploitation Unlikely

 

This week’s Digital Vaccine® (DV) package includes coverage for Microsoft updates released on or before January 9, 2018. Security patches were released by Microsoft covering Internet Explorer (IE), Microsoft Edge, ChakraCore, Microsoft Windows, Microsoft Office, ASP.NET, and the .NET Framework. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ January 2018 Security Update Review from the Zero Day Initiative:

CVE #Digital Vaccine Filter #Status
CVE-2018-0764Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0784Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0785Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0786Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0789Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0790Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0791Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0792Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0793Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0794Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0795Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0796Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-079730163
CVE-2018-0798Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0799Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0801Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0802Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0804Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0805Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0806Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0807Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0812Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0819Vendor Deemed Reproducibility or Exploitation Unlikely

 

Adobe Security Update

This week’s Digital Vaccine® (DV) package also includes coverage for Adobe updates released on or before January 9, 2018. The following table maps Digital Vaccine filters to the Adobe updates.

Bulletin #CVE #Digital Vaccine Filter #Status
APSB18-01CVE-2018-487130201

 

Zero-Day Filters

There are five new zero-day filters covering one vendor in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Adobe (5)

  • 29948: ZDI-CAN-5154: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 29962: ZDI-CAN-5210: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 29967: ZDI-CAN-5223: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 29971: ZDI-CAN-5227: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 29973: ZDI-CAN-5239: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

http://feeds.trendmicro.com/TrendMicroSimplySecurity