Saturday, November 2, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Security TrendMicro 

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 17, 2017

admin , ,

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 21 Apr 2017 18:23:45 +0000

I’ve never been one to adopt the latest fashion trends, aside from what I wore growing up in the 1980s. I wore shoulder pads, blue eyeliner, designer jeans, and even parachute pants. While I continue to rock my 80s hair to this day, other trends I thought were long gone are making a comeback. (Shoulder pads – seriously?) History tends to repeat itself – what’s old is new again – and it’s no different in the security world.

 

Last weekend, a group known as “Shadow Brokers” released a large set of tools that can exploit flaws in several versions of Microsoft products and other platforms. A number of the exploits have CVEs that date as far back as 2001. In fact, one of the exploits named “EwokFrenzy” was discovered through our Zero Day Initiative over 10 years ago. Customers with TippingPoint solutions have had coverage for EwokFrenzy through Digital Vaccine® (DV) filter 4033 since January 2006!

Our TippingPoint DVLabs team continues to review the contents associated with the Shadow Brokers disclosure to recommend coverage for TippingPoint solutions. The following table includes the DV filters that provide protection, including new filters released in an out-of-band release this week:

 Exploit Name MS Bulletin CVE/ZDI Filters 0day? Status
 DoublePulsar
(Payload)		 *27935 N/A Policy Filter
 EarlyShovel *27938 Unknown Detects Exploit
 EasyBee** CVE-2007-1675
ZDI-07-011		 No Investigating
 EasyPi Unknown Investigating
 EbbisLand CVE-2001-0236 621, 622,  3512, 3791 No Investigating
 EchoWrecker CVE-2003-0201 1676 No Investigating
 EclipsedWing MS08-067 CVE-2008-4250 6515 No Detects Exploit
 EducatedScholar MS09-050 8465 No Detects Exploit
 ELV MS06-040 CVE-2006-3439 9317 No Detects Exploit
 EmeraldThread MS10-061 10458, *27939 No Detects Exploit
 EmphasisMine Unknown Investigating
 EnglishManDentist Unknown Investigating
 ErraticGopher *27932 Yes Detects Exploit
 ESKE CVE-2003-0352 No Investigating
 EskimoRoll MS14-068 CVE-2014-6324 *27940 No Exploit Unfilterable
Policy Filter
 EsteemAudit *27933 Yes Detects Exploit
 EternalBlue MS17-010 27433, 27711, *27928 No Detects Exploit
 EternalChampion MS17-010 CVE-2017-0146 27433, 27711, *27929 No Detects Exploit
 EternalRomance MS17-010 No Investigating
 EternalSynergy MS17-010 CVE-2017-0714 *27937 No Detects Exploit
 Etre No Investigating
 EVFR CVE-2003-0109 1612 No Detects Exploit
 EwokFrenzy CVE-2007-1675
ZDI-07-011		 4033 No Detects Exploit
 ExplodingCan CVE-2017-7269 27643 No Detects Exploit
 * New DV filter
**Identical to EwokFrenzy, but exploit untested against filter

 

Click here for more information on Trend Micro’s response and recommendations for coverage across all Trend Micro products.

Adobe Update

This week’s Digital Vaccine (DV) package includes coverage for Adobe Security Bulletins released on or before April 6, 2017.The following table maps Digital Vaccine filters to the Adobe updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month’s Adobe security updates from Dustin Childs’ April 2017 Security Update Review:

Bulletin #CVE #Digital Vaccine Filter #Status
APSB17-10CVE-2017-305827698
APSB17-10CVE-2017-3059*27697
APSB17-10CVE-2017-306027832
APSB17-10CVE-2017-306127833
APSB17-10CVE-2017-3062*27533
APSB17-10CVE-2017-3063*27534
APSB17-10CVE-2017-306427836
APSB17-11CVE-2017-301327923, 27925
APSB17-11CVE-2017-301427824
APSB17-11CVE-2017-301727827
APSB17-11CVE-2017-3019*26521
APSB17-11CVE-2017-3020*26491
APSB17-11CVE-2017-3021*26510
APSB17-11CVE-2017-3022*26631
APSB17-11CVE-2017-3023*26535
APSB17-11CVE-2017-302427829
APSB17-11CVE-2017-302527851
APSB17-11CVE-2017-302627852
APSB17-11CVE-2017-302727909
APSB17-11CVE-2017-3028*27160
APSB17-11CVE-2017-3029*27159
APSB17-11CVE-2017-303027823
APSB17-11CVE-2017-3031*27241, *27260
APSB17-11CVE-2017-3032*27158
APSB17-11CVE-2017-3033*27261
APSB17-11CVE-2017-3034*27225
APSB17-11CVE-2017-3035*27236
APSB17-11CVE-2017-3036*27304
APSB17-11CVE-2017-303727849
APSB17-11CVE-2017-303827908
APSB17-11CVE-2017-303927905
APSB17-11CVE-2017-304127903
APSB17-11CVE-2017-3043N/ALocal Vulnerability
APSB17-11CVE-2017-3042*27554, *27556, *27557, *27811
APSB17-11CVE-2017-304427914
APSB17-11CVE-2017-304527915
APSB17-11CVE-2017-304627916
APSB17-11CVE-2017-304727919
APSB17-11CVE-2017-3048*27750
APSB17-11CVE-2017-304927922
APSB17-11CVE-2017-3050*27808
APSB17-11CVE-2017-3051*27749
APSB17-11CVE-2017-3052*27748
APSB17-11CVE-2017-3053*27704
APSB17-11CVE-2017-3054N/AInsufficient Information
APSB17-11CVE-2017-3055*27522
APSB17-11CVE-2017-3056*27520
APSB17-11CVE-2017-3057*27521
APSB17-11CVE-2017-3011N/AInsufficient Information
APSB17-11CVE-2017-3012N/AInsufficient Information
APSB17-11CVE-2017-3015N/AInsufficient Information
APSB17-11CVE-2017-3018N/AInsufficient Information
APSB17-11CVE-2017-3039N/AInsufficient Information
APSB17-11CVE-2017-3040N/AInsufficient Information
APSB17-11CVE-2017-3065N/AInsufficient Information

 

Zero-Day Filters

There are 13 new zero-day filters covering four vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (10)

  • 27812: ZDI-CAN-4572: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 27820: ZDI-CAN-4571: Zero Day Initiative Vulnerability (Adobe Acrobat Reader DC)
  • 27821: ZDI-CAN-4570: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 27822: ZDI-CAN-4569: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 27832: HTTP: Adobe Flash length Memory Corruption Vulnerability (ZDI-17-247, ZDI-17-248)
  • 27914: HTTP: Adobe Acrobat Pro DC JPEG2000 Buffer Overflow Vulnerability (ZDI-17-267)
  • 27915: HTTP: Adobe Acrobat Pro DC JPEG2000 Memory Corruption Vulnerability (ZDI-17-268)
  • 27916: HTTP: Adobe Acrobat Pro DC JPEG2000 Memory Corruption Vulnerability (ZDI-17-270)
  • 27919: HTTP: Adobe Acrobat Pro DC Annotations Use-After-Free Vulnerability (ZDI-17-271)
  • 27922: HTTP: Adobe Acrobat Pro DC ImageConversion Buffer Overflow Vulnerability (ZDI-17-273) 

Cisco (1)

  • 27807: ZDI-CAN-4635: Zero Day Initiative Vulnerability (Cisco License Manager Server)

MIcrosoft (1)

  • 27810: ZDI-CAN-4573: Zero Day Initiative Vulnerability (Microsoft Internet Explorer) 

Trend Micro (1)

  • 27804: ZDI-CAN-4638-4639: Zero Day Initiative Vulnerability (Trend Micro Control Manager) 

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

http://feeds.trendmicro.com/TrendMicroSimplySecurity