Tipping Point Threat Intelligence and Zero-Day Coverage – Week of January 23, 2017
They say security never sleeps. I wish I could go for days without sleeping, because I could get so much done. Unfortunately, we’re just not built that way, which explains why my post this week is a few hours later than usual. I could say, “better late than never,” but that would definitely not apply to the security world, especially if someone’s data was compromised. Whether it’s late or never, the only winner is the attacker that compromised your network.
With the Zero Day Initiative, we are fortunate to have exclusive access to vulnerability information submitted to the program. While ZDI works with the affected vendor to make sure they have the information they need to work on a patch, we protect our customers an average of 57 days before a patch is issued. In 2016, ZDI published a record 677 advisories covering almost 50 vendors. We’re only in the first month of 2017 and ZDI has already published 57 vulnerabilities. We will definitely see more as we prepare for the 10th anniversary of the Pwn2Own contest in March. Make sure to follow the Zero Day Initiative on Twitter for all the latest information leading up to the contest!
Microsoft Patch Tuesday Update
This week’s Digital Vaccine (DV) package includes additional coverage for the Microsoft Security Bulletins released earlier this month. The following table maps one Digital Vaccine filter to the Microsoft Security Bulletins.
Bulletin # | CVE # | Digital Vaccine Filter # | Status |
MS17-001 | CVE-2017-0002 | 26639 |
Zero-Day Filters
There are 10 new zero-day filters covering four vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Adobe (2)
- 26631: ZDI-CAN-4318: Zero Day Initiative Vulnerability (Adobe Reader DC)
- 26638: HTTP: Adobe Flash loadPCMFromByteArray Integer Overflow Vulnerability (ZDI-13-021)
Hewlett Packard Enterprise (1)
- 26629: HTTPS: HP Diagnostics Server magentservice.exe Buffer Overflow Vulnerability (ZDI-12-162)
Microsoft (1)
- 26700: ZDI-CAN-4218: Zero Day Initiative Vulnerability (Microsoft Internet Explorer)
Trend Micro (6)
- 26508: ZDI-CAN-4320: Zero Day Initiative Vulnerability (Trend Micro Data Loss Prevention Manager)
- 26633: ZDI-CAN-4311: Zero Day Initiative Vulnerability (Trend Micro InterScan Web Security VA)
- 26634: ZDI-CAN-4312: Zero Day Initiative Vulnerability (Trend Micro InterScan Web Security VA)
- 26635: ZDI-CAN-4313: Zero Day Initiative Vulnerability (Trend Micro InterScan Web Security VA)
- 26636: ZDI-CAN-4315: Zero Day Initiative Vulnerability (Trend Micro InterScan Web Security VA)
- 26637: ZDI-CAN-4321: Zero Day Initiative Vulnerability (Trend Micro Data Loss Prevention Manager)
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.