TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 6, 2017
Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 10 Mar 2017 13:00:08 +0000
According to Reference.com, the saying that “everything is bigger in Texas” likely originated as a reference to the state’s huge geographical area. Texas is second only to Alaska in size, but it is the largest of the contiguous 48 states. I am a native Texan (big hair and all) and it’s exciting to have a new Trend Micro office in our state. After almost a year since the TippingPoint team became a member of the Trend Micro family, we are finally in our new office. Let me tell you: 75,000 sq. ft. isn’t too shabby.
With all the craziness we encountered dealing with a massive office move, the city of Austin is adding to that with today’s start of SXSW 2017. Trend Micro will be exhibiting in booth 412 at the SXSW Job Market on March 11-12 at the Austin Convention Center. A number of us will be on hand to answer any questions about our great organization and demonstrate some of the great things we do. If you don’t have a SXSW badge, you can register for a free SXSW Guest Pass here.
Apache Struts Content-type Command Injection Vulnerability (CVE-2017-5638)
Earlier this week, TippingPoint released DVToolkit CSW file CVE-2017-5638.csw to address the Apache Struts vulnerability that already has exploits available in the wild. This filter detects an attempt to exploit a command injection vulnerability in Apache Struts. This vulnerability results from a failure to properly validate content-type headers when processing requests. A successful attack leads to arbitrary code execution in the context of the web server. Authentication is not required to exploit this vulnerability. The CSW filter will be replaced with Mainline DV filter 27410. For the latest DVToolkit filters, customers can visit the Threat Management Center (TMC) and navigate to Releases > CSW Files.
Pwn2Own 2017 Next Week!
The time has come! Starting on March 15, the 10th annual Pwn2Own contest returns to CanSecWest. The Zero Day Initiative will be offering more than $1,000,000 across five different categories to see the latest research and crown a Master of Pwn. There will be daily wrap-ups of the event so please follow Zero Day Initiative on Twitter for all the latest updates! Click here for the complete rules.
Zero-Day Filters
There are 14 new zero-day filters covering four vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Adobe (1)
• 27304: ZDI-CAN-4395: Zero Day Initiative Vulnerability (Adobe Reader DC)
Cisco (2)
• 27315: ZDI-CAN-4468,4469: Zero Day Initiative Vulnerability (Cisco Prime Collaboration Provisioning)
• 27316: ZDI-CAN-4467: Zero Day Initiative Vulnerability (Cisco Prime Collaboration Provisioning)
Foxit (2)
• 27124: HTTP: Foxit Reader JPEG2000 Parsing Out-of-Bounds Write Vulnerability (ZDI-17-032)
• 27125: HTTP: Foxit Reader JPEG2000 Parsing Information Disclosure Vulnerability (ZDI-17-033)
Trend Micro (9)
• 27305: ZDI-CAN-4396: Zero Day Initiative Vulnerability (Trend Micro SafeSync for Enterprise)
• 27306: ZDI-CAN-4397: Zero Day Initiative Vulnerability (Trend Micro SafeSync for Enterprise)
• 27308: ZDI-CAN-4398: Zero Day Initiative Vulnerability (Trend Micro SafeSync for Enterprise)
• 27309: ZDI-CAN-4399-4401: Zero Day Initiative Vulnerability (Trend Micro SafeSync for Enterprise)
• 27310: ZDI-CAN-4474: Zero Day Initiative Vulnerability (Trend Micro Control Manager)
• 27311: ZDI-CAN-4402: Zero Day Initiative Vulnerability (Trend Micro SafeSync for Enterprise)
• 27312: ZDI-CAN-4472: Zero Day Initiative Vulnerability (Trend Micro InterScan Messaging Security Suite)
• 27313: ZDI-CAN-4403: Zero Day Initiative Vulnerability (Trend Micro SafeSync for Enterprise)
• 27314: ZDI-CAN-4471: Zero Day Initiative Vulnerability (Trend Micro InterScan Web Security VA)
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.