TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 3, 2017

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 07 Apr 2017 18:41:41 +0000

Late last week, a buffer overflow vulnerability in IIS 6.0 on Windows 2003 servers, identified by CVE-2007-7269, was publicly disclosed. The vulnerability can be exploited since no bounds checking is done on headers matching a particular pattern within the PROPFIND method requests and successful attempts can lead to remote code execution on vulnerable targets.

According to a March 2017 web server survey, “185 million sites are still running on Windows Server 2003 computers, which are not covered by the Windows Server Premium Assurance program.” Microsoft has stopped supporting Windows 2003 since July 14, 2015, which means organizations running these servers with IIS 6.0 are potentially exposed to attacks on their systems and have no official patches at their disposal to fix this serious flaw.

TippingPoint customers can virtually patch this vulnerability to protect their networks from potential attacks using their TippingPoint solutions with the following Digital Vaccine® (DV) filter that was issued in this week’s DV filter package:

  • 27643: HTTP: Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability

Factory Release Notification for TippingPoint Products

Effective April 4, 2017, Threat Protection System (TPS) TOS v4.2.0.4623 will be released to the Threat Management Center (TMC) and to manufacturing for both newly purchased devices and advanced hardware replacements for the Affected Products listed below. TOS v4.2.0.4623 contains a BIOS update for the 440T that improves the maximum throughput of the 440T with a 1Gbps Inspection Upgrade applied. TOS 4.2.0 functionality has not changed. This is a BIOS only update.

Affected Products

Prior TPS VersionImpacted Products
4.2.0.4619*TippingPoint 440T

*Note: TOS v4.2.0.4619 will be removed from TMC distribution.

Customers should test and certify TOS v4.2.0.4623 and upgrade at their earliest convenience. Trend Micro™ TippingPoint will offer Technical Assistance Center (TAC) or professional service assistance to help in qualifying this new software release for your network. Customers should contact their local sales engineer or TAC for additional assistance with this process. Customers with concerns or further questions regarding this issue can contact the Trend Micro TippingPoint Technical Assistance Center (TAC). 

Zero-Day Filters

There are 11 new zero-day filters covering four vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (3)

  • 27697: ZDI-CAN-4443: Zero Day Initiative Vulnerability (Adobe Flash)
  • 27698: ZDI-CAN-4448: Zero Day Initiative Vulnerability (Adobe Flash)
  • 27704: ZDI-CAN-4460: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) 

Apple (1)

  • 27699: ZDI-CAN-4454: Zero Day Initiative Vulnerability (Apple Safari) 

Hewlett Packard Enterprise (3)

  • 27700: ZDI-CAN-4455: Zero Day Initiative Vulnerability (HPE Application Performance Management System)
  • 27701: ZDI-CAN-4456: Zero Day Initiative Vulnerability (HPE Application Performance Management System)
  • 27702: ZDI-CAN-4457: Zero Day Initiative Vulnerability (HPE Application Performance Management System) 

Trend Micro (4)

  • 27425: HTTP: Trend Micro SafeSync for Enterprise get_device_info SQL Injection Vulnerability (ZDI-17-128)
  • 27485: HTTPS: Trend Micro SafeSync for Enterprise get_device_info SQL Injection Vulnerability (ZDI-17-128)
  • 27548: HTTPS: Trend Micro Control Manager importFile Directory Traversal Vulnerability (ZDI-17-063)
  • 27634: ZDI-CAN-4427: Zero Day Initiative Vulnerability (Trend Micro Deep Discovery Email Inspector) 

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

http://feeds.trendmicro.com/TrendMicroSimplySecurity