TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 12, 2017

Credit to Author: Cara West-Wainwright| Date: Fri, 16 Jun 2017 12:00:40 +0000

“What can you sit on, sleep on, and brush your teeth with?” This was the question posed to Steve Martin’s character C.D. Bales in the 1987 movie Roxanne. In a modern take of Edmond Rostand’s 1897 verse play Cyrano de Bergerac, the movie centers around C.D.’s attempt to win the love of a woman while navigating life with his unusually large nose. When C.D. wonders what the point of the question is, his god sister responds, “The point is that sometimes the answer is so obvious, you don’t even realize it. It’s as plain as the nose on your face.” By the way, the answer to the question is so obvious: a chair, a bed, and a toothbrush.

At the Gartner Security and Risk Summit in Washington, D.C., held earlier this week, I heard a recurring theme across the various sessions I attended. The theme was around the fact that the discipline of patching isn’t where it needs to be. As we witnessed with the recent WannaCry ransomware attack, which utilized vulnerabilities that were disclosed by The Shadow Brokers and subsequently patched by Microsoft, many organizations were still affected because they hadn’t patched their systems. The general guidance given at various sessions: Patch your systems. While the answer is so obvious, it may not be practical for some organizations, especially those with thousands of systems. Our solutions can help through the use of “virtual patching.” While virtual patching is a term that is now pretty common in the security world, where we stand out is when vulnerabilities haven’t been patched by the vendor. If a vulnerability comes to us via the Zero Day Initiative, we will have protection for our customers ahead of a patch that’s made available by the vendor. This is even more important if a vulnerability is brought to us for a solution that is no longer supported by the vendor. Interestingly enough, with this month’s Microsoft Patch Tuesday, Microsoft has issued SMB patches for Windows XP, which reached its end of support deadline in April 2014. While Microsoft states that doing this is an exception and not the norm, it could create a false “safety net” for those who haven’t upgraded their systems. The precedent that this might set in the future is an answer that isn’t so obvious.

Microsoft Update

This week’s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before June 13, 2017. Microsoft released patches for almost 100 new CVEs in Internet Explorer, Edge, Office, Windows, and Skype. A total of 18 of these CVEs are rated Critical. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ June 2017 Security Update Review from the Zero Day Initiative:

Zero-Day Filters

There are 11 new zero-day filters covering three vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (5)

Trend Micro (5)

Hewlett Packard Enterprise (1)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

http://feeds.trendmicro.com/TrendMicroSimplySecurity