TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 7, 2017
Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 11 Aug 2017 16:07:23 +0000
Earlier this month, a blog post from Blue Frost Security was released stating that they were giving away tickets to the upcoming Ekoparty Security Conference in Argentina. But there was a catch: in order to get the tickets (and free whiskey), entrants had to complete an exploitation challenge and send them the solution. Blue Frost provided a 64-bit PE binary with a simple stack-based buffer overflow with the objective to run ‘calc.exe’ on Windows 7, Windows 8.1, or Windows 10. Our very own Jasiel Spelman (@WanderingGlitch) from the Zero Day Initiative decided to take a little break from work and work on the challenge. While it may seem that this challenge was set up to hack something for fun (and drinks), what it really shows is how poorly-written applications can easily be exploited. You can check out Jasiel’s blog, which includes video of his demo, here.
Microsoft Update
This week’s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before July 11, 2017. Microsoft released 48 security patches for August covering Windows, Internet Explorer (IE), Edge, the subsystem for Linux, Kernel, SharePoint, SQL Server, and Hyper-V. 25 are listed as Critical, 21 are rated Important, and two are Moderate in severity. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month’s security updates from Dustin Childs’ August 2017 Security Update Review from the Zero Day Initiative:
CVE # Digital Vaccine Filter # Status
CVE-2017-0174 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-0250 29053
CVE-2017-0293 *27746
CVE-2017-8503 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8516 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8591 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8593 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8620 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8622 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8623 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8624 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8625 29340
CVE-2017-8627 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8633 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8634 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8635 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8636 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8637 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8638 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8639 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8640 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8641 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8642 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8644 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8645 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8646 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8647 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8650 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8651 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8652 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8653 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8654 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8655 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8656 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8657 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8659 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8661 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8662 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8664 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8666 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8668 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8669 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8670 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8671 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8672 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8673 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8674 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8691 Vendor Deemed Reproducibility or Exploitation Unlikely
Zero-Day Filters
There is one new zero-day filter covering one vendor in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative web site.
Cisco (1)
• 29277: HTTPS: Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal (ZDI-17-447)
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.