TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 14, 2017
Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 18 Aug 2017 12:00:42 +0000
One of my favorite movies is the 1999 comedy “Galaxy Quest,” which features the cast of a science-fiction television series similar to Star Trek. In the movie, the crew is visited by real aliens who ask them for help against an intergalactic adversary because they believe that Galaxy Quest is a documentary of historical documents – not a TV show. There’s a scene in the movie where someone pressed the button that destroys the ship. The crew makes it to the center of the ship where they can stop the process but the stop button doesn’t work. The countdown to destruction continues, but when the clock hits one second, it stops. Why? Because on a TV show, the clock always stops at one second before total destruction.
Sometimes, we can’t control the script of our real-life security world and the clock doesn’t stop at one second. Yesterday, the Zero Day Initiative (ZDI) published two zero-day advisories for vulnerabilities in Foxit Reader per the guidelines outlined in the ZDI disclosure policy. The two advisories, ZDI-17-691 and ZDI-17-692, allow remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. For more detailed analysis of the Foxit Reader vulnerabilities, you can read the ZDI blog: Busting Myths in Foxit Reader.
Adobe Security Update
This week’s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before August 8, 2017. The following table maps Digital Vaccine filters to the Adobe updates. Filters marked with an (*) shipped prior to this week’s DV package, providing zero-day protection for our customers. You can get more detailed information on this month’s security updates from Dustin Childs’ August 2017 Security Update Review from the Zero Day Initiative:
| Bulletin # | CVE # | Digital Vaccine Filter # | Status |
| APSB17-23 | CVE-2017-3085 | Local Only | |
| APSB17-23 | CVE-2017-3106 | 29353 | |
| APSB17-24 | CVE-2017-3113 | *26537 | |
| APSB17-24 | CVE-2017-3115 | *27233 | |
| APSB17-24 | CVE-2017-3116 | 29354 | |
| APSB17-24 | CVE-2017-3117 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| APSB17-24 | CVE-2017-3118 | 29358 | |
| APSB17-24 | CVE-2017-3119 | 29359 | |
| APSB17-24 | CVE-2017-3120 | *27751 | |
| APSB17-24 | CVE-2017-3121 | *27948 | |
| APSB17-24 | CVE-2017-3122 | *28005 | |
| APSB17-24 | CVE-2017-3123 | *28032 | |
| APSB17-24 | CVE-2017-3124 | *28034 | |
| APSB17-24 | CVE-2017-11209 | *28035 | |
| APSB17-24 | CVE-2017-11210 | *28092 | |
| APSB17-24 | CVE-2017-11211 | *28218 | |
| APSB17-24 | CVE-2017-11212 | *28100 | |
| APSB17-24 | CVE-2017-11214 | *28216 | |
| APSB17-24 | CVE-2017-11216 | *27821 | |
| APSB17-24 | CVE-2017-11217 | *27812 | |
| APSB17-24 | CVE-2017-11218 | *27753 | |
| APSB17-24 | CVE-2017-11219 | *27820 | |
| APSB17-24 | CVE-2017-11220 | 29360 | |
| APSB17-24 | CVE-2017-11221 | 29413 | |
| APSB17-24 | CVE-2017-11222 | 29352 | |
| APSB17-24 | CVE-2017-11223 | *28202 | |
| APSB17-24 | CVE-2017-11224 | *28202 | |
| APSB17-24 | CVE-2017-11226 | 29349 | |
| APSB17-24 | CVE-2017-11227 | *28473 | |
| APSB17-24 | CVE-2017-11228 | *28475 | |
| APSB17-24 | CVE-2017-11229 | 29361 | |
| APSB17-24 | CVE-2017-11230 | *28476 | |
| APSB17-24 | CVE-2017-11231 | *28478 | |
| APSB17-24 | CVE-2017-11232 | *28479 | |
| APSB17-24 | CVE-2017-11233 | *28481 | |
| APSB17-24 | CVE-2017-11234 | *28543 | |
| APSB17-24 | CVE-2017-11235 | 29362 | |
| APSB17-24 | CVE-2017-11236 | 29363 | |
| APSB17-24 | CVE-2017-11237 | 29370 | |
| APSB17-24 | CVE-2017-11238 | 29371 | |
| APSB17-24 | CVE-2017-11239 | *28544 | |
| APSB17-24 | CVE-2017-11241 | *28547 | |
| APSB17-24 | CVE-2017-11242 | 28480, 28548 | |
| APSB17-24 | CVE-2017-11243 | *28663 | |
| APSB17-24 | CVE-2017-11244 | *28664 | |
| APSB17-24 | CVE-2017-11245 | *28666 | |
| APSB17-24 | CVE-2017-11246 | 29414 | |
| APSB17-24 | CVE-2017-11248 | *28463 | |
| APSB17-24 | CVE-2017-11249 | *28464 | |
| APSB17-24 | CVE-2017-11251 | 29418 | |
| APSB17-24 | CVE-2017-11252 | *28477 | |
| APSB17-24 | CVE-2017-11254 | 29350 | |
| APSB17-24 | CVE-2017-11255 | *28741 | |
| APSB17-24 | CVE-2017-11256 | *28735 | |
| APSB17-24 | CVE-2017-11257 | *28734 | |
| APSB17-24 | CVE-2017-11258 | *28732 | |
| APSB17-24 | CVE-2017-11259 | *28733 | |
| APSB17-24 | CVE-2017-11260 | *28731 | |
| APSB17-24 | CVE-2017-11261 | *28730 | |
| APSB17-24 | CVE-2017-11262 | 29355 | |
| APSB17-24 | CVE-2017-11263 | 29369 | |
| APSB17-24 | CVE-2017-11265 | *28916 | |
| APSB17-24 | CVE-2017-11267 | 29364 | |
| APSB17-24 | CVE-2017-11268 | 29365 | |
| APSB17-24 | CVE-2017-11269 | 29366 | |
| APSB17-24 | CVE-2017-11270 | 29367 | |
| APSB17-24 | CVE-2017-11271 | 29368 |
TippingPoint Operating System (TOS) v3.9.2 Release
Earlier this week, we issued a maintenance release version 3.9.2 build 4784 of the TippingPoint Operating System (TOS) for the N/NX Platform family. For the complete list of enhancements and changes, please refer to the product Release Notes located on the Threat Management center (TMC) Web site at https://tmc.tippingpoint.com. Customers with questions or technical assistance can contact the TippingPoint Technical Assistance Center (TAC).
Zero-Day Filters
There are 14 new zero-day filters covering two vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Adobe (11)
|
Trend Micro (3)
| |
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.