TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 21, 2017

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 25 Aug 2017 12:00:37 +0000

In last week’s blog entry, I mentioned the fact that the Zero Day Initiative (ZDI) published two zero-day advisories (ZDI-17-691 and ZDI-17-692) for vulnerabilities found in Foxit Reader after Foxit failed to meet the 120-day deadline outlined in ZDI’s disclosure policy. Since the public disclosure, Foxit has reached out to ZDI and has committed to fixing the vulnerabilities and has issued the following statement:

“Foxit Software is deeply committed to delivering secure PDF products to its customers. Our track record is strong in responding quickly in fixing vulnerabilities. We are currently working to rapidly address the two vulnerabilities reported on the Zero Day Initiative blog and will quickly deliver software improvements. In the meantime, users can help protect themselves by using the Safe Reading Mode. We apologize for our initial miscommunication when contacted about these vulnerabilities and are making changes to our procedures to mitigate the probability of it occurring again.”

For more detailed analysis of the Foxit Reader vulnerabilities, you can read the ZDI blog: Busting Myths in Foxit Reader.

Zero-Day Filters

It doesn’t happen often, but there are no new zero-day filters in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Although there weren’t any new zero-day filters issued this week, a zero-day was updated to reflect the published status of the Foxit vulnerabilities. Customers using TippingPoint solutions are protected with the following zero-day filter:

  • 28921: HTTP: Foxit Reader saveAs Arbitrary File Write Vulnerability (ZDI-17-692)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

http://feeds.trendmicro.com/TrendMicroSimplySecurity