TippingPoint Threat Intelligence and Zero-Day Coverage – Week of October 9, 2017

October 13, 2017 admin Network, Security, Zero Day Initiative

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 13 Oct 2017 14:03:59 +0000

Even though “Patch Tuesday” isn’t supposed to exist anymore, here I am blogging about it. As I looked at the October updates from Microsoft, the usual suspects were there. But this month was a little different. We usually see critical vulnerabilities on the browser side, but Microsoft Office is in the spotlight with CVE-2017-11826 under active attack.

The scenario involves a specially crafted file with an affected version of Microsoft Office software. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. So, just imagine if a user is logged on with administrative user rights – an attacker could take over the system and install programs; view, change, or delete data; or create new accounts with full user rights. The table below highlights the Digital Vaccine® filters available for the Microsoft October updates.

Microsoft Update

This week’s Digital Vaccine® (DV) package includes coverage for Microsoft updates released on or before October 10, 2017. Microsoft had another big month with 62 security patches for September covering Windows, Internet Explorer (IE), Edge, Office, and Skype for Business. 27 of the patches are listed as Critical and 35 are rated Important. Eight of the Microsoft CVEs came through the Zero Day Initiative program. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month’s security updates from Dustin Childs’ October 2017 Security Update Review from the Zero Day Initiative:

CVE #	Digital Vaccine Filter #	Status
CVE-2017-11762	*29152
CVE-2017-11763	29698
CVE-2017-11765		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11769		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11771		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11772		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11774		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11775		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11776		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11777		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11779		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11780		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11781	*29694
CVE-2017-11782		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11783		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11784		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11785		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11786		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11790	*29151
CVE-2017-11792		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11793	29705
CVE-2017-11794	*29687
CVE-2017-11796		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11797		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11798	29706
CVE-2017-11799		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11800	28925
CVE-2017-11801		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11802		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11804		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11805		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11806		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11807		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11808		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11809		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11810	29707
CVE-2017-11811		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11812		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11813		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11814		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11815		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11816		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11817		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11818		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11819		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11820		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11821		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11822	29704
CVE-2017-11823		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11824		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11825		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-11826		Insufficient information currently available
CVE-2017-11829		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8689	29692
CVE-2017-8693		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8694	29693
CVE-2017-8703		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8715		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8717		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8718		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8726		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8727	29699

Zero-Day Filters

There are four new zero-day filters covering two vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Microsoft (2)

	29695: ZDI-CAN-5067: Zero Day Initiative Vulnerability (Microsoft Chakra) 29741: HTTP: Microsoft Windows WAV File Denial-of-Service Vulnerability (ZDI-17-838)

Trend Micro (2)

	29701: HTTPS: Trend Micro Mobile Security Enterprise slink_id SQL Injection (ZDI-17-803) 29710: HTTPS:Trend Micro InterScan Messaging Security Proxy Command Injection Vulnerability (ZDI-17-502,504)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

http://feeds.trendmicro.com/TrendMicroSimplySecurity