TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 10, 2017

April 14, 2017 admin Network, Security, Zero Day Initiative

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 14 Apr 2017 13:36:54 +0000

Earlier this week marked the end of support for Windows Vista. This means anyone using Vista will no longer receiving new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft. If you’re unable to update your version of Windows, this is where virtual patching becomes very important. Virtual patching gives you added protection when patches aren’t available. Our solutions can help you gain control of your patch management lifecycle with pre-emptive coverage between the discovery of a vulnerability and the availability of a patch, as well as protection for legacy, out-of-support software.

This month also marks the end of Microsoft security bulletins. I liked using a RSS feed to see the latest Microsoft bulletins, but now, Microsoft is directing everyone to their Security Update Guide, where you can search by CVE or Knowledge Base article. Time will tell how IT admins will adjust to the new format. As you’ll see in the Microsoft update below, my table is a little different now since there is no longer a Microsoft bulletin number associated with the CVEs.

Microsoft Update

This week’s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before April 11, 2017. Patches were released for 45 unique CVEs in Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Visual Studio for Mac, .NET Framework, Silverlight and Adobe Flash Player. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ April 2017 Security Update Review:

CVE #	Digital Vaccine Filter #	Status
CVE-2013-6629		Insufficient Vendor Information
CVE-2017-0058		Insufficient Vendor Information
CVE-2017-0093		Insufficient Vendor Information
CVE-2017-0106	27423
CVE-2017-0155	27727
CVE-2017-0158	27719
CVE-2017-0159		Insufficient Vendor Information
CVE-2017-0160	27740
CVE-2017-0162		Insufficient Vendor Information
CVE-2017-0163		Insufficient Vendor Information
CVE-2017-0164		Insufficient Vendor Information
CVE-2017-0165	27739
CVE-2017-0166		Insufficient Vendor Information
CVE-2017-0167	27729
CVE-2017-0168		Insufficient Vendor Information
CVE-2017-0169		Insufficient Vendor Information
CVE-2017-0178		Insufficient Vendor Information
CVE-2017-0179		Insufficient Vendor Information
CVE-2017-0180		Insufficient Vendor Information
CVE-2017-0181		Insufficient Vendor Information
CVE-2017-0182		Insufficient Vendor Information
CVE-2017-0183		Insufficient Vendor Information
CVE-2017-0184		Insufficient Vendor Information
CVE-2017-0185		Insufficient Vendor Information
CVE-2017-0186		Insufficient Vendor Information
CVE-2017-0188	27731
CVE-2017-0189	27732
CVE-2017-0191		Insufficient Vendor Information
CVE-2017-0192	27733
CVE-2017-0194	27728
CVE-2017-0195		Insufficient Vendor Information
CVE-2017-0197	27736
CVE-2017-0199	27726
CVE-2017-0200	27723
CVE-2017-0201		Insufficient Vendor Information
CVE-2017-0202	27724
CVE-2017-0203		Insufficient Vendor Information
CVE-2017-0204		Insufficient Vendor Information
CVE-2017-0205	27725
CVE-2017-0207		Insufficient Vendor Information
CVE-2017-0208	27737

Zero-Day Filters

There are 15 new zero-day filters covering two vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (10)

27554: ZDI-CAN-4431: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
27556: ZDI-CAN-4432: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
27748: ZDI-CAN-4486: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
27749: ZDI-CAN-4487: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
27750: ZDI-CAN-4488: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
27751: ZDI-CAN-4489: Zero Day Initiative Vulnerability (Adobe Reader DC)
27753: ZDI-CAN-4490: Zero Day Initiative Vulnerability (Adobe Reader DC)
27808: ZDI-CAN-4491: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
27809: ZDI-CAN-4492: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
27811: ZDI-CAN-4493: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)

MIcrosoft (5)

27743: ZDI-CAN-4481: Zero Day Initiative Vulnerability (Microsoft Windows PDF Library)
27744: ZDI-CAN-4482: Zero Day Initiative Vulnerability (Microsoft Windows PDF Library)
27745: ZDI-CAN-4483: Zero Day Initiative Vulnerability (Microsoft Windows PDF Library)
27746: ZDI-CAN-4484: Zero Day Initiative Vulnerability (Microsoft Windows PDF Library)
27747: ZDI-CAN-4485: Zero Day Initiative Vulnerability (Microsoft Windows PDF Library)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

http://feeds.trendmicro.com/TrendMicroSimplySecurity