TippingPoint Threat Intelligence and Zero-Day Coverage – Week of July 31, 2017
Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 04 Aug 2017 13:39:37 +0000
During the DefCon Conference last week, a Windows SMB vulnerability was revealed late last week by researchers from RiskSense. The 20-year-old bug can be found in Windows 2000 up to Windows 10. Microsoft has indicated that it will not be issuing a patch for the vulnerability as it doesn’t meet their bar for servicing in a security update. Earlier this week, we released DVToolkit CSW file SMBLoris.csw to customers using TippingPoint solutions. This custom filter detects an attempt to exploit a denial-of-service vulnerability in Windows SMB and Unix/Linux Samba servers. The vulnerability is triggered by sending a specially crafted NBSS packet resulting in a denial-of-service. SMBLoris is categorized as a memory exhaustion vulnerability.
Customers should note that this filter should only be enabled for suspected denial-of-service attacks in conjunction with IPS thresholding and a tuned number of occurrences in order to eliminate false positives on legitimate requests. The proper setting for number of hits on this filter should be customized for the customer’s environment. For more details, visit https://smbloris.com.
Customers who have questions or need technical assistance on any Trend Micro TippingPoint product can contact the Trend Micro TippingPoint Technical Assistance Center (TAC).
Zero-Day Filters
There is one new zero-day filter covering one vendor in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Apple (1)
| |
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.