{"id":10859,"date":"2017-12-15T09:00:37","date_gmt":"2017-12-15T17:00:37","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/12\/15\/news-4631\/"},"modified":"2017-12-15T09:00:37","modified_gmt":"2017-12-15T17:00:37","slug":"news-4631","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/12\/15\/news-4631\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of December 11, 2017"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 15 Dec 2017 16:06:45 +0000<\/strong><\/p>\n

\"\"<\/p>\n

If you read my weekly blog or follow me on Twitter<\/a>, you know that I\u2019m a huge sports fan. Unfortunately, when you don\u2019t live in the town of your favorite team, you can be subject to blackout rules. So, my husband and I decided to purchase NFL Sunday Ticket from DirecTV. Fast forward to a couple of years ago \u2013 I wanted to watch my team play, but the channel that the game was supposed to be on was showing another game featuring my least favorite team instead. Needless to say, I was a little upset. I called DirecTV and I wasn\u2019t shy about my feelings on the situation. The customer service representative put me on hold to figure out the problem. Why wasn\u2019t I able to see my game? The game was already over. I\u2019m sure the team at DirecTV had a big laugh over my mistake, but I owned up to it and apologized to the representative.<\/p>\n

When a vulnerability is submitted to the Zero Day Initiative (ZDI), the affected vendor is given 120 days to take action to patch the vulnerability. If the deadline is not met, the ZDI will publicly disclose the vulnerability in accordance with its disclosure policy. Earlier this week, the Zero Day Initiative (ZDI) published a zero-day vulnerability as a result of a vendor not patching a vulnerability. One of our internal researchers, Ricky Lawshae<\/a>, submitted a vulnerability to the Zero Day Initiative in mid-June of this year involving equipment that DirecTV uses with its Wireless Genie devices. The affected equipment is a Linksys WVBR0-25 which is used as a wireless video bridge. Ricky reviewed the scripts running on the Linksys device and found one that he could to inject additional commands. He was able to implement a root shell on the box in less than 30 seconds by exploiting this command injection vulnerability, which ultimately granted him full remote unauthenticated administrator control over the device. The ZDI attempted to contact the vendor several times regarding the vulnerability but never received a reply. The ZDI informed Linksys that the vulnerability would be published on December 12, 2017. You can read Ricky\u2019s blog<\/a> to get more details on this vulnerability as well as view a video of the exploit in action.Microsoft Update<\/strong><\/p>\n

This week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before December 12, 2017. Security patches were released by Microsoft covering Internet Explorer (IE), Edge, Windows, Office, SharePoint, and Exchange. Three of the Microsoft CVEs came through the ZDI program. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 December 2017 Security Update Review<\/a> from the Zero Day Initiative:<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
CVE #<\/strong><\/td>\nDigital Vaccine Filter #<\/strong><\/td>\nStatus<\/strong><\/td>\n<\/tr>\n
CVE-2017-11885<\/td>\n30092<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11886<\/td>\n30069<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11887<\/td>\n20792<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11888<\/td>\n30070<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11889<\/td>\n30075<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11890<\/td>\n30068<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11893<\/td>\n30076<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11894<\/td>\n30077<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11895<\/td>\n30078<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11899<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11901<\/td>\n*29900<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11903<\/td>\n30079<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11905<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11906<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11907<\/td>\n30081<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11908<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11909<\/td>\n30082<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11910<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11911<\/td>\n30083<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11912<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11913<\/td>\n*29786<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11914<\/td>\n30080<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11916<\/td>\n30085<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11918<\/td>\n30074<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11919<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11927<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11930<\/td>\n30086<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11932<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11934<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11935<\/td>\n30088<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11936<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11937<\/td>\n30093<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11939<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n

 <\/p>\n

End of Support Bulletin<\/strong><\/p>\n

Earlier this week, we announced the end of support for a number of TippingPoint software releases across various models.<\/p>\n

Date of Announcement: December 12, 2017<\/p>\n

 <\/p>\n

Affected IPS (N\/NX-Series) TOS Versions: 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.9.0, 3.9.1<\/p>\n

End of Engineering: March 31, 2018<\/p>\n

End of Support: December 31, 2018<\/p>\n

 <\/p>\n

Affected IPS (S-Series) TOS Versions: 3.6.4, 3.6.5, 3.6.6<\/p>\n

End of Engineering: March 31, 2018<\/p>\n

End of Support: December 31, 2018<\/p>\n

 <\/p>\n

Affected TPS TOS Versions: 4.0.2, 4.1.0, 4.1.1, 4.1.2, 4.2.0<\/p>\n

End of Engineering: March 31, 2018<\/p>\n

End of Support: December 31, 2018<\/p>\n

 <\/p>\n

Affected SMS TOS Versions: 4.4.0<\/p>\n

End of Engineering: March 31, 2018<\/p>\n

End of Support: December 31, 2018<\/p>\n

 <\/p>\n

Factory Release of TPS 5.0.0: October 16, 2017<\/p>\n

Factory Release of SMS 5.0.0: March 31, 2018<\/p>\n

Factory Release of IPS 3.8.4: March 31, 2018<\/p>\n

Customers with any questions or need assistance with migration planning can contact the TippingPoint Technical Assistance Center. Release notes are also available on https:\/\/tmc.tippingpoint.com<\/a>.<\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There are no new zero-day filters in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website. You can also follow the Zero Day Initiative on Twitter @thezdi<\/a> and on their blog<\/a>.<\/p>\n

Updated Existing Zero-Day Filters<\/strong><\/p>\n

This section highlights specific filter(s) of interest in this week\u2019s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its Disclosure Policy.<\/p>\n

This week\u2019s updated zero-day filters focus on two of the vulnerabilities from this month\u2019s Microsoft update. The updated filters reflect the fact that the vulnerabilities have been published because Microsoft has issued patches for them. The dates in parentheses after each filter reflects the date we had protection in place for our customers:<\/p>\n

Microsoft (2)<\/em><\/strong><\/p>\n

\u2022\u00a0 29900: HTTP: Microsoft Chakra Javascript Array JIT Optimization Type Confusion Vulnerability (November 7, 2017)<\/p>\n

\u2022 29786: HTTP: Microsoft Windows VBScript VT_BSTR Use-After-Free Vulnerability (October 24, 2017)<\/p>\n

Missed Last Week\u2019s News?<\/strong><\/p>\n

Catch up on last week\u2019s news in my weekly recap<\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 15 Dec 2017 16:06:45 +0000<\/strong><\/p>\n

\"\"If you read my weekly blog or follow me on Twitter, you know that I\u2019m a huge sports fan. Unfortunately, when you don\u2019t live in the town of your favorite team, you can be subject to blackout rules. So, my husband and I decided to purchase NFL Sunday Ticket from DirecTV. Fast forward to a…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-10859","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10859","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=10859"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10859\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=10859"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=10859"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=10859"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}