{"id":11509,"date":"2018-02-16T06:00:47","date_gmt":"2018-02-16T14:00:47","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/02\/16\/news-5280\/"},"modified":"2018-02-16T06:00:47","modified_gmt":"2018-02-16T14:00:47","slug":"news-5280","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/02\/16\/news-5280\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of February 12, 2018"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 16 Feb 2018 13:00:28 +0000<\/strong><\/p>\n

\"\"<\/p>\n

Valentine\u2019s Day was earlier this week, and there was so much love in the air. There was also a lot of love in the Trend Micro world as our teams worked diligently to make sure our customers were protected from this month\u2019s bevy of critical vulnerabilities across several vendors. This week, we focus on Microsoft, who issued a whopping 50 security patches covering Internet Explorer (IE), Microsoft Edge, ChakraCore, Microsoft Windows and Microsoft Office. Eight of the CVEs came through the Zero Day Initiative program!<\/p>\n

\"\"<\/p>\n

There are some scary bugs out there! One of the interesting ones that Microsoft patched this month for Microsoft Outlook used the preview pane as an attack vector. That means an exploit of this vulnerability could allow code execution without even opening an email. You can get more information on this month\u2019s Microsoft updates from Dustin Childs\u2019 February 2018 Security Update Review<\/a> from the Zero Day Initiative:<\/p>\n

Microsoft Security Updates<\/strong><\/p>\n

This week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before February 13, 2018. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with * shipped prior to this week\u2019s DV package, providing preemptive protection for our customers.<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
CVE #<\/strong><\/td>\nDigital Vaccine Filter #<\/strong><\/td>\nStatus<\/strong><\/td>\n<\/tr>\n
CVE-2018-0742<\/td>\n30334<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0755<\/td>\n*30237<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0756<\/td>\n30336<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0757<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0760<\/td>\n*30241<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0761<\/td>\n*30239<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0763<\/td>\n*30275<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0771<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0809<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0810<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0820<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0821<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0822<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0823<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0825<\/td>\n30341<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0826<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0827<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0828<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0829<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0830<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0831<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0832<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0833<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0834<\/td>\n30345<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0835<\/td>\n30349<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0836<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0837<\/td>\n30351<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0838<\/td>\n30362<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0839<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0840<\/td>\n30365<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0841<\/td>\n30388<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0842<\/td>\n30367<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0843<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0844<\/td>\n30366<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0846<\/td>\n30368<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0847<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0850<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0851<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0852<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0853<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0855<\/td>\n*30242<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0856<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0857<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0858<\/td>\n30331<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0859<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0860<\/td>\n30342<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0861<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0864<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-0866<\/td>\n30410<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-0869<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n

Offensivecon 2018<\/strong><\/p>\n

If you happen to be reading this and you\u2019re in Berlin, Germany, three members of our Zero Day Initiative team (Brian Gorenc, Abdul-Aziz Hariri and Jasiel Spelman) will be speaking later today at Offensivecon 2018, an international security conference that brings the hacker community together for networking and sharing knowledge. Their session, \u201cL’art de l’\u00e9vasion: Modern VMWare Exploitation Techniques,\u201d<\/em><\/strong> will dive into modern exploitation techniques of VMware vulnerabilities and take an in-depth look at the available attack surfaces on a virtual machine. Learn more by clicking here: https:\/\/www.offensivecon.org\/speakers\/2018\/zdi-team.html<\/a><\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There are 13 new zero-day filters covering five vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website. You can also follow the Zero Day Initiative on Twitter @thezdi<\/a> and on their blog<\/a>.<\/p>\n

Adobe (5)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 30359: ZDI-CAN-5381: Zero Day Initiative Vulnerability (Adobe Flash Player)<\/li>\n
  • 30370: ZDI-CAN-5237: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 30371: ZDI-CAN-5238: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 30372: ZDI-CAN-5241: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 30373: ZDI-CAN-5291: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Delta (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 30391: ZDI-CAN-5389: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Foxit (3)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 30355: ZDI-CAN-5376,5377: Zero Day Initiative Vulnerability (Foxit Reader)<\/li>\n
  • 30358: ZDI-CAN-5379: Zero Day Initiative Vulnerability (Foxit Reader)<\/li>\n
  • 30360: ZDI-CAN-5382: Zero Day Initiative Vulnerability (Foxit Reader)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Microsoft (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 30357: ZDI-CAN-5378: Zero Day Initiative Vulnerability (Microsoft Windows)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

OMRON (3)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 30392: ZDI-CAN-5402: Zero Day Initiative Vulnerability (OMRON CX-One)<\/li>\n
  • 30393: ZDI-CAN-5403: Zero Day Initiative Vulnerability (OMRON CX-One)<\/li>\n
  • 30394: ZDI-CAN-5404: Zero Day Initiative Vulnerability (OMRON CX-One)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Missed Last Week\u2019s News?<\/strong><\/p>\n

Catch up on last week\u2019s news in my weekly recap<\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 16 Feb 2018 13:00:28 +0000<\/strong><\/p>\n

\"\"Valentine\u2019s Day was earlier this week, and there was so much love in the air. There was also a lot of love in the Trend Micro world as our teams worked diligently to make sure our customers were protected from this month\u2019s bevy of critical vulnerabilities across several vendors. This week, we focus on Microsoft,…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-11509","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11509","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11509"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11509\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11509"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11509"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11509"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}