{"id":7410,"date":"2017-04-21T11:00:32","date_gmt":"2017-04-21T19:00:32","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/04\/21\/news-1201\/"},"modified":"2017-04-21T11:00:32","modified_gmt":"2017-04-21T19:00:32","slug":"news-1201","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/04\/21\/news-1201\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of April 17, 2017"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 21 Apr 2017 18:23:45 +0000<\/strong><\/p>\n

\"\"<\/p>\n

I\u2019ve never been one to adopt the latest fashion trends, aside from what I wore growing up in the 1980s. I wore shoulder pads, blue eyeliner, designer jeans, and even parachute pants. While I continue to rock my 80s hair to this day, other trends I thought were long gone are making a comeback. (Shoulder pads \u2013 seriously?) History tends to repeat itself \u2013 what\u2019s old is new again \u2013 and it\u2019s no different in the security world.<\/p>\n

 <\/p>\n

Last weekend, a group known as \u201cShadow Brokers\u201d released a large set of tools that can exploit flaws in several versions of Microsoft products and other platforms. A number of the exploits have CVEs that date as far back as 2001. In fact, one of the exploits named \u201cEwokFrenzy\u201d was discovered through our Zero Day Initiative over 10 years ago. Customers with TippingPoint solutions have had coverage for EwokFrenzy through Digital Vaccine\u00ae (DV) filter 4033 since January 2006!<\/strong><\/p>\n

Our TippingPoint DVLabs team continues to review the contents associated with the Shadow Brokers disclosure to recommend coverage for TippingPoint solutions. The following table includes the DV filters that provide protection, including new filters released in an out-of-band release this week:<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0Exploit Name<\/strong><\/td>\n\u00a0MS Bulletin<\/strong><\/td>\n\u00a0CVE\/ZDI<\/strong><\/td>\n\u00a0Filters<\/strong><\/td>\n\u00a00day?<\/strong><\/td>\n\u00a0Status<\/strong><\/td>\n<\/tr>\n
\u00a0DoublePulsar
(Payload)<\/td>\n		<\/td>\n<\/td>\n\u00a0*27935<\/td>\n\u00a0N\/A<\/td>\n\u00a0Policy Filter<\/td>\n<\/tr>\n
\u00a0EarlyShovel<\/td>\n<\/td>\n<\/td>\n\u00a0*27938<\/td>\n\u00a0Unknown<\/td>\n\u00a0Detects Exploit<\/td>\n<\/tr>\n
\u00a0EasyBee**<\/td>\n<\/td>\n\u00a0CVE-2007-1675
ZDI-07-011<\/td>\n		<\/td>\n\u00a0No<\/td>\n\u00a0Investigating<\/td>\n<\/tr>\n
\u00a0EasyPi<\/td>\n<\/td>\n<\/td>\n<\/td>\n\u00a0Unknown<\/td>\n\u00a0Investigating<\/td>\n<\/tr>\n
\u00a0EbbisLand<\/td>\n<\/td>\n\u00a0CVE-2001-0236<\/td>\n\u00a0621, 622, \u00a03512, 3791<\/td>\n\u00a0No<\/td>\n\u00a0Investigating<\/td>\n<\/tr>\n
\u00a0EchoWrecker<\/td>\n<\/td>\n\u00a0CVE-2003-0201<\/td>\n\u00a01676<\/td>\n\u00a0No<\/td>\n\u00a0Investigating<\/td>\n<\/tr>\n
\u00a0EclipsedWing<\/td>\n\u00a0MS08-067<\/td>\n\u00a0CVE-2008-4250<\/td>\n\u00a06515<\/td>\n\u00a0No<\/td>\n\u00a0Detects Exploit<\/td>\n<\/tr>\n
\u00a0EducatedScholar<\/td>\n\u00a0MS09-050<\/td>\n<\/td>\n\u00a08465<\/td>\n\u00a0No<\/td>\n\u00a0Detects Exploit<\/td>\n<\/tr>\n
\u00a0ELV<\/td>\n\u00a0MS06-040<\/td>\n\u00a0CVE-2006-3439<\/td>\n\u00a09317<\/td>\n\u00a0No<\/td>\n\u00a0Detects Exploit<\/td>\n<\/tr>\n
\u00a0EmeraldThread<\/td>\n\u00a0MS10-061<\/td>\n<\/td>\n\u00a010458, *27939<\/td>\n\u00a0No<\/td>\n\u00a0Detects Exploit<\/td>\n<\/tr>\n
\u00a0EmphasisMine<\/td>\n<\/td>\n<\/td>\n<\/td>\n\u00a0Unknown<\/td>\n\u00a0Investigating<\/td>\n<\/tr>\n
\u00a0EnglishManDentist<\/td>\n<\/td>\n<\/td>\n<\/td>\n\u00a0Unknown<\/td>\n\u00a0Investigating<\/td>\n<\/tr>\n
\u00a0ErraticGopher<\/td>\n<\/td>\n<\/td>\n\u00a0*27932<\/td>\n\u00a0Yes<\/td>\n\u00a0Detects Exploit<\/td>\n<\/tr>\n
\u00a0ESKE<\/td>\n<\/td>\n\u00a0CVE-2003-0352<\/td>\n<\/td>\n\u00a0No<\/td>\n\u00a0Investigating<\/td>\n<\/tr>\n
\u00a0EskimoRoll<\/td>\n\u00a0MS14-068<\/td>\n\u00a0CVE-2014-6324<\/td>\n\u00a0*27940<\/td>\n\u00a0No<\/td>\n\u00a0Exploit Unfilterable
Policy Filter<\/td>\n<\/tr>\n
\u00a0EsteemAudit<\/td>\n<\/td>\n<\/td>\n\u00a0*27933<\/td>\n\u00a0Yes<\/td>\n\u00a0Detects Exploit<\/td>\n<\/tr>\n
\u00a0EternalBlue<\/td>\n\u00a0MS17-010<\/td>\n<\/td>\n\u00a027433, 27711, *27928<\/td>\n\u00a0No<\/td>\n\u00a0Detects Exploit<\/td>\n<\/tr>\n
\u00a0EternalChampion<\/td>\n\u00a0MS17-010<\/td>\n\u00a0CVE-2017-0146<\/td>\n\u00a027433, 27711, *27929<\/td>\n\u00a0No<\/td>\n\u00a0Detects Exploit<\/td>\n<\/tr>\n
\u00a0EternalRomance<\/td>\n\u00a0MS17-010<\/td>\n<\/td>\n<\/td>\n\u00a0No<\/td>\n\u00a0Investigating<\/td>\n<\/tr>\n
\u00a0EternalSynergy<\/td>\n\u00a0MS17-010<\/td>\n\u00a0CVE-2017-0714<\/td>\n\u00a0*27937<\/td>\n\u00a0No<\/td>\n\u00a0Detects Exploit<\/td>\n<\/tr>\n
\u00a0Etre<\/td>\n<\/td>\n<\/td>\n<\/td>\n\u00a0No<\/td>\n\u00a0Investigating<\/td>\n<\/tr>\n
\u00a0EVFR<\/td>\n<\/td>\n\u00a0CVE-2003-0109<\/td>\n\u00a01612<\/td>\n\u00a0No<\/td>\n\u00a0Detects Exploit<\/td>\n<\/tr>\n
\u00a0EwokFrenzy<\/td>\n<\/td>\n\u00a0CVE-2007-1675
ZDI-07-011<\/td>\n		\u00a04033<\/td>\n\u00a0No<\/td>\n\u00a0Detects Exploit<\/td>\n<\/tr>\n
\u00a0ExplodingCan<\/td>\n<\/td>\n\u00a0CVE-2017-7269<\/td>\n\u00a027643<\/td>\n\u00a0No<\/td>\n\u00a0Detects Exploit<\/td>\n<\/tr>\n
\u00a0* New DV filter
**Identical to EwokFrenzy, but exploit untested against filter<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n

 <\/p>\n

Click here<\/a> for more information on Trend Micro\u2019s response and recommendations for coverage across all Trend Micro products.<\/p>\n

Adobe Update<\/strong><\/p>\n

This week\u2019s Digital Vaccine (DV) package includes coverage for Adobe Security Bulletins released on or before April 6, 2017.The following table maps Digital Vaccine filters to the Adobe updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month\u2019s Adobe security updates from Dustin Childs\u2019 April 2017 Security Update Review<\/a>:<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Bulletin #<\/strong><\/td>\nCVE #<\/strong><\/td>\nDigital Vaccine Filter #<\/strong><\/td>\nStatus<\/strong><\/td>\n<\/tr>\n
APSB17-10<\/td>\nCVE-2017-3058<\/td>\n27698<\/td>\n<\/td>\n<\/tr>\n
APSB17-10<\/td>\nCVE-2017-3059<\/td>\n*27697<\/td>\n<\/td>\n<\/tr>\n
APSB17-10<\/td>\nCVE-2017-3060<\/td>\n27832<\/td>\n<\/td>\n<\/tr>\n
APSB17-10<\/td>\nCVE-2017-3061<\/td>\n27833<\/td>\n<\/td>\n<\/tr>\n
APSB17-10<\/td>\nCVE-2017-3062<\/td>\n*27533<\/td>\n<\/td>\n<\/tr>\n
APSB17-10<\/td>\nCVE-2017-3063<\/td>\n*27534<\/td>\n<\/td>\n<\/tr>\n
APSB17-10<\/td>\nCVE-2017-3064<\/td>\n27836<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3013<\/td>\n27923, 27925<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3014<\/td>\n27824<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3017<\/td>\n27827<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3019<\/td>\n*26521<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3020<\/td>\n*26491<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3021<\/td>\n*26510<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3022<\/td>\n*26631<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3023<\/td>\n*26535<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3024<\/td>\n27829<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3025<\/td>\n27851<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3026<\/td>\n27852<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3027<\/td>\n27909<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3028<\/td>\n*27160<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3029<\/td>\n*27159<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3030<\/td>\n27823<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3031<\/td>\n*27241, *27260<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3032<\/td>\n*27158<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3033<\/td>\n*27261<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3034<\/td>\n*27225<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3035<\/td>\n*27236<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3036<\/td>\n*27304<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3037<\/td>\n27849<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3038<\/td>\n27908<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3039<\/td>\n27905<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3041<\/td>\n27903<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3043<\/td>\nN\/A<\/td>\nLocal Vulnerability<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3042<\/td>\n*27554, *27556, *27557, *27811<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3044<\/td>\n27914<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3045<\/td>\n27915<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3046<\/td>\n27916<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3047<\/td>\n27919<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3048<\/td>\n*27750<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3049<\/td>\n27922<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3050<\/td>\n*27808<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3051<\/td>\n*27749<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3052<\/td>\n*27748<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3053<\/td>\n*27704<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3054<\/td>\nN\/A<\/td>\nInsufficient Information<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3055<\/td>\n*27522<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3056<\/td>\n*27520<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3057<\/td>\n*27521<\/td>\n<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3011<\/td>\nN\/A<\/td>\nInsufficient Information<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3012<\/td>\nN\/A<\/td>\nInsufficient Information<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3015<\/td>\nN\/A<\/td>\nInsufficient Information<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3018<\/td>\nN\/A<\/td>\nInsufficient Information<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3039<\/td>\nN\/A<\/td>\nInsufficient Information<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3040<\/td>\nN\/A<\/td>\nInsufficient Information<\/td>\n<\/tr>\n
APSB17-11<\/td>\nCVE-2017-3065<\/td>\nN\/A<\/td>\nInsufficient Information<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n

 <\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There are 13 new zero-day filters covering four vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website.<\/p>\n

Adobe (10)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 27812: ZDI-CAN-4572: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 27820: ZDI-CAN-4571: Zero Day Initiative Vulnerability (Adobe Acrobat Reader DC)<\/li>\n
  • 27821: ZDI-CAN-4570: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 27822: ZDI-CAN-4569: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 27832: HTTP: Adobe Flash length Memory Corruption Vulnerability (ZDI-17-247, ZDI-17-248)<\/li>\n
  • 27914: HTTP: Adobe Acrobat Pro DC JPEG2000 Buffer Overflow Vulnerability (ZDI-17-267)<\/li>\n
  • 27915: HTTP: Adobe Acrobat Pro DC JPEG2000 Memory Corruption Vulnerability (ZDI-17-268)<\/li>\n
  • 27916: HTTP: Adobe Acrobat Pro DC JPEG2000 Memory Corruption Vulnerability (ZDI-17-270)<\/li>\n
  • 27919: HTTP: Adobe Acrobat Pro DC Annotations Use-After-Free Vulnerability (ZDI-17-271)<\/li>\n
  • 27922: HTTP: Adobe Acrobat Pro DC ImageConversion Buffer Overflow Vulnerability (ZDI-17-273)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Cisco (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 27807: ZDI-CAN-4635: Zero Day Initiative Vulnerability (Cisco License Manager Server)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

MIcrosoft (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 27810: ZDI-CAN-4573: Zero Day Initiative Vulnerability (Microsoft Internet Explorer)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Trend Micro (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 27804: ZDI-CAN-4638-4639: Zero Day Initiative Vulnerability (Trend Micro Control Manager)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Missed Last Week\u2019s News?<\/strong><\/p>\n

Catch up on last week\u2019s news in my weekly recap<\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 21 Apr 2017 18:23:45 +0000<\/strong><\/p>\n

\"\"I\u2019ve never been one to adopt the latest fashion trends, aside from what I wore growing up in the 1980s. I wore shoulder pads, blue eyeliner, designer jeans, and even parachute pants. While I continue to rock my 80s hair to this day, other trends I thought were long gone are making a comeback. (Shoulder…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-7410","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7410","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7410"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7410\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}