{"id":7966,"date":"2017-06-16T05:00:12","date_gmt":"2017-06-16T13:00:12","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/06\/16\/news-1747\/"},"modified":"2017-06-16T05:00:12","modified_gmt":"2017-06-16T13:00:12","slug":"news-1747","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/06\/16\/news-1747\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of June 12, 2017"},"content":{"rendered":"

Credit to Author: Cara West-Wainwright| Date: Fri, 16 Jun 2017 12:00:40 +0000<\/strong><\/p>\n

\"\"<\/p>\n

\u201cWhat can you sit on, sleep on, and brush your teeth with?\u201d This was the question posed to Steve Martin\u2019s character C.D. Bales in the 1987 movie Roxanne. In a modern take of Edmond Rostand’s 1897 verse play Cyrano de Bergerac, the movie centers around C.D.\u2019s attempt to win the love of a woman while navigating life with his unusually large nose. When C.D. wonders what the point of the question is, his god sister responds, \u201cThe point is that sometimes the answer is so obvious, you don’t even realize it. It’s as plain as the nose on your face.\u201d By the way, the answer to the question is so obvious: a chair, a bed, and a toothbrush.<\/p>\n

At the Gartner Security and Risk Summit in Washington, D.C., held earlier this week, I heard a recurring theme across the various sessions I attended. The theme was around the fact that the discipline of patching isn\u2019t where it needs to be. As we witnessed with the recent WannaCry ransomware attack, which utilized vulnerabilities that were disclosed by The Shadow Brokers and subsequently patched by Microsoft, many organizations were still affected because they hadn\u2019t patched their systems. The general guidance given at various sessions: Patch your systems. While the answer is so obvious, it may not be practical for some organizations, especially those with thousands of systems. Our solutions can help through the use of \u201cvirtual patching.\u201d While virtual patching is a term that is now pretty common in the security world, where we stand out is when vulnerabilities haven\u2019t been patched by the vendor. If a vulnerability comes to us via the Zero Day Initiative, we will have protection for our customers ahead of a patch that\u2019s made available by the vendor. This is even more important if a vulnerability is brought to us for a solution that is no longer supported by the vendor. Interestingly enough, with this month\u2019s Microsoft Patch Tuesday, Microsoft has issued SMB patches for Windows XP, which reached its end of support deadline in April 2014. While Microsoft states that doing this is an exception and not the norm, it could create a false \u201csafety net\u201d for those who haven\u2019t upgraded their systems. The precedent that this might set in the future is an answer that isn\u2019t so obvious.<\/p>\n

Microsoft Update<\/strong><\/p>\n

This week\u2019s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before June 13, 2017. Microsoft released patches for almost 100 new CVEs in Internet Explorer, Edge, Office, Windows, and Skype. A total of 18 of these CVEs are rated Critical. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 June 2017 Security Update Review<\/a> from the Zero Day Initiative:<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
CVE #<\/strong><\/td>\nDigital Vaccine Filter #<\/strong><\/td>\nStatus<\/strong><\/td>\n<\/tr>\n
CVE-2017-0173<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0193<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0215<\/td>\n28628<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-0216<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0218<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0219<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0260<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0282<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0283<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0284<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0285<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0286<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0287<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0288<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0289<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0291<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0292<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0294<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0295<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0296<\/td>\n<\/td>\nInsufficient Vendor Information<\/td>\n<\/tr>\n
CVE-2017-0297<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0298<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0299<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-0300<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8460<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8461<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8462<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8464<\/td>\n28614<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-8465<\/td>\n28616<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-8466<\/td>\n28618<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-8468<\/td>\n28620<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-8469<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8470<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8471<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8472<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8473<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8474<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8475<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8476<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8477<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8478<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8479<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8480<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8481<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8482<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8483<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8484<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8485<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8487<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8488<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8489<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8490<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8491<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8492<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8493<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8494<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8496<\/td>\n28613<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-8497<\/td>\n28615<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-8498<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8499<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8504<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8506<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8507<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8508<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8509<\/td>\n28619<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-8510<\/td>\n28621<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-8511<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8512<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8513<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8514<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8515<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8517<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8519<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8520<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8521<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8522<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8523<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8524<\/td>\n28622<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-8527<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8528<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8529<\/td>\n<\/td>\nInsufficient Vendor Information<\/td>\n<\/tr>\n
CVE-2017-8530<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8531<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8532<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8533<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8534<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8543<\/td>\n28629<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-8544<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8545<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8547<\/td>\n28611<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-8548<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8549<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8550<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8551<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8553<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8554<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n
CVE-2017-8555<\/td>\n<\/td>\nNo Vendor Intelligence Provided<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n

 <\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There are 11 new zero-day filters covering three vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website.<\/p>\n

Adobe (5)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 28543: ZDI-CAN-4719: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28544: ZDI-CAN-4729: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28546: ZDI-CAN-4730: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28547: ZDI-CAN-4731: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28548: ZDI-CAN-4732: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Trend Micro (5)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 28536: ZDI-CAN-4652: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28537: ZDI-CAN-4653: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28538: ZDI-CAN-4659: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28541: ZDI-CAN-4664: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28542: ZDI-CAN-4671,4675: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Hewlett Packard Enterprise (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 28608: HTTPS: HPE Network Automation RedirectServlet SQL Injection Vulnerability (ZDI-17-331)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Missed Last Week\u2019s News?<\/strong><\/p>\n

Catch up on last week\u2019s news in my weekly recap<\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Cara West-Wainwright| Date: Fri, 16 Jun 2017 12:00:40 +0000<\/strong><\/p>\n

\"\"\u201cWhat can you sit on, sleep on, and brush your teeth with?\u201d This was the question posed to Steve Martin\u2019s character C.D. Bales in the 1987 movie Roxanne. In a modern take of Edmond Rostand’s 1897 verse play Cyrano de Bergerac, the movie centers around C.D.\u2019s attempt to win the love of a woman while…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-7966","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7966","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7966"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7966\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7966"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7966"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7966"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}