{"id":8695,"date":"2017-08-11T09:00:41","date_gmt":"2017-08-11T17:00:41","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/08\/11\/news-2468\/"},"modified":"2017-08-11T09:00:41","modified_gmt":"2017-08-11T17:00:41","slug":"news-2468","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/08\/11\/news-2468\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of August 7, 2017"},"content":{"rendered":"<p><strong>Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 11 Aug 2017 16:07:23 +0000<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"205\" src=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint-300x205.jpg\" class=\"webfeedsFeaturedVisual wp-post-image\" alt=\"\" style=\"float: left; margin-right: 5px;\" srcset=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint.jpg 300w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint-125x85.jpg 125w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>Earlier this month, a blog post from Blue Frost Security was released stating that they were giving away tickets to the upcoming Ekoparty Security Conference in Argentina. But there was a catch: in order to get the tickets (and free whiskey), entrants had to complete an exploitation challenge and send them the solution. Blue Frost provided a 64-bit PE binary with a simple stack-based buffer overflow with the objective to run &#8216;calc.exe&#8217; on Windows 7, Windows 8.1, or Windows 10. Our very own Jasiel Spelman (@WanderingGlitch) from the Zero Day Initiative decided to take a little break from work and work on the challenge. While it may seem that this challenge was set up to hack something for fun (and drinks), what it really shows is how poorly-written applications can easily be exploited. You can check out Jasiel\u2019s blog, which includes video of his demo, here.<\/p>\n<p>Microsoft Update<br \/> This week\u2019s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before July 11, 2017. Microsoft released 48 security patches for August covering Windows, Internet Explorer (IE), Edge, the subsystem for Linux, Kernel, SharePoint, SQL Server, and Hyper-V. 25 are listed as Critical, 21 are rated Important, and two are Moderate in severity. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 August 2017 Security Update Review from the Zero Day Initiative: <\/p>\n<p>CVE #\tDigital Vaccine Filter #\tStatus<br \/> CVE-2017-0174\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-0250\t29053<br \/> CVE-2017-0293\t*27746<br \/> CVE-2017-8503\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8516\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8591\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8593\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8620\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8622\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8623\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8624\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8625\t29340<br \/> CVE-2017-8627\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8633\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8634\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8635\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8636\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8637\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8638\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8639\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8640\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8641\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8642\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8644\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8645\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8646\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8647\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8650\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8651\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8652\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8653\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8654\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8655\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8656\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8657\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8659\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8661\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8662\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8664\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8666\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8668\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8669\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8670\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8671\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8672\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8673\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8674\t\tVendor Deemed Reproducibility or Exploitation Unlikely<br \/> CVE-2017-8691\t\tVendor Deemed Reproducibility or Exploitation Unlikely<\/p>\n<p>Zero-Day Filters<br \/> There is one new zero-day filter covering one vendor in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative web site.<\/p>\n<p>Cisco (1)<br \/> \u2022\t29277: HTTPS: Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal (ZDI-17-447)<\/p>\n<p>Missed Last Week\u2019s News?<br \/> Catch up on last week\u2019s news in my weekly recap.<\/p>\n<p><a href=\"http:\/\/blog.trendmicro.com\/tippingpoint-threat-intelligence-zero-day-coverage-week-august-7-2017\/\" target=\"bwo\" >http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 11 Aug 2017 16:07:23 +0000<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"205\" src=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint-300x205.jpg\" class=\"webfeedsFeaturedVisual wp-post-image\" alt=\"\" style=\"float: left; margin-right: 5px;\" srcset=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint.jpg 300w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint-125x85.jpg 125w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/>Earlier this month, a blog post from Blue Frost Security was released stating that they were giving away tickets to the upcoming Ekoparty Security Conference in Argentina. But there was a catch: in order to get the tickets (and free whiskey), entrants had to complete an exploitation challenge and send them the solution. Blue Frost&#8230;<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-8695","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8695","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=8695"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8695\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=8695"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=8695"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=8695"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}