{"id":8799,"date":"2017-08-18T05:00:02","date_gmt":"2017-08-18T13:00:02","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/08\/18\/news-2572\/"},"modified":"2017-08-18T05:00:02","modified_gmt":"2017-08-18T13:00:02","slug":"news-2572","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/08\/18\/news-2572\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of August 14, 2017"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 18 Aug 2017 12:00:42 +0000<\/strong><\/p>\n

\"\"<\/p>\n

One of my favorite movies is the 1999 comedy \u201cGalaxy Quest,\u201d which features the cast of a science-fiction television series similar to Star Trek. In the movie, the crew is visited by real aliens who ask them for help against an intergalactic adversary because they believe that Galaxy Quest is a documentary of historical documents \u2013 not a TV show. There\u2019s a scene in the movie where someone pressed the button that destroys the ship. The crew makes it to the center of the ship where they can stop the process but the stop button doesn\u2019t work. The countdown to destruction continues, but when the clock hits one second, it stops. Why? Because on a TV show, the clock always stops at one second before total destruction.<\/p>\n

Sometimes, we can\u2019t control the script of our real-life security world and the clock doesn\u2019t stop at one second. Yesterday, the Zero Day Initiative<\/a> (ZDI) published two zero-day advisories for vulnerabilities in Foxit Reader per the guidelines outlined in the ZDI disclosure policy. The two advisories, ZDI-17-691<\/a> and ZDI-17-692<\/a>, allow remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. For more detailed analysis of the Foxit Reader vulnerabilities, you can read the ZDI blog: Busting Myths in Foxit Reader<\/a>.<\/p>\n

Adobe Security Update<\/strong><\/p>\n

This week\u2019s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before August 8, 2017. The following table maps Digital Vaccine filters to the Adobe updates. Filters marked with an (*) shipped prior to this week\u2019s DV package, providing zero-day protection for our customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 August 2017 Security Update Review<\/a> from the Zero Day Initiative:<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Bulletin #<\/strong><\/td>\nCVE #<\/strong><\/td>\nDigital Vaccine Filter #<\/strong><\/td>\nStatus<\/strong><\/td>\n<\/tr>\n
APSB17-23<\/td>\nCVE-2017-3085<\/td>\n<\/td>\nLocal Only<\/td>\n<\/tr>\n
APSB17-23<\/td>\nCVE-2017-3106<\/td>\n29353<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-3113<\/td>\n*26537<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-3115<\/td>\n*27233<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-3116<\/td>\n29354<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-3117<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-3118<\/td>\n29358<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-3119<\/td>\n29359<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-3120<\/td>\n*27751<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-3121<\/td>\n*27948<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-3122<\/td>\n*28005<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-3123<\/td>\n*28032<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-3124<\/td>\n*28034<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11209<\/td>\n*28035<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11210<\/td>\n*28092<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11211<\/td>\n*28218<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11212<\/td>\n*28100<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11214<\/td>\n*28216<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11216<\/td>\n*27821<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11217<\/td>\n*27812<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11218<\/td>\n*27753<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11219<\/td>\n*27820<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11220<\/td>\n29360<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11221<\/td>\n29413<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11222<\/td>\n29352<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11223<\/td>\n*28202<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11224<\/td>\n*28202<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11226<\/td>\n29349<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11227<\/td>\n*28473<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11228<\/td>\n*28475<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11229<\/td>\n29361<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11230<\/td>\n*28476<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11231<\/td>\n*28478<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11232<\/td>\n*28479<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11233<\/td>\n*28481<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11234<\/td>\n*28543<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11235<\/td>\n29362<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11236<\/td>\n29363<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11237<\/td>\n29370<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11238<\/td>\n29371<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11239<\/td>\n*28544<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11241<\/td>\n*28547<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11242<\/td>\n28480, 28548<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11243<\/td>\n*28663<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11244<\/td>\n*28664<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11245<\/td>\n*28666<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11246<\/td>\n29414<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11248<\/td>\n*28463<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11249<\/td>\n*28464<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11251<\/td>\n29418<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11252<\/td>\n*28477<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11254<\/td>\n29350<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11255<\/td>\n*28741<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11256<\/td>\n*28735<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11257<\/td>\n*28734<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11258<\/td>\n*28732<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11259<\/td>\n*28733<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11260<\/td>\n*28731<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11261<\/td>\n*28730<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11262<\/td>\n29355<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11263<\/td>\n29369<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11265<\/td>\n*28916<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11267<\/td>\n29364<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11268<\/td>\n29365<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11269<\/td>\n29366<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11270<\/td>\n29367<\/td>\n<\/td>\n<\/tr>\n
APSB17-24<\/td>\nCVE-2017-11271<\/td>\n29368<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n

 <\/p>\n

TippingPoint Operating System (TOS) v3.9.2 Release<\/strong><\/p>\n

Earlier this week, we issued a maintenance release version 3.9.2 build 4784 of the TippingPoint Operating System (TOS) for the N\/NX Platform family. For the complete list of enhancements and changes, please refer to the product Release Notes located on the Threat Management center (TMC) Web site at https:\/\/tmc.tippingpoint.com<\/a>. Customers with questions or technical assistance can contact the TippingPoint Technical Assistance Center (TAC).<\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There are 14 new zero-day filters covering two vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website.<\/p>\n

Adobe (11)<\/em><\/strong><\/p>\n\n\n\n
<\/td>\n\n