{"id":9862,"date":"2017-10-13T07:00:05","date_gmt":"2017-10-13T15:00:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/10\/13\/news-3635\/"},"modified":"2017-10-13T07:00:05","modified_gmt":"2017-10-13T15:00:05","slug":"news-3635","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/10\/13\/news-3635\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of October 9, 2017"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 13 Oct 2017 14:03:59 +0000<\/strong><\/p>\n

\"\"<\/p>\n

Even though \u201cPatch Tuesday\u201d isn\u2019t supposed to exist anymore, here I am blogging about it. As I looked at the October updates from Microsoft, the usual suspects were there. But this month was a little different. We usually see critical vulnerabilities on the browser side, but Microsoft Office is in the spotlight with CVE-2017-11826<\/a> under active attack.<\/p>\n

The scenario involves a specially crafted file with an affected version of Microsoft Office software. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. So, just imagine if a user is logged on with administrative user rights \u2013 an attacker could take over the system and install programs; view, change, or delete data; or create new accounts with full user rights. The table below highlights the Digital Vaccine\u00ae filters available for the Microsoft October updates.<\/p>\n

Microsoft Update<\/strong><\/p>\n

This week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before October 10, 2017. Microsoft had another big month with 62 security patches for September covering Windows, Internet Explorer (IE), Edge, Office, and Skype for Business. 27 of the patches are listed as Critical and 35 are rated Important. Eight of the Microsoft CVEs came through the Zero Day Initiative program. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 October 2017 Security Update Review<\/a> from the Zero Day Initiative:<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
CVE #<\/strong><\/td>\nDigital Vaccine Filter #<\/strong><\/td>\nStatus<\/strong><\/td>\n<\/tr>\n
CVE-2017-11762<\/td>\n*29152<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11763<\/td>\n29698<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11765<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11769<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11771<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11772<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11774<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11775<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11776<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11777<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11779<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11780<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11781<\/td>\n*29694<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11782<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11783<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11784<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11785<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11786<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11790<\/td>\n*29151<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11792<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11793<\/td>\n29705<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11794<\/td>\n*29687<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11796<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11797<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11798<\/td>\n29706<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11799<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11800<\/td>\n28925<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11801<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11802<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11804<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11805<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11806<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11807<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11808<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11809<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11810<\/td>\n29707<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11811<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11812<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11813<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11814<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11815<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11816<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11817<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11818<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11819<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11820<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11821<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11822<\/td>\n29704<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-11823<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11824<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11825<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-11826<\/td>\n<\/td>\nInsufficient information currently available<\/td>\n<\/tr>\n
CVE-2017-11829<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-8689<\/td>\n29692<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-8693<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-8694<\/td>\n29693<\/td>\n<\/td>\n<\/tr>\n
CVE-2017-8703<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-8715<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-8717<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-8718<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-8726<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2017-8727<\/td>\n29699<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n

 <\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There are four new zero-day filters covering two vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website. You can also follow the Zero Day Initiative on Twitter @thezdi<\/a> and on their blog<\/a>.<\/p>\n

Microsoft (2)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 29695: ZDI-CAN-5067: Zero Day Initiative Vulnerability (Microsoft Chakra)<\/li>\n
  • 29741: HTTP: Microsoft Windows WAV File Denial-of-Service Vulnerability (ZDI-17-838)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Trend Micro (2)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 29701: HTTPS: Trend Micro Mobile Security Enterprise slink_id SQL Injection (ZDI-17-803)<\/li>\n
  • 29710: HTTPS:Trend Micro InterScan Messaging Security Proxy Command Injection Vulnerability (ZDI-17-502,504)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Missed Last Week\u2019s News?<\/strong><\/p>\n

Catch up on last week\u2019s news in my weekly recap<\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 13 Oct 2017 14:03:59 +0000<\/strong><\/p>\n

\"\"Even though \u201cPatch Tuesday\u201d isn\u2019t supposed to exist anymore, here I am blogging about it. As I looked at the October updates from Microsoft, the usual suspects were there. But this month was a little different. We usually see critical vulnerabilities on the browser side, but Microsoft Office is in the spotlight with CVE-2017-11826 under…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-9862","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9862","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=9862"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9862\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=9862"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=9862"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=9862"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}