TippingPoint Threat Intelligence and Zero-Day Coverage – Week of July 18, 2016

Image may be NSFW.
Clik here to view.

I completely lost track of time all week. According to Wikipedia, “Father Time” is usually associated with an elderly bearded man with wings, dressed in a robe and carrying a scythe and an hourglass. Whatever he’s wearing or carrying doesn’t matter – he got me good! Yesterday, I thought it was Wednesday all day. While it was nice to find out that I was actually one day closer to the weekend, it also meant I had one less day to get some things done at work.

Luckily for our TippingPoint customers, time is on their side when it comes to protecting against vulnerabilities. When researchers contribute to our Zero Day Initiative program, we’re able to provide protection to our customers ahead of an available patch. In the table below that highlights our protection for July’s Adobe Product Security Bulletins, I am now including the original ship date for any zero-day filters we had available prior to a patch. For a few of the bulletins, we’ve have protection for over two months! To date, we average over 23 days of preemptive coverage for Adobe Security Bulletins prior to available patches and lead the industry in Adobe acknowledgements!

July Adobe Product Security Bulletins

This week’s Digital Vaccine (DV) package includes coverage for the Adobe Product Security Bulletins released on or before July 12, 2016. The following table maps Digital Vaccine filters to the Microsoft Security Bulletins. Filters designated with an asterisk (*) shipped prior to this week’s package, providing zero-day protection for our customers. The status column includes the date of release for those filters that shipped prior to this week’s package:

TippingPoint TMC Planned Maintenance Window

The Trend Micro TippingPoint Threat Management Center (TMC) web site (https://tmc.tippingpoint.com/TMC) will be undergoing maintenance on the following dates and times.

During the maintenance window, the Security Management System (SMS), Intrusion Prevention System (IPS), Threat Protection System (TPS), Next Generation Firewall (NGFW), and ArcSight Enterprise Security Manager (ESM) connectivity to the TMC may be intermittently disrupted, thus preventing Digital Vaccine (DV), Threat Digital Vaccine (ThreatDV), Reputation Security Monitor (RepSM) and TippingPoint Operating System (TOS) updates from occurring.

Customers with any questions or concerns can contact the TippingPoint Technical Assistance Center (TAC).

Zero-Day Filters

There are three new zero-day filter covering two vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (2)

Moxa (1)

Updated Existing Zero-Day Filters

This section highlights specific filter(s) of interest in this week’s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its Disclosure Policy.

One of the zero-filters updated this week was associated with the July Microsoft Patch Tuesday and now has been officially disclosed. The filter is tied to bulletin MS16-084, a cumulative security update for Internet Explorer, as well as bulletin MS16-085, a cumulative security update for Microsoft Edge. Customers using Trend Micro TippingPoint solutions have been protected from a CVE associated with these two bulletins (CVE-2016-3264) since May 31, 2016!

For more details on Microsoft bulletins, visit Microsoft’s 2016 Bulletin Summaries page.

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap posted on the Trend Micro Simply Security blog!