TippingPoint Threat Intelligence and Zero-Day Coverage

I’ve never been one to adopt the latest fashion trends, aside from what I wore growing up in the 1980s. I wore shoulder pads, blue eyeliner, designer jeans, and even parachute pants. While I continue to rock my 80s hair to this day, other trends I thought were long gone are making a comeback. (Shoulder pads – seriously?) History tends to repeat itself – what’s old is new again – and it’s no different in the security world.

Last weekend, a group known as “Shadow Brokers” released a large set of tools that can exploit flaws in several versions of Microsoft products and other platforms. A number of the exploits have CVEs that date as far back as 2001. In fact, one of the exploits named “EwokFrenzy” was discovered through our Zero Day Initiative over 10 years ago. Customers with TippingPoint solutions have had coverage for EwokFrenzy through Digital Vaccine® (DV) filter 4033 since January 2006!

Our TippingPoint DVLabs team continues to review the contents associated with the Shadow Brokers disclosure to recommend coverage for TippingPoint solutions. The following table includes the DV filters that provide protection, including new filters released in an out-of-band release this week:

Exploit Name	MS Bulletin	CVE/ZDI	Filters	0day?	Status
DoublePulsar (Payload)			*27935	N/A	Policy Filter
EarlyShovel			*27938	Unknown	Detects Exploit
EasyBee**		CVE-2007-1675 ZDI-07-011		No	Investigating
EasyPi				Unknown	Investigating
EbbisLand		CVE-2001-0236	621, 622, 3512, 3791	No	Investigating
EchoWrecker		CVE-2003-0201	1676	No	Investigating
EclipsedWing	MS08-067	CVE-2008-4250	6515	No	Detects Exploit
EducatedScholar	MS09-050		8465	No	Detects Exploit
ELV	MS06-040	CVE-2006-3439	9317	No	Detects Exploit
EmeraldThread	MS10-061		10458, *27939	No	Detects Exploit
EmphasisMine				Unknown	Investigating
EnglishManDentist				Unknown	Investigating
ErraticGopher			*27932	Yes	Detects Exploit
ESKE		CVE-2003-0352		No	Investigating
EskimoRoll	MS14-068	CVE-2014-6324	*27940	No	Exploit Unfilterable Policy Filter
EsteemAudit			*27933	Yes	Detects Exploit
EternalBlue	MS17-010		27433, 27711, *27928	No	Detects Exploit
EternalChampion	MS17-010	CVE-2017-0146	27433, 27711, *27929	No	Detects Exploit
EternalRomance	MS17-010			No	Investigating
EternalSynergy	MS17-010	CVE-2017-0714	*27937	No	Detects Exploit
Etre				No	Investigating
EVFR		CVE-2003-0109	1612	No	Detects Exploit
EwokFrenzy		CVE-2007-1675 ZDI-07-011	4033	No	Detects Exploit
ExplodingCan		CVE-2017-7269	27643	No	Detects Exploit
* New DV filter **Identical to EwokFrenzy, but exploit untested against filter

Click here for more information on Trend Micro’s response and recommendations for coverage across all Trend Micro products.

Adobe Update

This week’s Digital Vaccine (DV) package includes coverage for Adobe Security Bulletins released on or before April 6, 2017.The following table maps Digital Vaccine filters to the Adobe updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month’s Adobe security updates from Dustin Childs’ April 2017 Security Update Review:

Bulletin #	CVE #	Digital Vaccine Filter #	Status
APSB17-10	CVE-2017-3058	27698
APSB17-10	CVE-2017-3059	*27697
APSB17-10	CVE-2017-3060	27832
APSB17-10	CVE-2017-3061	27833
APSB17-10	CVE-2017-3062	*27533
APSB17-10	CVE-2017-3063	*27534
APSB17-10	CVE-2017-3064	27836
APSB17-11	CVE-2017-3013	27923, 27925
APSB17-11	CVE-2017-3014	27824
APSB17-11	CVE-2017-3017	27827
APSB17-11	CVE-2017-3019	*26521
APSB17-11	CVE-2017-3020	*26491
APSB17-11	CVE-2017-3021	*26510
APSB17-11	CVE-2017-3022	*26631
APSB17-11	CVE-2017-3023	*26535
APSB17-11	CVE-2017-3024	27829
APSB17-11	CVE-2017-3025	27851
APSB17-11	CVE-2017-3026	27852
APSB17-11	CVE-2017-3027	27909
APSB17-11	CVE-2017-3028	*27160
APSB17-11	CVE-2017-3029	*27159
APSB17-11	CVE-2017-3030	27823
APSB17-11	CVE-2017-3031	27241, 27260
APSB17-11	CVE-2017-3032	*27158
APSB17-11	CVE-2017-3033	*27261
APSB17-11	CVE-2017-3034	*27225
APSB17-11	CVE-2017-3035	*27236
APSB17-11	CVE-2017-3036	*27304
APSB17-11	CVE-2017-3037	27849
APSB17-11	CVE-2017-3038	27908
APSB17-11	CVE-2017-3039	27905
APSB17-11	CVE-2017-3041	27903
APSB17-11	CVE-2017-3043	N/A	Local Vulnerability
APSB17-11	CVE-2017-3042	27554, 27556, 27557, 27811
APSB17-11	CVE-2017-3044	27914
APSB17-11	CVE-2017-3045	27915
APSB17-11	CVE-2017-3046	27916
APSB17-11	CVE-2017-3047	27919
APSB17-11	CVE-2017-3048	*27750
APSB17-11	CVE-2017-3049	27922
APSB17-11	CVE-2017-3050	*27808
APSB17-11	CVE-2017-3051	*27749
APSB17-11	CVE-2017-3052	*27748
APSB17-11	CVE-2017-3053	*27704
APSB17-11	CVE-2017-3054	N/A	Insufficient Information
APSB17-11	CVE-2017-3055	*27522
APSB17-11	CVE-2017-3056	*27520
APSB17-11	CVE-2017-3057	*27521
APSB17-11	CVE-2017-3011	N/A	Insufficient Information
APSB17-11	CVE-2017-3012	N/A	Insufficient Information
APSB17-11	CVE-2017-3015	N/A	Insufficient Information
APSB17-11	CVE-2017-3018	N/A	Insufficient Information
APSB17-11	CVE-2017-3039	N/A	Insufficient Information
APSB17-11	CVE-2017-3040	N/A	Insufficient Information
APSB17-11	CVE-2017-3065	N/A	Insufficient Information

Zero-Day Filters

There are 13 new zero-day filters covering four vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (10)

27812: ZDI-CAN-4572: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
27820: ZDI-CAN-4571: Zero Day Initiative Vulnerability (Adobe Acrobat Reader DC)
27821: ZDI-CAN-4570: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
27822: ZDI-CAN-4569: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
27832: HTTP: Adobe Flash length Memory Corruption Vulnerability (ZDI-17-247, ZDI-17-248)
27914: HTTP: Adobe Acrobat Pro DC JPEG2000 Buffer Overflow Vulnerability (ZDI-17-267)
27915: HTTP: Adobe Acrobat Pro DC JPEG2000 Memory Corruption Vulnerability (ZDI-17-268)
27916: HTTP: Adobe Acrobat Pro DC JPEG2000 Memory Corruption Vulnerability (ZDI-17-270)
27919: HTTP: Adobe Acrobat Pro DC Annotations Use-After-Free Vulnerability (ZDI-17-271)
27922: HTTP: Adobe Acrobat Pro DC ImageConversion Buffer Overflow Vulnerability (ZDI-17-273)

Cisco (1)

	27807: ZDI-CAN-4635: Zero Day Initiative Vulnerability (Cisco License Manager Server)

MIcrosoft (1)

	27810: ZDI-CAN-4573: Zero Day Initiative Vulnerability (Microsoft Internet Explorer)

Trend Micro (1)

	27804: ZDI-CAN-4638-4639: Zero Day Initiative Vulnerability (Trend Micro Control Manager)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 17, 2017

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

Ominde Commission Report and Recommendations – Ominde Report of 1964

Bureau of Internal Revenue: Regional Offices (Directory)

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

Mp3 Download: Mdu - Kunjenjenjena

How the kill the job , when DTP request running for long hours.

Microsoft Intune から展開しているアプリのアップデートについて

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

Car crash in Dunton Bassett leaves driver in critical condition

Macky 2, Two Others In Road Accident

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

Detroit mafia: D’Anna Brothers agree to plea deal

Delivery block field greyed out using VA02

Muloraki Au

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出ｗ【リベンジポルノ】＠PornHub

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

FIAT 500 B0111 B0112