Friday, 13. January 2017

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of January 9, 2017

A lot can happen in a decade. I read an article earlier this week about Apple celebrating the 10th anniversary of its very first iPhone. I started thinking about what was going on in the TippingPoint world 10 years ago and the first thing that came to mind was our Pwn2Own contest. In 2007, the Zero Day Initiative held the first annual Pwn2Own contest. Back then, the focus was on Apple, but not the iPhone. The focus was on laptops and Apple’s Mac OS X.

It’s been interesting to see the evolution of the Pwn2Own – the focus has adapted as new technologies emerged and now, there’s even a separate Pwn2Own dedicated to mobile phones. This year, we’ll be celebrating the 10th anniversary of Pwn2Own. Details will be published soon on the Trend Micro Simply Security blog. In the meantime, take a look at the ZDI 2016 Retrospective.

Next-Generation Intrusion Prevention at Speeds up to 100Gbps

Earlier this week, we announced the industry’s first 100Gbps standalone next-generation intrusion prevention system: the TippingPoint 7600NX. This new addition to the Trend Micro TippingPoint family is specifically designed for data centers and enterprises with high traffic environments who need real-time, inline protection that can keep up with their evolving performance requirements. You can learn more here.

Microsoft Patch Tuesday Update

This week’s Digital Vaccine (DV) package includes coverage for the Microsoft Security Bulletins released on or before January 10, 2017. This month’s Patch Tuesday covered three CVEs with four update bulletins – one of them rated critical. The following table maps Digital Vaccine filters to the Microsoft Security Bulletins. You can get more detailed information on this month’s Microsoft Security Bulletins from Dustin Childs’ January 2017 Security Update Review:

Bulletin # CVE # Digital Vaccine Filter # Status MS17-001 CVE-2017-0002 Insufficient information MS17-002 CVE-2017-0003 26410  

Zero Day Initiative Team Members Speaking at REcon Brussels 2017

RECon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. The conference will be held for the first time in Brussels, Belgium. It offers a single track of presentations over the span of three days with a focus on reverse engineering and advanced exploitation techniques. The Zero Day Initiative will be represented with two speaking slots:


•  Transforming Open Source to Open Access in Closed Applications (Brian Gorenc, Jasiel Spelman, Abdul-Aziz Hariri)
•  A Little Less Conversation, A Little More ActionScript (WanderingGlitch


For more information on the conference, visit https://recon.cx/2017/brussels/.

Zero-Day Filters

There are 27 new zero-day filters covering five vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (2)


•  26489: ZDI-CAN-4200: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
•  26491: ZDI-CAN-4201: Zero Day Initiative Vulnerability (Adobe Reader DC) 


Advantech (15)


•  26397: ZDI-CAN-4080, ZDI-CAN-4081: Zero Day Initiative Vulnerability (Advantech WebAccess)
•  26398: ZDI-CAN-4082-4085: Zero Day Initiative Vulnerability (Advantech WebAccess)
•  26401: ZDI-CAN-4087: Zero Day Initiative Vulnerability (Advantech WebAccess)
•  26402: ZDI-CAN-4086: Zero Day Initiative Vulnerability (Advantech WebAccess)
•  26403: ZDI-CAN-4088: Zero Day Initiative Vulnerability (Advantech WebAccess)
•  26409: ZDI-CAN-4090: Zero Day Initiative Vulnerability (Advantech WebAccess)
•  26411: ZDI-CAN-4091: Zero Day Initiative Vulnerability (Advantech WebAccess)
•  26412: ZDI-CAN-4092: Zero Day Initiative Vulnerability (Advantech WebAccess)
•  26413: ZDI-CAN-4093: Zero Day Initiative Vulnerability (Advantech WebAccess)
•  26414: ZDI-CAN-4095,4096: Zero Day Initiative Vulnerability (Advantech WebAccess)
•  26415: ZDI-CAN-4094: Zero Day Initiative Vulnerability (Advantech WebAccess)
•  26416: ZDI-CAN-4097: Zero Day Initiative Vulnerability (Advantech WebAccess)
•  26417: ZDI-CAN-4098-4109: Zero Day Initiative Vulnerability (Advantech WebAccess)
•  26481: ZDI-CAN-4110: Zero Day Initiative Vulnerability (Advantech WebAccess)
•  26482: ZDI-CAN-4089: Zero Day Initiative Vulnerability (Advantech WebAccess) 


Apple (1)


•  26419: ZDI-CAN-4121: Zero Day Initiative Vulnerability (Apple Safari) 


Hewlett Packard Enterprise (1)


•  25807: ZDI-CAN-4122: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management) 


Trend Micro (8)


•  26483: ZDI-CAN-4130: Zero Day Initiative Vulnerability (Trend Micro Data Loss Prevention Manager)
•  26484: ZDI-CAN-4119,4120: Zero Day Initiative Vulnerability (Trend Micro Data Loss Prevention Manager)
•  26485: ZDI-CAN-4131: Zero Day Initiative Vulnerability (Trend Micro Data Loss Prevention Manager)
•  26486: ZDI-CAN-4132: Zero Day Initiative Vulnerability (Trend Micro Data Loss Prevention Manager)
•  26487: ZDI-CAN-4133: Zero Day Initiative Vulnerability (Trend Micro Data Loss Prevention Manager)
•  26488: ZDI-CAN-4134: Zero Day Initiative Vulnerability (Trend Micro Data Loss Prevention Manager)
•  26490: ZDI-CAN-4135: Zero Day Initiative Vulnerability (Trend Micro Data Loss Prevention Manager)
•  26492: ZDI-CAN-4136: Zero Day Initiative Vulnerability (Trend Micro Data Loss Prevention Manager)


Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.