Friday, 24. March 2017

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 20, 2017

The 10th anniversary of Pwn2Own is now in the books! It was a crazy week at the CanSecWest Conference, full of drama with the biggest contest ever with teams from Asia, Europe and North America! It was a tight race with only three points separating first and second place.

In the end, we saw a record 51 bugs come through the contest, gave away $833,000 USD and 12 laptops to winners…and the award for Master of Pwn.


•  360 Security won “Master of Pwn” with 63 points
•  Tencent Security Team Sniper took second place with 60 points
•  Chaitin Security Research Lab took third place with 26 points


You can catch up on the contest by visiting the following blogs:


•  Welcome to Pwn2Own 2017 – The Schedule
•  The Results – Pwn2Own 2017 Day One
•  Pwn2Own 2017 – Day Two Schedule and Results
•  The Results – Pwn2Own 2017 Day Two
•  Pwn2Own 2017 – Day Three Schedule and Results
•  The Results – Pwn2Own 2017 Day Three
•  The View from DVLabs – Pwn2Own 2017


If you take a look at the zero-day filters we have this week, you’ll see a number of them that include “Pwn2Own” in the filter name. You guessed it! TippingPoint customers are already protected from the very vulnerabilities discovered during the contest while the affected vendors are working on a patch.

It was a grueling contest this year, but definitely one for the record books, with virtual machine escapes and a hacked touch bar. Brian Gorenc, who leads the Zero Day Initiative team, gives his perspective on the past 10 years of Pwn2Own and what the future holds. I can’t wait to see what happens next year!

Virtual Threat Protection System (vTPS) v4.2.0 is Now Available!

Earlier this week, we released version 4.2.0 build 4654 for our TippingPoint Virtual Threat Protection System (vTPS).

vTPS v4.2.0 includes the following:


•  Introduction of a single-disk architecture with a user disk partition.
•  Reduced computer requirements (1 less core is now required for deployment)
•  When configuring RADIUS, you can now set the Authentication Protocol.
•  Flexibility to upgrade inspection throughput from 500Mbps to 1Gpbs.
•  In addition, the v4.2.0 vTPS release inherits features of TPS v4.2.0, including:
•  The ability to collect a client’s true IP address.
•  The ability to identify the HTTP URI and hostname information associated with an event.
•  Enhanced SNMP support.





For a complete list of enhancements and changes, customers can refer to the product Release Notes. For questions or technical assistance on any TippingPoint product, customers can contact the TippingPoint Technical Assistance Center (TAC).

Adobe Security Bulletins Update

This week’s Digital Vaccine (DV) package includes coverage for the Adobe Security Bulletins released on or before March 14, 2017. The following table maps TippingPoint filters to the Adobe Bulletins:

Bulletin # CVE # Digital Vaccine Filter # Status APSB17-07 CVE-2017-2997 27499 APSB17-07 CVE-2017-2998 27500 APSB17-07 CVE-2017-2999 27501 APSB17-07 CVE-2017-3000 Insufficient Information APSB17-07 CVE-2017-3001 27493, 27511 APSB17-07 CVE-2017-3002 27502 APSB17-07 CVE-2017-3003 27503  

Zero-Day Filters

There are 27 new zero-day filters covering six vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (5)


•  27520: PWN2OWN ZDI-CAN-4588: Zero Day Initiative Vulnerability (Adobe Reader)
•  27521: PWN2OWN ZDI-CAN-4589: Zero Day Initiative Vulnerability (Adobe Reader)
•  27522: PWN2OWN ZDI-CAN-4575: Zero Day Initiative Vulnerability (Adobe Reader DC)
•  27533: PWN2OWN ZDI-CAN-4601: Zero Day Initiative Vulnerability (Adobe Flash)
•  27534: PWN2OWN ZDI-CAN-4607: Zero Day Initiative Vulnerability (Adobe Flash) 


Apple (10)


•  27518: PWN2OWN ZDI-CAN-4578: Zero Day Initiative Vulnerability (Apple Safari)
•  27523: PWN2OWN ZDI-CAN-4591: Zero Day Initiative Vulnerability (Apple Safari)
•  27524: PWN2OWN ZDI-CAN-4593: Zero Day Initiative Vulnerability (Apple Safari)
•  27525: PWN2OWN ZDI-CAN-4594: Zero Day Initiative Vulnerability (Apple Safari)
•  27526: PWN2OWN ZDI-CAN-4595: Zero Day Initiative Vulnerability (Apple Safari)
•  27527: PWN2OWN ZDI-CAN-4596: Zero Day Initiative Vulnerability (Apple Safari)
•  27528: ZDI-CAN-4597: Zero Day Initiative Vulnerability (Apple Safari)
•  27529: ZDI-CAN-4598: Zero Day Initiative Vulnerability (Apple Safari)
•  27535: PWN2OWN ZDI-CAN-4623: Zero Day Initiative Vulnerability (Apple Safari)
•  27539: PWN2OWN ZDI-CAN-4613: Zero Day Initiative Vulnerability (Apple Safari) 


Google (1)


•  27519: ZDI-CAN-4587: Zero Day Initiative Vulnerability (Google Chrome) 


Mozilla (1)


•  27537: PWN2OWN ZDI-CAN-4620: Zero Day Initiative Vulnerability (Mozilla Firefox) 


Microsoft (6)


•  27532: PWN2OWN ZDI-CAN-4584: Zero Day Initiative Vulnerability (Microsoft Edge)
•  27536: PWN2OWN ZDI-CAN-4611: Zero Day Initiative Vulnerability (Microsoft Edge)
•  27538: PWN2OWN ZDI-CAN-4618: Zero Day Initiative Vulnerability (Microsoft Edge)
•  27540: PWN2OWN ZDI-CAN-4625: Zero Day Initiative Vulnerability (Microsoft Edge)
•  27541: PWN2OWN ZDI-CAN-4628: Zero Day Initiative Vulnerability (Microsoft Edge)
•  27542: PWN2OWN ZDI-CAN-4629: Zero Day Initiative Vulnerability (Microsoft Edge) 


Trend Micro (4)


•  27507: ZDI-CAN-4404: Zero Day Initiative Vulnerability (Trend Micro SafeSync for Enterprise)
•  27508: ZDI-CAN-4408: Zero Day Initiative Vulnerability (Trend Micro SafeSync for Enterprise)
•  27509: ZDI-CAN-4409: Zero Day Initiative Vulnerability (Trend Micro SafeSync for Enterprise)
•  27512: ZDI-CAN-4410: Zero Day Initiative Vulnerability (Trend Micro SafeSync for Enterprise) 


Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.