TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 11, 2018

June 15, 2018 TH Author Advantech, Digital Vaccine (DV), Network, SCADA, Security, Zero Day Initiative, Zero Day Initiative (ZDI)

As a native Texan, I’ve seen more than my fair share of bugs – actual physical bugs that love the hot, humid Texas climate and my curly hair for some reason. The Zero Day Initiative (ZDI) sees many bugs (of the software variety), including those that affect SCADA control systems. Fritz Sands recently walked through a deep dive into an attack on a remote procedure call (RPC) interface based on the proofs of concept from Advantech vulnerability submissions to ZDI. While Advantech’s products focus on Internet of Things (IoT) and Industrial IoT, the use of RPC interfaces isn’t limited to SCADA. Their use is more prevalent than you think. So if you want to get an understanding of RPC interfaces and hone your skills, you can go down the rabbit hole with Fritz and get the full details here.

Microsoft Security Updates

This week’s Digital Vaccine® (DV) package includes coverage for Microsoft updates released on or before June 12, 2018. This month, Microsoft released 50 security patches covering Internet Explorer (IE), Edge, ChakraCore, Hyper-V Server, Windows, and Microsoft Office and Office Services. Of the 50 CVEs, 11 are listed as Critical and 39 are rated Important. Five of the CVEs came through the ZDI program. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ June 2018 Security Update Review from the Zero Day Initiative:

CVE #	Digital Vaccine Filter #	Status
CVE-2018-0871		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0978	32124
CVE-2018-0982		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1036	32162
CVE-2018-1040		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8110	32026
CVE-2018-8111	32027
CVE-2018-8113		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8121		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8140		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8169	32164
CVE-2018-8175		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8201		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8205		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8207		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8208	32126
CVE-2018-8209		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8210	32028
CVE-2018-8211		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8212		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8213		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8214	32127
CVE-2018-8215		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8216		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8217		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8218		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8219		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8221		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8224		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8225	32029
CVE-2018-8226		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8227		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8229	32030
CVE-2018-8231		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8233	32034
CVE-2018-8234		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8235		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8236	32054
CVE-2018-8239		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8243		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8244		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8245		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8246		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8247		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8248	32032
CVE-2018-8249	32038
CVE-2018-8251	32068
CVE-2018-8252		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8254		Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8267	32065

Zero-Day Filters

There are six new zero-day filters covering three vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Foxit (2)

	31967: HTTP: Foxit Reader resolveNode Use-After-Free Vulnerability (ZDI-18-339) 31969: HTTP: Foxit Reader boundItem Use-After-Free Vulnerability (ZDI-18-353)

Microsoft (3)

	31953: HTTP: Microsoft Windows VBScript Join Function Memory Corruption Vulnerability (ZDI-18-297) 31955: HTTP: Microsoft Windows Font Memory Corruption Vulnerability (ZDI-18-293) 31970: HTTP: Microsoft Windows JScript defineProperty Use-After-Free Vulnerability (ZDI-18-298)

OMRON (1)

	31965: HTTP: OMRON CX-Supervisor SCS File Parsing Buffer Overflow Vulnerability (ZDI-18-261)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

You May Also Like

Cisco snaps up Oort to bolster identity management technology

VMware ESXi server ransomware evolves, after recovery script released

DNS over HTTPS seeks to make internet use more private