TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 7, 2018

This week marked National Teacher Appreciation Week here in the United States. I was happy to see that many other countries celebrate educators in all the other months of the year. All of us have at least one teacher, instructor or professor who really made a difference in our lives. There are two for me, and while they may not remember me out of the thousands they taught over the years, I definitely remember them. The first one helped me realize that I could write, and had me focus my frustration through poetry and essays as a 10-year-old moving from a city of almost two million (at the time) to a small town with 3,000 people trying to fit in. The second one validated my love for writing and journalism in college, encouraged me to ask the tough questions (don’t forget the five Ws and the H!) and reminded me to never bury the lead. He never forgave me for “going to the dark side” – that was his definition for marketing – but told me that as long as I’m still writing in some capacity, he was happy.

It’s only fitting that during National Teach Appreciation week that the University of Texas at San Antonio announced its plans to open a new cybersecurity center for government agencies and businesses seeking future cybersecurity workers and research. The space may potentially host a startup incubator, a computing center for research, data visualization lab and other research and training facilities. With a predicted 3.5 million unfilled cybersecurity positions by the year 2021, according to the Cybersecurity Jobs Report 2018-2021, we need all the help we can get to stay ahead of sophisticated cyber threats. You can learn more about the new center here.

TippingPoint Operating System (TOS) v5.0.3

Late last week, we released TOS v5.0.3 build 4867 for the TippingPoint TX-Series devices (8200TX/8400TX). For a complete list of enhancements and changes, customers can refer to the product Release Notes located on the Threat Management Center (TMC) website. Customers with any concerns or questions can contact the Trend Micro TippingPoint Technical Assistance Center (TAC).

Microsoft Security Updates

This week’s Digital Vaccine® (DV) package includes coverage for Microsoft updates released on or before May 8, 2018. It was another busy month for Microsoft with 68 security patches covering Internet Explorer (IE), Edge, ChakraCore, Hyper-V Server, Windows, Visual Studio, Microsoft Office and Office Services and Web Apps, and the Azure IoT SDK. Of these 68 CVEs, 21 are listed as Critical, 45 are rated Important, and two are listed as Low in severity. Eleven of these CVEs came through the ZDI program. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ May 2018 Security Update Review from the Zero Day Initiative:

CVE # Digital Vaccine Filter # Status
CVE-2018-0765 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0824 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0854 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0905 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0943 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0945 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0946 31487
CVE-2018-0951 31488
CVE-2018-0953 31489
CVE-2018-0954 31490
CVE-2018-0955 31563
CVE-2018-0958 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0959 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0961 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1021 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1022 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1025 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-1039 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8112 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8114 31491
CVE-2018-8119 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8120 31562
CVE-2018-8122 31492
CVE-2018-8123 31552
CVE-2018-8124 31558
CVE-2018-8126 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8127 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8128 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8129 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8130 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8132 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8133 31494
CVE-2018-8134 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8136 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8137 31617
CVE-2018-8139 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8145 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8147 31554
CVE-2018-8148 31555
CVE-2018-8149 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8150 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8151 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8152 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8153 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8154 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8155 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8156 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8157 31556
CVE-2018-8158 31557
CVE-2018-8159 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8160 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8161 31573
CVE-2018-8162 31559
CVE-2018-8163 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8164 31561
CVE-2018-8165 31571
CVE-2018-8166 31572
CVE-2018-8167 31560
CVE-2018-8168 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8170 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8173 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8174 31493
CVE-2018-8177 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8178 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8179 31498
CVE-2018-8897 Vendor Deemed Reproducibility or Exploitation Unlikely

 

Zero-Day Filters

There are two new zero-day filters covering one vendor in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Trend Micro (2)

  • 31495: ZDI-CAN-5550 Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)
  • 31496: ZDI-CAN-5551 Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

Read More HERE