I was in Miami, Florida this week meeting with our TippingPoint sales team. We stayed at a property that is owned by a certain U.S. presidential candidate. On our last night there, we get back from dinner and arrive to a large number of secret service agents and local police enforcement. It turns out the certain presidential candidate was actually eating dinner with a number of people. It was interesting to see the secret service work and control the crowd because we (and other hotel patrons) outnumbered them and we weren’t vetted individually when we walked into the bar. How do they know that we’re “good” people and not going to cause trouble at some point?
It’s almost like an enterprise network. Lots of traffic going through and there’s some traffic that you know is “good,” some that you know is “bad,” and some that you just have no idea. Security threats are becoming so advanced that they might appear benign at first, but cause problems later. As part of a layered, defense-in-depth approach to security, the TippingPoint Advanced Threat Protection solutions can extend the value of your security products such as endpoint protection, web and email gateways, network security, and other offerings. Suspicious objects or URLs can be automatically or manually sent for analysis, and you can detect ransomware, advanced malware, zero-day exploits, command and control (C&C) and multi-stage downloads resulting from malicious payloads or URLs on windows and Mac OS systems. Just like the secret service wear earpieces so that everyone knows what’s going on and keeping tabs on the crowd, we can also share threat insight automatically with both Trend Micro and third party products. You can learn more by visiting www.trendmicro.com/tippingpoint .
Introducing the Zero Day Initiative (ZDI) Monthly Patch Review BlogDustin Childs from our Zero Day Initiative has started a monthly patch review blog where he will give detailed content on hot threats, patch coverage and the “bug of the month.” This month, he gives additional context around the major security patches released from Microsoft and Adobe. You can access his bloghere.
Microsoft Patch Tuesday UpdateThis week’s Digital Vaccine (DV) package includes coverage for the Microsoft Security Bulletins released on or before October 11, 2016. This month’s Patch Tuesday covered 44 CVEs with 10 update bulletins five of them rated critical. The following table maps Digital Vaccine filters to the Microsoft Security Bulletins. Filters designated with an asterisk (*) shipped prior to this week’s package, providing zero-day protection for our customers:
Bulletin # CVE # Digital Vaccine Filter # Status MS16-051 CVE-2016-0189 24242 MS16-053 CVE-2016-0189 24242 MS16-118 CVE-2016-3267 25177 MS16-118 CVE-2016-3298 25148 MS16-118 CVE-2016-3331 25149 MS16-118 CVE-2016-3382 24324 MS16-118 CVE-2016-3383 *40716 MS16-118 CVE-2016-3384 24996 MS16-118 CVE-2016-3385 25008 MS16-118 CVE-2016-3387 25150 MS16-118 CVE-2016-3388 25151 MS16-118 CVE-2016-3390 Insufficient Vendor Information MS16-118 CVE-2016-3391 Insufficient Vendor Information MS16-119 CVE-2016-3267 25177 MS16-119 CVE-2016-3331 25149 MS16-119 CVE-2016-3382 24324 MS16-119 CVE-2016-3386 25171 MS16-119 CVE-2016-3387 25150 MS16-119 CVE-2016-3388 25151 MS16-119 CVE-2016-3389 Insufficient Vendor Information MS16-119 CVE-2016-3390 Insufficient Vendor Information MS16-119 CVE-2016-3391 Insufficient Vendor Information MS16-119 CVE-2016-3392 Insufficient Vendor Information MS16-119 CVE-2016-7189 25231 MS16-119 CVE-2016-7190 25152 MS16-119 CVE-2016-7194 25171 MS16-120 CVE-2016-3209 25156 MS16-120 CVE-2016-3262 25146 MS16-120 CVE-2016-3263 25147 MS16-120 CVE-2016-3270 25159 MS16-120 CVE-2016-3393 Insufficient Vendor Information MS16-120 CVE-2016-3396 Insufficient Vendor Information MS16-120 CVE-2016-7182 25236 MS16-121 CVE-2016-7193 25175 MS16-122 CVE-2016-0142 Insufficient Vendor Information MS16-123 CVE-2016-3266 25176 MS16-123 CVE-2016-3341 25230 MS16-123 CVE-2016-3376 Too False Positive Prone MS16-123 CVE-2016-7183 Insufficient Vendor Information MS16-123 CVE-2016-7185 Insufficient Vendor Information MS16-123 CVE-2016-7191 25232 MS16-124 CVE-2016-0070 25162 MS16-124 CVE-2016-0073 25163 MS16-124 CVE-2016-0075 25164 MS16-124 CVE-2016-0079 25165 MS16-125 CVE-2016-7188 Insufficient Vendor Information MS16-126 CVE-2016-3298 25148 TippingPoint Threat Protection System (TPS) v4.1.2 ReleaseTippingPoint has released version 4.1.2 build 4493 for the Threat Protection System (TPS) family of devices.
TPS v4.1.2 is a maintenance release that resolves the following issues:
Unresponsive management port on 440T device Warning or lower severity messages were not being sent as SNMP traps Locally created contacts being deleted after SMS profile distributionTPS v4.1.0 is currently installed on the 440T and 2200T TPS hardware appliances shipping from TippingPoint. TPS hardware manufacturing will move to installing TPS v4.1.2 on the 440T and 2200T TPS hardware platforms starting on January 18, 2017. Customers can refer to the product Release Notes for the complete list of enhancements and changes located on the Threat Management Center (TMC) website at https://tmc.tippingpoint.com .
Zero-Day FiltersThere are four new zero-day filters covering three vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Apple (1) 24949: ZDI-CAN-3852: Zero Day Initiative Vulnerability (Apple Safari) Trend Micro (1) 24334: HTTPS: Trend Micro Control Manager External Entity Processing Information Disclosure (ZDI-16-457, ZDI-16-458) UCanCode (2) 25233: ZDI-CAN-3884: Zero Day Initiative Vulnerability (UCanCode E-XD++ Visualization Enterprise Suite) 25234: ZDI-CAN-3885: Zero Day Initiative Vulnerability (UCanCode E-XD++ Visualization Enterprise Suite) Updated Existing Zero-Day FiltersThis section highlights specific filter(s) of interest in this week’s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its Disclosure Policy .
One of the filters we have for this month’s Microsoft bulletins has been updated to reflect the fact that the vulnerability has been patched:
40716: HTTP: Microsoft Internet Explorer documentElement Type Confusion Vulnerability Missed Last Week’s News?Catch up on last week’s news in myweekly recap.
