I was in Miami, Florida this week meeting with our TippingPoint sales team. We stayed at a property that is owned by a certain U.S. presidential candidate. On our last night there, we get back from dinner and arrive to a large number of secret service agents and local police enforcement. It turns out the certain presidential candidate was actually eating dinner with a number of people. It was interesting to see the secret service work and control the crowd because we (and other hotel patrons) outnumbered them and we weren’t vetted individually when we walked into the bar. How do they know that we’re “good” people and not going to cause trouble at some point?
It’s almost like an enterprise network. Lots of traffic going through and there’s some traffic that you know is “good,” some that you know is “bad,” and some that you just have no idea. Security threats are becoming so advanced that they might appear benign at first, but cause problems later. As part of a layered, defense-in-depth approach to security, the TippingPoint Advanced Threat Protection solutions can extend the value of your security products such as endpoint protection, web and email gateways, network security, and other offerings. Suspicious objects or URLs can be automatically or manually sent for analysis, and you can detect ransomware, advanced malware, zero-day exploits, command and control (C&C) and multi-stage downloads resulting from malicious payloads or URLs on Windows and Mac OS systems. Just like the secret service wear earpieces so that everyone knows what’s going on and keeping tabs on the crowd, we can also share threat insight automatically with both Trend Micro and third party products. You can learn more by visiting www.trendmicro.com/tippingpoint.
Introducing the Zero Day Initiative (ZDI) Monthly Patch Review Blog
Dustin Childs from our Zero Day Initiative has started a monthly patch review blog where he will give detailed content on hot threats, patch coverage and the “bug of the month.” This month, he gives additional context around the major security patches released from Microsoft and Adobe. You can access his blog here.
Microsoft Patch Tuesday Update
This week’s Digital Vaccine (DV) package includes coverage for the Microsoft Security Bulletins released on or before October 11, 2016. This month’s Patch Tuesday covered 44 CVEs with 10 update bulletins – five of them rated critical. The following table maps Digital Vaccine filters to the Microsoft Security Bulletins. Filters designated with an asterisk (*) shipped prior to this week’s package, providing zero-day protection for our customers:
| Bulletin # | CVE # | Digital Vaccine Filter # | Status |
| MS16-051 | CVE-2016-0189 | 24242 | |
| MS16-053 | CVE-2016-0189 | 24242 | |
| MS16-118 | CVE-2016-3267 | 25177 | |
| MS16-118 | CVE-2016-3298 | 25148 | |
| MS16-118 | CVE-2016-3331 | 25149 | |
| MS16-118 | CVE-2016-3382 | 24324 | |
| MS16-118 | CVE-2016-3383 | *40716 | |
| MS16-118 | CVE-2016-3384 | 24996 | |
| MS16-118 | CVE-2016-3385 | 25008 | |
| MS16-118 | CVE-2016-3387 | 25150 | |
| MS16-118 | CVE-2016-3388 | 25151 | |
| MS16-118 | CVE-2016-3390 | Insufficient Vendor Information | |
| MS16-118 | CVE-2016-3391 | Insufficient Vendor Information | |
| MS16-119 | CVE-2016-3267 | 25177 | |
| MS16-119 | CVE-2016-3331 | 25149 | |
| MS16-119 | CVE-2016-3382 | 24324 | |
| MS16-119 | CVE-2016-3386 | 25171 | |
| MS16-119 | CVE-2016-3387 | 25150 | |
| MS16-119 | CVE-2016-3388 | 25151 | |
| MS16-119 | CVE-2016-3389 | Insufficient Vendor Information | |
| MS16-119 | CVE-2016-3390 | Insufficient Vendor Information | |
| MS16-119 | CVE-2016-3391 | Insufficient Vendor Information | |
| MS16-119 | CVE-2016-3392 | Insufficient Vendor Information | |
| MS16-119 | CVE-2016-7189 | 25231 | |
| MS16-119 | CVE-2016-7190 | 25152 | |
| MS16-119 | CVE-2016-7194 | 25171 | |
| MS16-120 | CVE-2016-3209 | 25156 | |
| MS16-120 | CVE-2016-3262 | 25146 | |
| MS16-120 | CVE-2016-3263 | 25147 | |
| MS16-120 | CVE-2016-3270 | 25159 | |
| MS16-120 | CVE-2016-3393 | Insufficient Vendor Information | |
| MS16-120 | CVE-2016-3396 | Insufficient Vendor Information | |
| MS16-120 | CVE-2016-7182 | 25236 | |
| MS16-121 | CVE-2016-7193 | 25175 | |
| MS16-122 | CVE-2016-0142 | Insufficient Vendor Information | |
| MS16-123 | CVE-2016-3266 | 25176 | |
| MS16-123 | CVE-2016-3341 | 25230 | |
| MS16-123 | CVE-2016-3376 | Too False Positive Prone | |
| MS16-123 | CVE-2016-7183 | Insufficient Vendor Information | |
| MS16-123 | CVE-2016-7185 | Insufficient Vendor Information | |
| MS16-123 | CVE-2016-7191 | 25232 | |
| MS16-124 | CVE-2016-0070 | 25162 | |
| MS16-124 | CVE-2016-0073 | 25163 | |
| MS16-124 | CVE-2016-0075 | 25164 | |
| MS16-124 | CVE-2016-0079 | 25165 | |
| MS16-125 | CVE-2016-7188 | Insufficient Vendor Information | |
| MS16-126 | CVE-2016-3298 | 25148 |
TippingPoint Threat Protection System (TPS) v4.1.2 Release
TippingPoint has released version 4.1.2 build 4493 for the Threat Protection System (TPS) family of devices.
TPS v4.1.2 is a maintenance release that resolves the following issues:
|
|
TPS v4.1.0 is currently installed on the 440T and 2200T TPS hardware appliances shipping from TippingPoint. TPS hardware manufacturing will move to installing TPS v4.1.2 on the 440T and 2200T TPS hardware platforms starting on January 18, 2017. Customers can refer to the product Release Notes for the complete list of enhancements and changes located on the Threat Management Center (TMC) website at https://tmc.tippingpoint.com.
Zero-Day Filters
There are four new zero-day filters covering three vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Apple (1)
|
|
Trend Micro (1)
|
|
UCanCode (2)
|
|
Updated Existing Zero-Day Filters
This section highlights specific filter(s) of interest in this week’s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its Disclosure Policy.
One of the filters we have for this month’s Microsoft bulletins has been updated to reflect the fact that the vulnerability has been patched:
|
|
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.