Earlier this month, a blog post from Blue Frost Security was released stating that they were giving away tickets to the upcoming Ekoparty Security Conference in Argentina. But there was a catch: in order to get the tickets (and free whiskey), entrants had to complete an exploitation challenge and send them the solution. Blue Frost provided a 64-bit PE binary with a simple stack-based buffer overflow with the objective to run ‘calc.exe’ on Windows 7, Windows 8.1, or Windows 10.
Our very own Jasiel Spelman (@WanderingGlitch) from the Zero Day Initiative decided to take a little break from work and work on the challenge. While it may seem that this challenge was set up to hack something for fun (and drinks), what it really shows is how poorly-written applications can easily be exploited. You can check out Jasiel’s blog, which includes video of his demo, here.
Microsoft Update
This week’s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before July 11, 2017. Microsoft released 48 security patches for August covering Windows, Internet Explorer (IE), Edge, the subsystem for Linux, Kernel, SharePoint, SQL Server, and Hyper-V. 25 are listed as Critical, 21 are rated Important, and two are Moderate in severity. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month’s security updates from Dustin Childs’ August 2017 Security Update Review from the Zero Day Initiative:
| CVE # | Digital Vaccine Filter # | Status |
| CVE-2017-0174 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-0250 | 29053 | |
| CVE-2017-0293 | *27746 | |
| CVE-2017-8503 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8516 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8591 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8593 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8620 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8622 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8623 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8624 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8625 | 29340 | |
| CVE-2017-8627 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8633 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8634 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8635 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8636 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8637 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8638 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8639 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8640 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8641 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8642 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8644 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8645 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8646 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8647 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8650 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8651 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8652 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8653 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8654 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8655 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8656 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8657 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8659 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8661 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8662 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8664 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8666 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8668 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8669 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8670 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8671 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8672 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8673 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8674 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
| CVE-2017-8691 | Vendor Deemed Reproducibility or Exploitation Unlikely |
Zero-Day Filters
There is one new zero-day filter covering one vendor in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Cisco (1)
|
|
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.