Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #8983

    • Updated:
    • 9 Aug 2017
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #8983      (August 8, 2017)
Details
Public
 
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 2.5.2 DV will run on IPS with TOS 2.5.2 to TOS 3.1.x.
The 3.2.0 DV will run on IPS with TOS 3.2.0 to TOS 3.9.x, all NGFW and TPS v4.0.0 to 4.2.0.
The 4.0.0 DV only supports the Virtual Threat Protection System (vTPS) platform.
Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before August 08, 2017.
The following table maps TippingPoint filters to the Microsoft CVEs.
CVE #TippingPoint Filter #Status
CVE-2017-0174 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-025029053 
CVE-2017-0293*27746 
CVE-2017-8503 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8516 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8591 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8593 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8620 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8622 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8623 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8624 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-862529340 
CVE-2017-8627 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8633 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8634 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8635 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8636 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8637 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8638 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8639 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8640 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8641 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8642 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8644 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8645 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8646 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8647 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8650 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8651 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8652 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8653 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8654 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8655 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8656 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8657 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8659 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8661 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8662 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8664 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8666 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8668 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8669 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8670 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8671 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8672 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8673 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8674 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2017-8691 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_2.5.2_8983.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_8983.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_8983.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
 New Filters:


    29053: HTTP: Microsoft Jet OLEDB Integer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an integer overflow vulnerability in Microsoft Jet.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-0250

    29268: DNS: ISC BIND RPZ Query Processing Denial-of-Service Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in ISC BIND.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 99088
        - Common Vulnerabilities and Exposures: CVE-2017-3140 CVSS 4.3

    29277: HTTPS: Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal (ZDI-17-447)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects attempt to exploit a directory traversal vulnerability in Cisco Prime Collaboration Provisioning.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 98522
        - Common Vulnerabilities and Exposures: CVE-2017-6621 CVSS 5.0
        - Zero Day Initiative: ZDI-17-447

    29278: HTTP: EFS Easy Chat Server User Registration Buffer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in EFS Software Easy Chat Server.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)

    29339: SMB: Windows SMB and Samba Denial-of-Service Vulnerability (SMBLoris)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Windows SMB and Unix/Linux Samba servers.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 118815

    29340: HTTP:  Microsoft Windows VBScript CHM Security Bypass Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a security bypass vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8625

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 3459: FTP: Serv-U MDTM Command Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    5683: RDP: Windows Remote Desktop Access on Non-Standard Ports
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Severity changed from "High" to "Moderate".
      - Description updated.
      - Detection logic updated.

    * 12146: HTTP: Microsoft Excel Record Type Confusion Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "12146: HTTP: Microsoft Excel File Processing Memory Corruption".
      - Category changed from "Vulnerabilities" to "Exploits".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 16654: HTTP: Libav LZO Integer Overflow Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "16654: TCP: Libav LZO Integer Overflow Vulnerability".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 16797: HTTP: GNU Bash URI Parameter Remote Code Execution Vulnerability
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 24405: HTTP: Schneider Electric U.motion Builder localize SQL Injection Vulnerability (ZDI-17-380)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    27315: HTTP: Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal (ZDI-17-447)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27315: ZDI-CAN-4468,4469: Zero Day Initiative Vulnerability (Cisco Prime Collaboration Provisioning)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Deployments updated and are now:
        - Deployment: Security-Optimized (Block / Notify)

    * 27746: HTTP: Microsoft Windows PDF Library JPEG2000 Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "27746: ZDI-CAN-4484: Zero Day Initiative Vulnerability (Microsoft Windows PDF Library)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 28184: HTTP: Microsoft Windows advapi32 Type Confusion Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.

    * 28459: HTTPS: Trend Micro InterScan Web Security ReportHandler DoCmd Command Injection (ZDI-17-206)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    * 29133: HTTPS: Trend Micro SafeSync for Enterprise check_nfs_server_status Command Injection (ZDI-17-113)
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    29136: HTTP: IPFire ids.cgi OINKCODE Command Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    * 29137: HTTPS: IPFire ids.cgi OINKCODE Command Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

  Removed Filters:

    5685: RDP: Windows Remote Desktop Access on Non-Standard Ports
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.       
  
   
Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000085356
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.