Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #DV8974

    • Updated:
    • 26 Jul 2017
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #DV8974      (July 11, 2017)
Details
Public
 
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com

SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 2.5.2 DV will run on IPS with TOS 2.5.2 to TOS 3.1.x.
The 3.2.0 DV will run on IPS with TOS 3.2.0 to TOS 3.9.x, all NGFW and TPS v4.0.0 to 4.2.0.
The 4.0.0 DV only supports the Virtual Threat Protection System (vTPS) platform.
Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before July 11, 2017.
The following table maps TippingPoint filters to the Microsoft CVEs.
CVE #TippingPoint Filter #Status
CVE-2017-0170 No Vendor Intelligence Provided
CVE-2017-024329051 
CVE-2017-8463 No Vendor Intelligence Provided
CVE-2017-8467 No Vendor Intelligence Provided
CVE-2017-8486 No Vendor Intelligence Provided
CVE-2017-8495 No Vendor Intelligence Provided
CVE-2017-8501 No Vendor Intelligence Provided
CVE-2017-8502 No Vendor Intelligence Provided
CVE-2017-8556 No Vendor Intelligence Provided
CVE-2017-8557 No Vendor Intelligence Provided
CVE-2017-8559 No Vendor Intelligence Provided
CVE-2017-8560 No Vendor Intelligence Provided
CVE-2017-8561 No Vendor Intelligence Provided
CVE-2017-8562 No Vendor Intelligence Provided
CVE-2017-8563 No Vendor Intelligence Provided
CVE-2017-8564 No Vendor Intelligence Provided
CVE-2017-8565 No Vendor Intelligence Provided
CVE-2017-8566 No Vendor Intelligence Provided
CVE-2017-8569 No Vendor Intelligence Provided
CVE-2017-8570 No Vendor Intelligence Provided
CVE-2017-8573 No Vendor Intelligence Provided
CVE-2017-8574 No Vendor Intelligence Provided
CVE-2017-857729054 
CVE-2017-857829055 
CVE-2017-8580 Insufficient Vendor Information
CVE-2017-8581 No Vendor Intelligence Provided
CVE-2017-8582 No Vendor Intelligence Provided
CVE-2017-8584 No Vendor Intelligence Provided
CVE-2017-8585 No Vendor Intelligence Provided
CVE-2017-8587 No Vendor Intelligence Provided
CVE-2017-8588 No Vendor Intelligence Provided
CVE-2017-8589 No Vendor Intelligence Provided
CVE-2017-8590 No Vendor Intelligence Provided
CVE-2017-859229048 
CVE-2017-859429046 
CVE-2017-8595 No Vendor Intelligence Provided
CVE-2017-8596 No Vendor Intelligence Provided
CVE-2017-859829050 
CVE-2017-8599 No Vendor Intelligence Provided
CVE-2017-860129047 
CVE-2017-8602 No Vendor Intelligence Provided
CVE-2017-8603 No Vendor Intelligence Provided
CVE-2017-8604 No Vendor Intelligence Provided
CVE-2017-860529049 
CVE-2017-8606 No Vendor Intelligence Provided
CVE-2017-8607 No Vendor Intelligence Provided
CVE-2017-8608 No Vendor Intelligence Provided
CVE-2017-8609 No Vendor Intelligence Provided
CVE-2017-8610 No Vendor Intelligence Provided
CVE-2017-8611 No Vendor Intelligence Provided
CVE-2017-861729056 
CVE-2017-861829045 
CVE-2017-861929057 
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_2.5.2_8974.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_8974.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_8974.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
 New Filters:


    29045: HTTP: Internet Explorer VarType Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Internet Explorer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8618

    29046: HTTP: Microsoft Internet Explorer SVG foreignObject Type Confusion Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8594

    29047: HTTP: Microsoft Edge Uint8ClampedArray Type Confusion Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8601

    29048: HTTP: Internet Explorer CORS Header Policy Bypass Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a policy bypass vulnerability in Internet Explorer.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8592

    29049: HTTP: Microsoft Edge DataView Use-After-Free Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8605

    29050: HTTP: Microsoft Edge constructor Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8598

    29051: HTTP: Microsoft Word Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Word.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-0243

    29054: HTTP: Microsoft Windows gdi32 Privilege Escalation Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8577

    29055: HTTP: Microsoft Windows gdi32 Privilege Escalation Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8578

    29056: HTTP: Microsoft Edge Lang Use-After-Free Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8617

    29057: HTTP: Microsoft Edge ArrayBuffer Memory Corruption Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Edge.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2017-8619

    29060: ZDI-CAN-4892: Zero Day Initiative Vulnerability (Linksys WVBR0)
      - IPS Version: 3.2.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Linksys WVBR0.
      - Deployment: Not enabled by default in any deployment.

    29068: HTTP: Apache Struts 2 Struts 1 Plugin Command Injection Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Apache Struts 2.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Bugtraq ID: 99484
        - Common Vulnerabilities and Exposures: CVE-2017-9791

    29070: HTTP: Apache Struts 2 Struts 1 SaveGangster.action Showcase Site Access
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an HTTP POST attempt to the SaveGangster.action showcase page.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Bugtraq ID: 99484
        - Common Vulnerabilities and Exposures: CVE-2017-9791

    29072: HTTP: Apache Struts 2 Suspicious opensymphony Actions
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects use of the opensymphony addHeader and setContentType actions.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 99484
        - Common Vulnerabilities and Exposures: CVE-2017-9791

    29073: HTTP: Apache Struts 2 Echo Command Usage in OGNL Values
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the usage of an echo command within a Struts OGNL value.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Bugtraq ID: 99484
        - Common Vulnerabilities and Exposures: CVE-2017-9791

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    5370: VPN: SoftEther VPN Connection Attempt
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    5371: VPN: SoftEther VPN Connection Attempt
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.

    * 22514: TCP: Redis Lua Scripting Component getnum Integer Overflow Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    28380: HTTP: Jenkins CI Server Cross-Site Request Forgery Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

  Removed Filters:  None

Top of the Page
Premium
Internal
Rating:
Category:
Deploy
Solution Id:
TP000085475
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.