Summary
Digital Vaccine #9065 February 13, 2018
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com SMS customers can update the Digital Vaccine through the SMS client. From the top line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems.
The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before February 13, 2018. The following table maps TippingPoint filters to the Microsoft CVEs. | ||
CVE # | TippingPoint Filter # | Status |
CVE-2018-0742 | 30334 | |
CVE-2018-0755 | *30237 | |
CVE-2018-0756 | 30336 | |
CVE-2018-0757 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0760 | *30241 | |
CVE-2018-0761 | *30239 | |
CVE-2018-0763 | *30275 | |
CVE-2018-0771 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0809 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0810 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0820 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0821 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0822 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0823 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0825 | 30341 | |
CVE-2018-0826 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0827 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0828 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0829 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0830 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0831 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0832 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0833 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0834 | 30345 | |
CVE-2018-0835 | 30349 | |
CVE-2018-0836 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0837 | 30351 | |
CVE-2018-0838 | 30362 | |
CVE-2018-0839 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0840 | 30365 | |
CVE-2018-0841 | 30388 | |
CVE-2018-0842 | 30367 | |
CVE-2018-0843 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0844 | 30366 | |
CVE-2018-0846 | 30368 | |
CVE-2018-0847 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0850 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0851 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0852 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0853 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0855 | *30242 | |
CVE-2018-0856 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0857 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0858 | 30331 | |
CVE-2018-0859 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0860 | 30342 | |
CVE-2018-0861 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0864 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0866 | 30410 | |
CVE-2018-0869 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
Filters marked with * shipped prior to this DV, providing zero-day protection. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9065.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9065.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters: 30307: SNMP: Cisco IOS and IOS XE SNMP Multiple Buffer Overflow Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Cisco IOS and IOS XE.
- Deployment: Not enabled by default in any deployment.
- References:
- Bugtraq ID: 99345
- Common Vulnerabilities and Exposures: CVE-2017-6736 CVSS 9.0
30331: HTTP: Microsoft Edge prototype Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0858
30334: HTTP: Microsoft Windows win32k Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0742
30336: HTTP: Microsoft Windows win32kbase Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0756
30341: HTTP: Microsoft Windows LNK Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0825
30342: HTTP: Microsoft Edge prototype defineGetter Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0860
30345: HTTP: Microsoft Chakra Javascript __proto__ JIT Optimization Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Chakra.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0834
30349: HTTP: Microsoft Chakra JavaScript Array sort JIT Optimization Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Chakra.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0835
30351: HTTP: Microsoft Chakra JavaScript this JIT Optimization Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Chakra.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0837
30355: ZDI-CAN-5376,5377: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
30356: HTTP: WordPress load-scripts Usage
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Security Policy
- Severity: Moderate
- Description: This filter detects usage of load-scripts.php in WordPress.
- Deployment: Not enabled by default in any deployment.
- References:
- Common Vulnerabilities and Exposures: CVE-2018-6389
30357: ZDI-CAN-5378: Zero Day Initiative Vulnerability (Microsoft Windows)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
30358: ZDI-CAN-5379: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
30359: ZDI-CAN-5381: Zero Day Initiative Vulnerability (Adobe Flash Player)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Flash Player.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
30360: ZDI-CAN-5382: Zero Day Initiative Vulnerability (Foxit Reader)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Foxit Reader.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
30362: HTTP: Microsoft Edge JIT Optimization Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Edge.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0838
30365: HTTP: Microsoft Chakra JavaScript Array Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Chakra.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0840
30366: HTTP: Microsoft Windows clfs.sys BLF Privilege Escalation Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0844
30367: HTTP: Microsoft HID Parsing Library Out-of-Bounds Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit an out-of-bounds vulnerability in Microsoft kernel HID parsing library.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0842
30368: HTTP: Microsoft Windows clfs.sys BLF Privilege Escalation Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: High
- Description: This filter detects an attempt to exploit a privilege escalation vulnerability in Microsoft Windows.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0846
30369: HTTP: Cisco ASA WebVPN Host Scan Memory Corruption Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a memory corruption vulnerability in Cisco Adaptive Security Appliance (ASA).
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0101
30370: ZDI-CAN-5237: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
30371: ZDI-CAN-5238: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
30372: ZDI-CAN-5241: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
30373: ZDI-CAN-5291: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
30385: HTTP: WordPress load-scripts Denial-of-Service Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: High
- Description: This filter detects an attempt to exploit a denial-of-service vulnerability in WordPress.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-6389
30388: HTTP: Microsoft Excel XLS Parsing Type Confusion Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Exploits
- Severity: Critical
- Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Excel.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0841
30391: ZDI-CAN-5389: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation TPEditor.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
30392: ZDI-CAN-5402: Zero Day Initiative Vulnerability (OMRON CX-One)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting OMRON CX-One.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
30393: ZDI-CAN-5403: Zero Day Initiative Vulnerability (OMRON CX-One)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting OMRON CX-One.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
30394: ZDI-CAN-5404: Zero Day Initiative Vulnerability (OMRON CX-One)
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: Not available.
- Requires: IPS N-Platform, NX-Platform, NGFW, or TPS models.
- Category: Exploits
- Severity: Critical
- Description: This filter provides protection against exploitation of a zero-day vulnerability affecting OMRON CX-One.
- Deployments:
- Deployment: Security-Optimized (Block / Notify)
30410: HTTP: Microsoft Internet Explorer localeCompare Use-After-Free Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Vulnerabilities
- Severity: Critical
- Description: This filter detects an attempt to exploit a use-after-free vulnerability in Microsoft Internet Explorer.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Performance-Optimized (Disabled)
- References:
- Common Vulnerabilities and Exposures: CVE-2018-0866
Modified Filters (logic changes):
* = Enabled in Default deployments
* 25170: HTTP: Microsoft Windows clfs.sys BLF Memory Corruption Vulnerability
- IPS Version: 3.1.3 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 29899: HTTP: Apache httpd mod_auth_digest Memory Access Denial-of-Service Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
30114: HTTP: Adobe Acrobat and Reader AcroForm Font Encoding Code Execution Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 30241: HTTP: Microsoft Windows Font Embedding Information Disclosure Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "30241: ZDI-CAN-5318: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
* 30275: HTTP: Microsoft Edge CSS Information Disclosure Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "30275: ZDI-CAN-5323: Zero Day Initiative Vulnerability (Microsoft Edge)".
- Severity changed from "Critical" to "High".
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
Modified Filters (metadata changes only):
* = Enabled in Default deployments
* 30237: HTTP: Microsoft Windows Font Embedding Information Disclosure Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "30237: ZDI-CAN-5314: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Description updated.
- Vulnerability references updated.
* 30239: HTTP: Microsoft Windows Font Embedding Information Disclosure Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "30239: ZDI-CAN-5316: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Description updated.
- Vulnerability references updated.
* 30242: HTTP: Microsoft Windows Font Embedding Information Disclosure Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Name changed from "30242: ZDI-CAN-5319: Zero Day Initiative Vulnerability (Microsoft Windows)".
- Description updated.
- Vulnerability references updated.
30244: HTTP: Node.js Foundation Node.js zlib windowBits Denial-of-Service Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
30314: HTTP: ImageMagic phpThumb fltr Command Injection Vulnerability
- IPS Version: 3.6.2 and after.
- NGFW Version: 1.0.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
Removed Filters: None