|Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.|
New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.
Note: This is an out-of-band DV release to address exploits in the wild related to Microsoft Windows Print Spooler CVE-2021-1675. Due to the nature of the vulnerability, the provided protection is limited to a policy filter to detect usage of the vulnerable functionality. The regular weekly DV will be published as scheduled on Tuesday, July 06, 2021.
|The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.|
|The Digital Vaccine can be manually downloaded from the following URLs:|
Table of Contents
New Filters - 1
Modified Filters (logic changes) - 0
Modified Filters (metadata changes only) - 0
Removed Filters - 0
New Filters: 39940: RPC: Microsoft Windows AddPrinterDriverEx Request - IPS Version: 3.6.2 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an AddPrinterDriverEx request. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2021-1675 - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: MS-RPC - Platform: Windows Server Application or Service - Release Date: July 01, 2021 Modified Filters (logic changes): None Modified Filters (metadata changes only): None Removed Filters: NoneTop of the Page