• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Network   »   TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 18, 2016

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 18, 2016

  • Posted on:April 22, 2016
  • Posted in:Network, Security
  • Posted by:
    Elisa Lippincott (Global Threat Communications)
0

I love my weekly challenge of finding something related to sports, movies or other piece of pop culture and tying it back to network security. I often get asked where my “inspiration” comes from, to which I respond, “Only from my weird and twisted mind.” But in all seriousness, I find my inspiration in everything: something I see on television; someone I talk to; a song I hear; a movie I see; a sport I love. The tie-in to network security doesn’t hit me right away, but then it does…just at the right time.

Matt Hilgers, from our TippingPoint TAC team, challenged me to tie a certain children’s animated show to network security. The show is Daniel Tiger’s Neighborhood, which is an animated spinoff of the popular Mister Rogers’ Neighborhood children’s television series that ran on American public television from 1968 to 2001. I grew up watching Mister Rogers, who focused on a variety of topics, even some that other children’s shows didn’t dare touch, like death, divorce or even war. Although Daniel Tiger’s Neighborhood targets preschool children, it still focuses on mature themes like disappointment and appreciation, but uses “strategy songs” to reinforce the theme of the episode and to help children remember the life lessons.

As luck would have it, one of the strategy songs from the show is titled, “Stop and Listen to Stay Safe.” The song teaches children to be safe when it comes to crossing the street or running too far from the yard. If you keep track of security news, then you know that if you get an alert from the Department of Homeland Security to uninstall Apple’s QuickTime for Windows, you better “stop and listen to stay safe!” Last week, the Zero Day Initiative publicly disclosed two zero-day vulnerabilities in Apple QuickTime that can be exploited to achieve remote code execution on the Windows platform. The vulnerabilities had been reported to Apple previously; however, Apple decided to end support for QuickTime for Windows and not patch these vulnerabilities.

If you’re a TippingPoint customer, you have been protected from these vulnerabilities since December 1, 2015 with the following Digital Vaccine filters:

  • 21918: ZDI-16-241: Zero Day Initiative Vulnerability (Apple QuickTime)
  • 21919: ZDI-16-242: Zero Day Initiative Vulnerability (Apple QuickTime)

Customers who need a little more time to remove QuickTime from Windows machines can employ the following Digital Vaccine policy filter, that’s been available since September 14, 2009, to detect and/or block transferring of all QuickTime movie files over HTTP:

  • 8444: HTTP: Apple QuickTime Transfer

There have been over 100 articles on the QuickTime for Windows alert and it was a trending topic on Twitter and Facebook. Here are a few useful links:

  • US-CERT Alert (TA16-105A)
  • Trend Micro Blog: Urgent Call to Action: Uninstall QuickTime for Windows Today
  • Apple Support: Uninstall QuickTime for Windows
  • Reuters: S. agency advises Windows PC users remove Apple’s QuickTime over bugs
  • The Verge: US government tells Windows users to uninstall QuickTime as Apple stops support
  • The Washington Post: Windows users: Uninstall Apple’s QuickTime now
  • WIRED: Got QuickTime on Windows? Uninstall It Right Now
  • Dark Reading: Apple QuickTime For Windows: Uninstall It ASAP, Security Firm Warns
  • Krebs on Security: US-CERT to Windows Users: Dump Apple QuickTime

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap posted on the Trend Micro Simply Security blog!

Zero-Day Filters

There are seven new zero-day filters covering seven vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative web site.

Adobe (1)

  • 24360: ZDI-CAN-3543: Zero Day Initiative Vulnerability (Adobe Creative Cloud) 

Apple (1)

  • 24267: HTTP: XML External Entities Referencing Chrome Protocol (ZDI-16-203)

Foxit (1)

  • 24270: HTTP: Foxit Reader Revision Number Use-After-Free Vulnerability (ZDI-16-219 / ZDI-16-220)

Google (1)

  • 24355: HTTP: Google Chrome Pdfium JPEG2000 Memory Corruption Vulnerability (ZDI-16-197)

Hewlett Packard Enterprise (1)

  • 24361: ZDI-CAN-3555: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise LoadRunner)

Mozilla (1)

  • 24269: HTTP: Mozilla Firefox SetBody Use-After-Free Vulnerability (ZDI-16-199)

Solarwinds (1)

  • 24359: ZDI-CAN-3398: Zero Day Initiative Vulnerability (SolarWinds Storage Resource Monitor)

Updated Existing Zero-Day Filters

This section highlights specific filter(s) of interest in this week’s Digital Vaccine package that have been updated as a result of a vendor issuing a patch for a vulnerability found via the Zero Day Initiative.

In 2015, the Zero Day Initiative saw over 200 vulnerabilities focused on SCADA and Industrial Control Systems (ICS). The following updated zero-day filters reflect patches for vulnerabilities in Advantech solutions. At one point in late 2015, we had 57 Advantech vulnerabilities submitted to the Zero Day Initiative in one week!

  • 21045: RPC: Advantech WebAccess webvrpcs Service BwpAlarm.dll Buffer Overflow Vulnerability (ZDI-16-056)
  • 21046: RPC: Advantech WebAccess webvrpcs Service BwpAlarm.dll Buffer Overflow Vulnerability (ZDI-16-057)
  • 21047: RPC: Advantech WebAccess webvrpcs Service BwpAlarm.dll Buffer Overflow Vulnerability (ZDI-16-058)
  • 21048: RPC: Advantech WebAccess webvrpcs Service BwpAlarm.dll Buffer Overflow Vulnerability (ZDI-16-059)

Related posts:

  1. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 3, 2017
  2. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 2, 2018
  3. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 4, 2016
  4. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 11, 2016

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Transforms Channel Program to Advance Cloud Security and Services
  • Exceptional Attack Protection Proven in Rigorous MITRE Engenuity ATT&CK® Evaluations
  • Trend Micro Offerings Are FedRAMP Authorized and Available on AWS
  • Fujitsu and Trend Micro Demonstrate Solution To Secure Private 5G
  • Trend Micro Receives 5-Star Rating in 2021 CRN® Partner Program Guide
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.