
On Tuesday, I was inconvenienced with a flight cancellation and eight-hour delay in route to our Ottawa office. It seems petty to even call it an inconvenience in the grand scheme of things given the horrific attack that occurred at the Istanbul airport on the same day. It was a bit unsettling to watch the news of the attack while sitting at another airport, and I find myself missing the inspiration that usually comes to me easily to write this blog.
So all I will say is my thoughts go out to all of those who lost loved ones that day and I hope the criminals are brought to justice. Stay safe everyone.
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap posted on the Trend Micro Simply Security blog!
Zero-Day Filters
There are 22 new zero-day filter covering five vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Adobe (4)
|
|
Apache (1)
|
|
Foxit (3)
|
|
Microsoft (5)
|
|
Mitsubishi (9)
|
|
Updated Existing Zero-Day Filters
This section highlights specific filter(s) of interest in this week’s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its Disclosure Policy.
A zero-day filter that was updated this week covers a vulnerability in SAP 3D Visual Enterprise Viewer. The specific flaw exists within the handling of SketchUp documents. With a specially crafted SketchUp document, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
This vulnerability is being disclosed publicly without a patch in accordance with the Zero Day Initiative 120-day deadline.
|
|
For more information on this vulnerability, vendor response and mitigation options, click here.