TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 13, 2017

There was never any doubt what my topic would be for this week’s blog. March Madness, right? Normally I’d be talking about the NCAA Basketball tournament, but not this time. Our March Madness is called Pwn2Own. We celebrated the 10^th anniversary of Pwn2Own in Vancouver this week with the biggest contest ever with 11 teams of contestants targeting products across four categories – 30 different attempts in total!

The event is wrapping up later today but you can catch up (and keep up) with the latest through these blogs:

For the very latest, follow the Zero Day Initiative on Twitter at @thezdi.

Microsoft Patch Tuesday Update

This week’s Digital Vaccine (DV) package includes coverage for the Microsoft Security Bulletins released on or before March 14, 2017. This month’s Patch Tuesday is the largest in Microsoft’s history, covering a whopping 135 CVEs (plus the bulletin for Flash, which addresses seven more CVEs) with 17 update bulletins – eight of them rated critical. The following table maps Digital Vaccine filters to the Microsoft Security Bulletins. Filters marked with an (*) shipped prior to this DV package, providing zero-day protection for our customers. You can get more detailed information on this month’s Microsoft Security Bulletins from Dustin Childs’ March 2017 Security Update Review:

Zero-Day Filters

There are 12 new zero-day filters covering three vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (3)

Hewlett Packard Enterprise (3)

Trend Micro (6)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.