TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 11, 2018
As a native Texan, I’ve seen more than my fair share of bugs – actual physical bugs that love the hot, humid Texas climate and my curly hair for some reason. The Zero Day Initiative (ZDI) sees many bugs (of the software variety), including those that affect SCADA control systems. Fritz Sands recently walked through a deep dive into an attack on a remote procedure call (RPC) interface based on the proofs of concept from Advantech vulnerability submissions to ZDI. While Advantech’s products focus on Internet of Things (IoT) and Industrial IoT, the use of RPC interfaces isn’t limited to SCADA. Their use is more prevalent than you think. So if you want to get an understanding of RPC interfaces and hone your skills, you can go down the rabbit hole with Fritz and get the full details here.
Microsoft Security Updates
This week’s Digital Vaccine® (DV) package includes coverage for Microsoft updates released on or before June 12, 2018. This month, Microsoft released 50 security patches covering Internet Explorer (IE), Edge, ChakraCore, Hyper-V Server, Windows, and Microsoft Office and Office Services. Of the 50 CVEs, 11 are listed as Critical and 39 are rated Important. Five of the CVEs came through the ZDI program. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ June 2018 Security Update Review from the Zero Day Initiative:
CVE # | Digital Vaccine Filter # | Status |
CVE-2018-0871 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-0978 | 32124 | |
CVE-2018-0982 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-1036 | 32162 | |
CVE-2018-1040 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8110 | 32026 | |
CVE-2018-8111 | 32027 | |
CVE-2018-8113 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8121 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8140 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8169 | 32164 | |
CVE-2018-8175 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8201 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8205 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8207 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8208 | 32126 | |
CVE-2018-8209 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8210 | 32028 | |
CVE-2018-8211 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8212 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8213 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8214 | 32127 | |
CVE-2018-8215 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8216 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8217 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8218 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8219 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8221 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8224 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8225 | 32029 | |
CVE-2018-8226 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8227 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8229 | 32030 | |
CVE-2018-8231 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8233 | 32034 | |
CVE-2018-8234 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8235 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8236 | 32054 | |
CVE-2018-8239 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8243 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8244 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8245 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8246 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8247 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8248 | 32032 | |
CVE-2018-8249 | 32038 | |
CVE-2018-8251 | 32068 | |
CVE-2018-8252 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8254 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
CVE-2018-8267 | 32065 |
Zero-Day Filters
There are six new zero-day filters covering three vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.
Foxit (2)
|
|
Microsoft (3)
|
|
OMRON (1)
|
|
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.
Read More HERE