Zero-Day Coverage Update – Week of July 16, 2018
One night this week, I came across one of my favorite movies Willy Wonka and the Chocolate Factory. The world had gone crazy after the reclusive Willy Wonka announces that he has hidden five golden tickets in chocolate Wonka Bars that promised a factory tour and a lifetime supply of chocolate. There’s a scene at a school where a teacher, Mr. Turkentine, decides to teach the kids about percentages and uses the Wonka Bars as an example. He asks one student how many Wonka Bars she bought and she replied, “About a hundred.” Mr. Turkentine tells her that there are ten hundreds in a thousand so that’s 10 percent. He asks a couple of other students and the percentages are easy to figure out. Then he asks Charlie Bucket, a poor paperboy, how many Wonka Bars he bought, and he says “Two.” Mr. Turkentine replied, “Two? What do you mean you only opened two? I can’t figure out the percentage for just two, so let’s just pretend you opened two hundred.”
While Mr. Turkentine has trouble with percentages, the Zero Day Initiative (ZDI) doesn’t. This month, Adobe had a bigger than normal patch for their Acrobat product, covering 107 CVEs. 68 of those CVEs came through the ZDI program! I don’t have any trouble figuring out that percentage – that’s 63.6% of the Acrobat vulnerabilities that came through ZDI. The “golden ticket” for Trend Micro customers isn’t a lifetime of chocolate, but preemptive protection against these bugs!
MindshaRE: An Introduction to PyKD
Earlier this week, ZDI researcher Abdul-Aziz Hariri posted a blog covering the topic of using PyKD to help automate debugging tasks and crash dump analysis using Python. His post is part of the MindshaRE blog series that provides insight on various reversing techniques to security researchers and reverse engineers. The blog demonstrates the installation and basic configuration of PyKD and goes on the show how it can be used to execute Python script from inside WinDBG. You can read the full blog here.
Adobe Security Update
This week’s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before July 10, 2018. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ July 2018 Security Update Review from the Zero Day Initiative:
Bulletin # | CVE # | Digital Vaccine Filter | Status |
APSB18-21 | CVE-2018-5009 | 32561 | |
APSB18-21 | CVE-2018-5010 | 32562 | |
APSB18-21 | CVE-2018-5011 | 32563 | |
APSB18-21 | CVE-2018-5012 | 32564 | |
APSB18-21 | CVE-2018-12799 | 32670 | |
APSB18-21 | CVE-2018-12803 | 32565 | |
APSB18-21 | CVE-2018-5014 | 32566 | |
APSB18-21 | CVE-2018-5015 | 32567 | |
APSB18-21 | CVE-2018-5016 | 32568 | |
APSB18-21 | CVE-2018-5017 | 32569 | |
APSB18-21 | CVE-2018-5018 | 32570 | |
APSB18-21 | CVE-2018-5019 | 32571 | |
APSB18-21 | CVE-2018-5020 | 32573 | |
APSB18-21 | CVE-2018-5021 | 32574 | |
APSB18-21 | CVE-2018-5022 | 32575 | |
APSB18-21 | CVE-2018-5023 | 32576 | |
APSB18-21 | CVE-2018-5024 | 32577 | |
APSB18-21 | CVE-2018-5025 | 32578 | |
APSB18-21 | CVE-2018-5026 | 32579 | |
APSB18-21 | CVE-2018-5027 | 32580 | |
APSB18-21 | CVE-2018-5028 | 32581 | |
APSB18-21 | CVE-2018-5029 | 32582 | |
APSB18-21 | CVE-2018-5030 | 32583 | |
APSB18-21 | CVE-2018-5031 | 32584 | |
APSB18-21 | CVE-2018-5032 | 32585 | |
APSB18-21 | CVE-2018-5033 | 32586 | |
APSB18-21 | CVE-2018-5034 | 32587 | |
APSB18-21 | CVE-2018-5035 | 32588 | |
APSB18-21 | CVE-2018-5036 | 32589 | |
APSB18-21 | CVE-2018-5037 | 32590 | |
APSB18-21 | CVE-2018-5038 | 32591 | |
APSB18-21 | CVE-2018-5039 | 32592 | |
APSB18-21 | CVE-2018-5040 | 32593 | |
APSB18-21 | CVE-2018-5041 | 32594 | |
APSB18-21 | CVE-2018-5042 | 32595 | |
APSB18-21 | CVE-2018-5043 | 32596 | |
APSB18-21 | CVE-2018-5044 | 32597 | |
APSB18-21 | CVE-2018-5045 | 32598 | |
APSB18-21 | CVE-2018-5046 | 32599 | |
APSB18-21 | CVE-2018-5047 | 32600 | |
APSB18-21 | CVE-2018-5048 | 32601 | |
APSB18-21 | CVE-2018-5049 | 32602 | |
APSB18-21 | CVE-2018-5050 | 32603 | |
APSB18-21 | CVE-2018-5051 | 32604 | |
APSB18-21 | CVE-2018-5052 | 32605 | |
APSB18-21 | CVE-2018-5053 | 32606 | |
APSB18-21 | CVE-2018-5054 | 32607 | |
APSB18-21 | CVE-2018-5055 | 32608 | |
APSB18-21 | CVE-2018-5056 | 32609 | |
APSB18-21 | CVE-2018-5057 | 32610 | |
APSB18-21 | CVE-2018-5058 | 32611 | |
APSB18-21 | CVE-2018-5059 | 32612 | |
APSB18-21 | CVE-2018-5060 | 32613 | |
APSB18-21 | CVE-2018-5061 | 32614 | |
APSB18-21 | CVE-2018-5062 | 32615 | |
APSB18-21 | CVE-2018-5063 | 32616 | |
APSB18-21 | CVE-2018-5064 | 32617 | |
APSB18-21 | CVE-2018-5065 | 32618 | |
APSB18-21 | CVE-2018-5066 | 32619 | |
APSB18-21 | CVE-2018-5067 | 32620 | |
APSB18-21 | CVE-2018-5068 | 32621 | |
APSB18-21 | CVE-2018-5069 | 32622 | |
APSB18-21 | CVE-2018-5070 | 32623 | |
APSB18-21 | CVE-2018-12754 | 32624 | |
APSB18-21 | CVE-2018-12755 | 32625 | |
APSB18-21 | CVE-2018-12756 | 32626 | |
APSB18-21 | CVE-2018-12757 | 32627 | |
APSB18-21 | CVE-2018-12758 | 32628 | |
APSB18-21 | CVE-2018-12760 | 32629 | |
APSB18-21 | CVE-2018-12761 | 32630 | |
APSB18-21 | CVE-2018-12762 | 32631 | |
APSB18-21 | CVE-2018-12763 | 32632 | |
APSB18-21 | CVE-2018-12764 | 32633 | |
APSB18-21 | CVE-2018-12765 | 32634 | |
APSB18-21 | CVE-2018-12766 | 32635 | |
APSB18-21 | CVE-2018-12767 | 32636 | |
APSB18-21 | CVE-2018-12768 | 32637 | |
APSB18-21 | CVE-2018-12770 | 32638 | |
APSB18-21 | CVE-2018-12771 | 32639 | |
APSB18-21 | CVE-2018-12772 | 32640 | |
APSB18-21 | CVE-2018-12773 | 32641 | |
APSB18-21 | CVE-2018-12774 | 32642 | |
APSB18-21 | CVE-2018-12776 | 32643 | |
APSB18-21 | CVE-2018-12777 | 32644 | |
APSB18-21 | CVE-2018-12779 | 32645 | |
APSB18-21 | CVE-2018-12780 | 32646 | |
APSB18-21 | CVE-2018-12781 | 32647 | |
APSB18-21 | CVE-2018-12782 | 32648 | |
APSB18-21 | CVE-2018-12783 | 32649 | |
APSB18-21 | CVE-2018-12784 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
APSB18-21 | CVE-2018-12785 | 32650 | |
APSB18-21 | CVE-2018-12786 | 32651 | |
APSB18-21 | CVE-2018-12787 | 32652 | |
APSB18-21 | CVE-2018-12788 | 32653 | |
APSB18-21 | CVE-2018-12789 | 32654 | |
APSB18-21 | CVE-2018-12790 | 32655 | |
APSB18-21 | CVE-2018-12791 | 32656 | |
APSB18-21 | CVE-2018-12792 | 32657 | |
APSB18-21 | CVE-2018-12802 | Vendor Deemed Reproducibility or Exploitation Unlikely | |
APSB18-21 | CVE-2018-12793 | 32658 | |
APSB18-21 | CVE-2018-12794 | 32659 | |
APSB18-21 | CVE-2018-12795 | 32660 | |
APSB18-21 | CVE-2018-12796 | 32661 | |
APSB18-21 | CVE-2018-12797 | 32662 | |
APSB18-21 | CVE-2018-12798 | 32663 | |
APSB18-24 | CVE-2018-5007 | 32559 | |
APSB18-24 | CVE-2018-5008 | 32560 |
Zero-Day Filters
There are no new zero-day filters in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.
Read More HERE