Last week, three interesting vulnerabilities popped up on the news and security feeds. Researchers disclosed CVE-2017-5753 and CVE-2017-5715, collectively known as Spectre, and CVE-2017-5754, known as Meltdown. These vulnerabilities take advantage of “speculative execution” of instructions performed by many modern microprocessors and can potentially allow an unprivileged attacker to read privileged memory allocated to the operating system kernel resulting in unintended information disclosure.

In order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Trend Micro’s TippingPoint devices are closed systems that only allow our trusted code to be executed. The underlying CPU and OS combination in the TippingPoint devices may be affected by these vulnerabilities; however, because our systems are closed with an inability to run arbitrary code, there is no vector to exploit. As of the writing of this blog, there are no known attacks that impact TippingPoint products. Our team will continue to monitor the situation and inform our customers of any updates.

On January 5, 2018, we released DV filter 30191 outside of our normal schedule to provide protection against a published remote JavaScript exploit of the Spectre vulnerability. Our team will continue to monitor the situation and will release additional filters as needed. Customers with concerns or further questions can contact the Trend Micro TippingPoint Technical Assistance Center (TAC). If you have other Trend Micro solutions, you can visit Trend Micro Business Support to get additional information.

TippingPoint Product Updates

Earlier this week, we released the following new releases for TippingPoint products:

Security Management System (SMS) Patches

The following patches include minor enhancements, bug fixes and address security issues:

SMS Version Patch Software
SMS v4.4.0 2 SMS_Patch-4.4.0.57192.2.pkg
SMS v4.5.0 1 SMS_Patch-4.5.0.98012.1.pkg
SMS v4.6.0 1 SMS_Patch-4.6.0.101914.1.pkg
SMS v5.0.0 1 SMS_Patch-5.0.0.106258.1.pkg

 

TippingPoint Operating System (TOS) v5.0.1 for Threat Protection System (TPS)

Version 5.0.1 build 4821 has been released for the TPS family (vTPS, 440T, 2200T, 8200TX, 8400TX) of devices.

TOS version 5.0.1.4821 will be released to manufacturing on March 31, 2018. All TPS family hardware appliances (440T, 2200T, 8200TX, 8400TX) will be manufactured with 5.0.1.4821 as January 9, 2018. This TOS release improves the overall security of the TPS and vTPS security devices, and resolves a number of issues.

For the complete list of enhancements and changes, customers can refer to the product release notes located on the Threat Management Center (TMC) website or contact the TippingPoint Technical Assistance Center (TAC) for questions or technical assistance.

Microsoft Updates

Due to the Meltdown and Spectre vulnerabilities, Microsoft issued an out-of-band update. The following table maps Digital Vaccine filters to the Microsoft updates issued on January 3, 2018:

CVE # Digital Vaccine Filter # Status
CVE-2018-0741 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0743 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0744 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0745 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0746 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0747 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0748 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0749 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0750 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0751 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0752 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0753 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0754 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0758 30160
CVE-2018-0762 30167
CVE-2018-0766 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0767 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0768 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0769 30168
CVE-2018-0770 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0772 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0773 30169
CVE-2018-0774 30185
CVE-2018-0775 30186
CVE-2018-0776 30164
CVE-2018-0777 30162
CVE-2018-0778 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0780 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0781 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0788 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0800 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0803 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0818 Vendor Deemed Reproducibility or Exploitation Unlikely

 

This week’s Digital Vaccine® (DV) package includes coverage for Microsoft updates released on or before January 9, 2018. Security patches were released by Microsoft covering Internet Explorer (IE), Microsoft Edge, ChakraCore, Microsoft Windows, Microsoft Office, ASP.NET, and the .NET Framework. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ January 2018 Security Update Review from the Zero Day Initiative:

CVE # Digital Vaccine Filter # Status
CVE-2018-0764 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0784 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0785 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0786 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0789 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0790 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0791 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0792 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0793 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0794 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0795 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0796 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0797 30163
CVE-2018-0798 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0799 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0801 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0802 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0804 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0805 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0806 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0807 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0812 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-0819 Vendor Deemed Reproducibility or Exploitation Unlikely

 

Adobe Security Update

This week’s Digital Vaccine® (DV) package also includes coverage for Adobe updates released on or before January 9, 2018. The following table maps Digital Vaccine filters to the Adobe updates.

Bulletin # CVE # Digital Vaccine Filter # Status
APSB18-01 CVE-2018-4871 30201

 

Zero-Day Filters

There are five new zero-day filters covering one vendor in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Adobe (5)

  • 29948: ZDI-CAN-5154: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 29962: ZDI-CAN-5210: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 29967: ZDI-CAN-5223: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 29971: ZDI-CAN-5227: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
  • 29973: ZDI-CAN-5239: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.