Cisco Threat Defense Bulletin S978 April 19, 2017

CSIO banner left
Globe banner right


In This Issue
News and Notes
Supported Sensor Software Versions
Release Summary
New Vulnerability and Exploit Protections
Retired Signatures
Sensor Update Information
Security Research Library

Cisco Security Intelligence Operations
Threat Map
Identify, Analyze, Defend
Comprehensive threat intelligence, analysis, and defense to help inform and protect organizations.


Your feedback makes our bulletin better! Please tell us what you love and what you would change at ips-news@cisco.com.

View the web version of this bulletin.

Download the S978 sensor package (sensor only).


Subscribe and Unsubscribe links are located at the bottom of the bulletin, or click here

News and Notes


End-of-Sale for Cisco Services for Intrusion Prevention System Support Program

Cisco announces the end-of-sale and end-of-life dates for the Cisco Services for Intrusion Prevention System (IPS) Support Program.
Please refer to the following link for Details:
End-of-Sale for Cisco Services for Intrusion Prevention System Support Program


To view the list of products already past the End of Signature Support, click here


 
Supported Sensor Software Versions

Signature updates are currently tested on the following sensor software releases according to the terms
defined in the End-of-Sale Policy for Signature File Release on Intrusion Detection and Prevention (IDS/IPS) Sensors:


7.1(11) (Released: 07/DEC/2015)

7.1(11p1) (Released: 11/APR/2016)

7.2(2) (Released: 05/FEB/2014)

7.3(5) (Released: 15/FEB/2016)


Please upgrade to the latest sensor software versions to ensure correct sensor operation and effective signature coverage.


Release S978 - April 19, 2017
Release Summary
Vulnerability CVE Severity Risk Rating Signature ID History Status
McAfee VirusScan HTTP... CVE-2016-8024 High 85 7899.0 New Enabled
Microsoft Internet Exp... CVE-2017-0210 High 85 7913.0 New Enabled
Microsoft Internet Exp... CVE-2017-0201 High 85 7915.0 New Enabled
Microsoft Internet Inf... CVE-2017-7269 High 85 7904.0 New Enabled
New Vulnerability and Exploit Protections
McAfee VirusScan HTTP ...
Vulnerability Disclosed: 3/23/2017
A vulnerability in McAfee VirusScan Enterprise for Linux could allow an unauthenticated, remote attacker to gain access to sensitive information on a targeted system. The vulnerability is due to improper handling of HTTP requests by the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. If the user clicks the link, HTTP response headers could be spoofed, which could allow the attacker to access sensitive information, including system logs, on the targeted system.
Severity Description Protected Since Signature ID Event Action
High McAfee Virus Scan HTTP Response Splitting 7899.0 produce-alert

Microsoft Internet Inf...
Vulnerability Disclosed: 3/31/2017
A vulnerability in the ScStoragePathFromUrl function in the WebDaV service in Microsoft Internet Information Services (IIS) could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to insufficient validation of an IF header in a PROPFIND request by the affected software. An attacker could exploit this vulnerability by sending a crafted PROPFIND request beginning with the IF header to a targeted system. An exploit could trigger a buffer overflow condition that could allow the attacker to execute arbitrary code in the security context of the user who is running the affected application. If the user has elevated privileges, a successful exploit could result in a complete system compromise.
Severity Description Protected Since Signature ID Event Action
High Microsoft Internet Information Services Buffer Overflow 7904.0 produce-alert

Microsoft Internet Exp...
Vulnerability Disclosed: 4/11/2017
A vulnerability in Microsoft Internet Explorer could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper enforcement of cross-domain policies by the affected software. An attacker could exploit this vulnerability by persuading a user to view a malicious website. A successful exploit could allow the attacker view sensitive information in one domain and inject the information into another domain. A successful exploit of this vulnerability, in conjunction with a vulnerability that allows remote code execution, could allow an attacker to execute arbitrary code on the targeted system.
Severity Description Protected Since Signature ID Event Action
High Microsoft Internet Explorer Cross Site Scripting 7913.0 produce-alert
More Details:

Microsoft Internet Exp...
Vulnerability Disclosed: 4/11/2017
A vulnerability in the JScript and VBScript scripting engines used by Microsoft Internet Explorer could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper memory operations by the JScript and VBScript scripting engines, which are used by Internet Explorer, when handling crafted content. An attacker could exploit the vulnerability by persuading a user to follow a malicious link or open a malicious file. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user. If the user has elevated privileges, the attacker could compromise the targeted system completely.
Severity Description Protected Since Signature ID Event Action
High Microsoft Internet Explorer Type Confusion 7915.0 produce-alert
More Details:

Retired Signatures

Signature ID Previous Status Signature Name Threat Name
7829.0 New Ubuntu Apport CrashDB Code Injection Ubuntu Apport CrashDB ...
7898.0 New GNU Wget Redirection Request Handling Arbitrary File Write GNU Wget Redirection R...

* Inline sensor with Event Action Override set to "deny-packet-inline" at Risk Rating 90 (Cisco default configuration)

Sensor Update Information

Signature Updates

Signature updates may be downloaded automatically by Cisco Security Manager (CSM), IPS Manager Express (IME) and Cisco Security Monitoring, Analysis, and Response System (CS-MARS). The following links are for manual downloads.

Sensor Appliance Updates
IPS 4300, and 4500 Series sensors, IDSM-2 Catalyst module, AIM-IPS module, ASA-AIP IPS module


IOS IPS Updates
IOS IPS in Mainline and T-Train Releases prior to 12.4(11)T (Includes NEW Basic and Advanced Set)
IOS IPS in 12.4(11)T or later T-Train


Cisco Security Manager
Please click 
here to download the latest Cisco Security Manager (CSM) signature update package.



Security Research Library
Increase your knowledge of today's vulnerabilities, tomorrow's threats, and the technology necessary to keep up.
Cisco Security Intelligence Operations
Comprehensive threat intelligence, analysis, and defense to help inform and protect organizations.
Cyber Risk Reports
Weekly strategic intelligence product that highlights current security activity and mid- to long-range perspectives, also available as a podcast.
Listen
Cisco IntelliShield Alerts
Up-to-the-minute, actionable intelligence, in-depth vulnerability analysis, and highly reliable threat validation to assist in proactive prevention.
Cisco Applied Mitigation Bulletins
Techniques that use Cisco product abilities to detect and mitigate the most important security events and vulnerabilities.
Security Multimedia Library
Podcasts, video datasheets, webcasts and videos with solutions for today's problems.
Cisco Security Intelligence Operations Tactical Resources
Guidance on specific technologies and problem sets to help organizations secure business applications and processes by identifying, preventing, and adapting to threats.
Cisco Security Services
Professional services to support your Self-Defending Network.
Cisco Security Solutions
Discover the breadth of Cisco solutions available to solve your organization's security issues.
Cisco Security Blog
Collaborate with the Cisco Security Community and gain insights into emerging security threats, trends, and best practices.



This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document at any time.

Contacts | Feedback | Subscribe | Unsubscribe
Terms & Conditions | Privacy Statement | Trademarks of Cisco Systems Inc.

© 1992-2014 Cisco Systems Inc. All rights reserved.

Cisco Systems, Inc.
Corporate Headquarters 
170 West Tasman Dr.
San Jose, CA 95134
USA