Home » Cybersecurity » SBN News » VERT Threat Alert: June 2018 Patch Tuesday Analysis

VERT Threat Alert: June 2018 Patch Tuesday Analysis

by Tyler Reguly on June 12, 2018

Today’s VERT Alert addresses Microsoft’s June 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-782 on Wednesday, June 13th.

In-The-Wild & Disclosed CVEs

CVE-2018-8267

This code execution vulnerability exists in Internet Explorer’s scripting engine and relates to the handling of objects in memory. Successful exploitation would lead to code execution in the context of the current user. This could be used in a drive-by attack but also by utilizing ActiveX within a Microsoft office document.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag	CVE Count	CVEs
Windows Hyper-V	2	CVE-2018-8218, CVE-2018-8219
Microsoft NTFS	1	CVE-2018-1036
Microsoft Windows	14	CVE-2018-8175, CVE-2018-8205, CVE-2018-8208, CVE-2018-8209, CVE-2018-8210, CVE-2018-8213, CVE-2018-8214, CVE-2018-8225, CVE-2018-8226, CVE-2018-8231, CVE-2018-8239, CVE-2018-0982, CVE-2018-1040, CVE-2018-8251
Microsoft Edge	6	CVE-2018-0871, CVE-2018-8110, CVE-2018-8111, CVE-2018-8234, CVE-2018-8235, CVE-2018-8236
Device Guard	7	CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221
Windows Kernel	4	CVE-2018-8207, CVE-2018-8224, CVE-2018-8233, CVE-2018-8121
Internet Explorer	3	CVE-2018-0978, CVE-2018-8113, CVE-2018-8249
Windows Shell	1	CVE-2018-8140
HID Parser Library	1	CVE-2018-8169
Microsoft Office	7	CVE-2018-8244, CVE-2018-8245, CVE-2018-8246, CVE-2018-8247, CVE-2018-8248, CVE-2018-8252, CVE-2018-8254
Microsoft Scripting Engine	4	CVE-2018-8227, CVE-2018-8229, CVE-2018-8243, CVE-2018-8267

Other Information

In addition to the Microsoft vulnerabilities included in the June Security Guidance, a security advisory was also made available.

Microsoft Guidance for Speculative Store Bypass [ADV180012]

On May 21, Microsoft published an advisory describing hardware vulnerabilities that involve speculative execution side channel attacks. The vulnerability “Speculative Store Bypass” (SSB) was assigned CVE-2018-3630. Today, the advisory was updated to announce support for Speculative Store Bypass Disable (SSBD) in Intel Processors.

Microsoft Guidance for Rogue System Registry Read [ADV180013]

Also on (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-threat-alert-june-2018-patch-tuesday-analysis/

June 12, 2018June 12, 2018 Tyler Reguly Microsoft, Patch Tuesday, VERT

Tyler Reguly

Tyler Reguly is Associate Director, Security R&D at Fortra, responsible for overseeing a team of researchers that provide the security expertise for the company’s integrity and compliance monitoring solution. Tyler joined Fortra in 2022 when the company acquired Tripwire, where Tyler had been a part of the research team for more than fifteen years. In addition to security research, Tyler has worked closely with Fanshawe College, from which he graduated with a diploma in Computer Systems Technology, developing five courses including subjects like Advanced Hacker Techniques & Tactics, Hacking and Exploits, Malware Research, Evolving Technologies and Threats, and Python Programming. He has also taught all five courses that he developed on multiple occasions.

tyler-reguly has 119 posts and counting.See all posts by tyler-reguly