Today’s VERT Alert addresses Microsoft’s June 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-782 on Wednesday, June 13th.
In-The-Wild & Disclosed CVEs
This code execution vulnerability exists in Internet Explorer’s scripting engine and relates to the handling of objects in memory. Successful exploitation would lead to code execution in the context of the current user. This could be used in a drive-by attack but also by utilizing ActiveX within a Microsoft office document.
Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
CVE-2018-8175, CVE-2018-8205, CVE-2018-8208, CVE-2018-8209, CVE-2018-8210, CVE-2018-8213, CVE-2018-8214, CVE-2018-8225, CVE-2018-8226, CVE-2018-8231, CVE-2018-8239, CVE-2018-0982, CVE-2018-1040, CVE-2018-8251
CVE-2018-0871, CVE-2018-8110, CVE-2018-8111, CVE-2018-8234, CVE-2018-8235, CVE-2018-8236
CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221
CVE-2018-8207, CVE-2018-8224, CVE-2018-8233, CVE-2018-8121
CVE-2018-0978, CVE-2018-8113, CVE-2018-8249
HID Parser Library
CVE-2018-8244, CVE-2018-8245, CVE-2018-8246, CVE-2018-8247, CVE-2018-8248, CVE-2018-8252, CVE-2018-8254
Microsoft Scripting Engine
CVE-2018-8227, CVE-2018-8229, CVE-2018-8243, CVE-2018-8267
In addition to the Microsoft vulnerabilities included in the June Security Guidance, a security advisory was also made available.
On May 21, Microsoft published an advisory describing hardware vulnerabilities that involve speculative execution side channel attacks. The vulnerability “Speculative Store Bypass” (SSB) was assigned CVE-2018-3630. Today, the advisory was updated to announce support for Speculative Store Bypass Disable (SSBD) in Intel Processors.
Also on (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-threat-alert-june-2018-patch-tuesday-analysis/