Tuesday, January 21, 2020
  • HITRUST & PASSWORDS: 7 Important Password Policies for HITRUST
  • Benefits of teaching employees to hack
  • Malware spotlight: Wabbit
  • Ransomware Infects Main Server of Large Insurance Company in Oman
  • The Move to Multiple Public Clouds Creates Security Silos

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
SBN News Security Bloggers Network 

Home » Cybersecurity » SBN News » VERT Threat Alert: July 2018 Patch Tuesday Analysis

VERT Threat Alert: July 2018 Patch Tuesday Analysis

by Tyler Reguly on July 10, 2018

Today’s VERT Alert addresses Microsoft’s July 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-786 on Wednesday, July 11th.

In-The-Wild & Disclosed CVEs

CVE-2018-8278

Microsoft Edge is vulnerable to a spoofing vulnerability that could allow an attacker to design a malicious fake website that appears to be legitimate. This is due to how Microsoft Edge handles HTML content.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE-2018-8313

A privilege escalation within the Windows Kernel API could allow attackers to impersonate processes, interject cross-process communication, or interrupt system functionality. This attack requires that an authenticated, local user run a purpose-built application. Changes were made to how the Windows Kernel API enforces permissions to resolve this vulnerability.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE-2018-8314

Attackers can escalate privileges and escape a sandbox due to failure in how Windows file picker handles paths. This could allow an attacker to gain higher levels of access but does not specifically allow code execution, attackers would need to pair this attack with another vulnerability if code execution is the desired goal.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) for older software releases (the latest software release is not affected).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag
CVE Count
CVEs
Microsoft WordPad
1
CVE-2018-8307
Active Directory
1
CVE-2018-8326
ASP.NET
1
CVE-2018-8171
Microsoft Windows
6
CVE-2018-8206, CVE-2018-8313, CVE-2018-8319, CVE-2018-8305, CVE-2018-8308, CVE-2018-8309
Microsoft PowerShell
1
CVE-2018-8327
Microsoft Devices
1
CVE-2018-8306
.NET Framework
4
CVE-2018-8202, CVE-2018-8356, CVE-2018-8260, CVE-2018-8284
Microsoft Edge
8
CVE-2018-8262, CVE-2018-8274, CVE-2018-8278, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-alert-july-2018/

July 10, 2018July 10, 2018 Tyler Reguly Microsoft, Patch Tuesday, VERT
  • ← Microsoft Fixes 54 Vulnerabilities on July’s Patch Tuesday
  • SolarWinds Acquires Trusted Metrics →
Featured Blog

Enzoic

Automate Password Policy & NIST Password Guidelines

Enzoic

HITRUST & PASSWORDS: 7 Important Password Policies for HITRUST

Enzoic

Cybersecurity Trends to Watch in 2020

Enzoic

Employee Password Security for Healthcare Providers

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Compliance and Privacy in the GDPR Era
Clop Ransomware Not Just a CryptoMix Variant
Oracle Spews 334 Patches, Many Critical. You Know the Drill
NIST Publishes Privacy Framework
IT Teams Need More Than Password Managers
5 Cybersecurity Threats That Will Dominate 2020
NSA: Microsoft Releases Patch to Fix Latest Windows 10 Vulnerability
2019 in Review: Data Breach Statistics and Trends
SIM Swap Attacks are making SMS Two-Factor Authentication Obsolete
How to eliminate false positives in file integrity monitoring on WordPress

Upcoming Webinars

Wed 22

The Guide to Managing the Security of Your SaaS and Cloud Providers

January 22 @ 11:00 am - 12:00 pm
Feb 04

From Dystopia to Opportunity: Stories from the Future of Cybersecurity

February 4 @ 1:00 pm - 2:00 pm
Feb 05

Top Cybersecurity Threats and How SIEM Protects Against Them

February 5 @ 1:00 pm - 2:00 pm
Feb 14

The Role of Security Technologists in Public Policy

February 14 @ 11:00 am - 12:00 pm
Feb 25

New Paradigms for the Next Era of Security

February 25 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Open Source Security: Weighing the Pros and Cons

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Best Practices in Database Security Planning
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

Best Practices in Database Security Planning

January 21, 2020 Andrew Herlands | 8 hours ago 0
IT Teams Need More Than Password Managers
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

IT Teams Need More Than Password Managers

January 20, 2020 Chandramouli Dorai | Yesterday 0
Compliance and Privacy in the GDPR Era
Cybersecurity Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) 

Compliance and Privacy in the GDPR Era

January 17, 2020 Jamie Manuel | 4 days ago 0

Top Stories

Security Compass CEO Sets DevSecOps Strategy
Cybersecurity DevOps Featured News Security Boulevard (Original) Spotlight 

Security Compass CEO Sets DevSecOps Strategy

January 21, 2020 Michael Vizard | 4 hours ago 0
Keep Telnet Off the Internet – Here’s Why
Cybersecurity Data Security DevOps Featured Identity & Access IoT & ICS Security Network Security News Security Boulevard (Original) Spotlight 

Keep Telnet Off the Internet – Here’s Why

January 20, 2020 Richi Jennings | Yesterday 0
Oracle Spews 334 Patches, Many Critical. You Know the Drill
Cybersecurity Data Security DevOps Featured Network Security News Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

Oracle Spews 334 Patches, Many Critical. You Know the Drill

January 17, 2020 Richi Jennings | 3 days ago 0

Security Humor

via the comic delivery system monikered Randall Munroe at XKCD !

XKCD ‘Unsubscribe Message’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2020 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.