VERT Threat Alert: July 2018 Patch Tuesday Analysis - Security Boulevard
Saturday, July 31, 2021
  • Wiper Malware Threat Looms Over Tokyo Olympics
  • GDPR: What Cloud Service Providers Should Know
  • API Attack Traffic Grew 300+% In the Last Six Months
  • How to Make Threat Detection Better?
  • CISO Stories Podcast: Ransomware Attacks and the True Cost to Business

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
SBN News Security Bloggers Network 

Home » Cybersecurity » SBN News » VERT Threat Alert: July 2018 Patch Tuesday Analysis

VERT Threat Alert: July 2018 Patch Tuesday Analysis

by Tyler Reguly on July 10, 2018

Today’s VERT Alert addresses Microsoft’s July 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-786 on Wednesday, July 11th.

In-The-Wild & Disclosed CVEs

CVE-2018-8278

Microsoft Edge is vulnerable to a spoofing vulnerability that could allow an attacker to design a malicious fake website that appears to be legitimate. This is due to how Microsoft Edge handles HTML content.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE-2018-8313

A privilege escalation within the Windows Kernel API could allow attackers to impersonate processes, interject cross-process communication, or interrupt system functionality. This attack requires that an authenticated, local user run a purpose-built application. Changes were made to how the Windows Kernel API enforces permissions to resolve this vulnerability.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE-2018-8314

Attackers can escalate privileges and escape a sandbox due to failure in how Windows file picker handles paths. This could allow an attacker to gain higher levels of access but does not specifically allow code execution, attackers would need to pair this attack with another vulnerability if code execution is the desired goal.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) for older software releases (the latest software release is not affected).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag
CVE Count
CVEs
Microsoft WordPad
1
CVE-2018-8307
Active Directory
1
CVE-2018-8326
ASP.NET
1
CVE-2018-8171
Microsoft Windows
6
CVE-2018-8206, CVE-2018-8313, CVE-2018-8319, CVE-2018-8305, CVE-2018-8308, CVE-2018-8309
Microsoft PowerShell
1
CVE-2018-8327
Microsoft Devices
1
CVE-2018-8306
.NET Framework
4
CVE-2018-8202, CVE-2018-8356, CVE-2018-8260, CVE-2018-8284
Microsoft Edge
8
CVE-2018-8262, CVE-2018-8274, CVE-2018-8278, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-alert-july-2018/

July 10, 2018July 10, 2018 Tyler Reguly Microsoft, Patch Tuesday, VERT
  • ← Microsoft Fixes 54 Vulnerabilities on July’s Patch Tuesday
  • SolarWinds Acquires Trusted Metrics →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Most Read on the Boulevard

Enterprise Security Essentials
Phishing Used to Get PII, not Just Ransomware
Anti-Vax Lies Spread on YouTube—Paid for ‘by Russian PR Company’
Shadow IT, Cloud-Based Malware Increase AppSec Risks
CTCI a Game-Changer for Threat Intel
7 Cybersecurity Tips for Remote Working
Top 5 Benefits of Cloud Infrastructure Security 
Why IaaS Security Should be a Priority
API Security 101: Broken Function Level Authorization
What Security Lessons Can Come From the Kaseya Ransomware Attack?

Upcoming Webinars

Aug 03

The Next Thinking Regarding Cloud-Native Application Security: Don’t Let Complex Application Landscapes Complicate Security Further

August 3 @ 3:00 pm - 4:00 pm
Aug 12

Tackling Developer Security Training

August 12 @ 1:00 pm - 2:00 pm
Aug 24

How to Harden EKS With Terraform and Snyk

August 24 @ 11:00 am - 12:00 pm
Aug 30

API Security

August 30 @ 1:00 pm - 2:00 pm
Sep 08

Keys or Certs for SSH Access? Why Should I Care?

September 8 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Cyberresilience: Your Data Insurance Policy
Cybersecurity Data Security Incident Response Industry Spotlight Security Awareness Security Boulevard (Original) 

Cyberresilience: Your Data Insurance Policy

July 30, 2021 Stacy Hayes | Yesterday 0
Elevating Web App Security to a National Priority
Application Security Cybersecurity Governance, Risk & Compliance Industry Spotlight Security Awareness Security Boulevard (Original) 

Elevating Web App Security to a National Priority

July 29, 2021 Mark Ralls | 2 days ago 0
Colonial Pipeline Hinted at Critical Infrastructure Threat
Cybersecurity Governance, Risk & Compliance Incident Response Industry Spotlight IoT & ICS Security Network Security Security Boulevard (Original) Threat Intelligence Threats & Breaches 

Colonial Pipeline Hinted at Critical Infrastructure Threat

July 28, 2021 Robert Tafoya | 3 days ago 0

Top Stories

Estonian Hacker Steals 300,000 Government ID Photos
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Featured Governance, Risk & Compliance Identity & Access Incident Response Malware Network Security News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Estonian Hacker Steals 300,000 Government ID Photos

July 30, 2021 Richi Jennings | Yesterday 0
Anti-Vax Lies Spread on YouTube—Paid for ‘by Russian PR Company’
Analytics & Intelligence Cyberlaw Cybersecurity Deep Fake and Other Social Engineering Tactics Editorial Calendar Featured Governance, Risk & Compliance Incident Response News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence 

Anti-Vax Lies Spread on YouTube—Paid for ‘by Russian PR Company’

July 26, 2021 Richi Jennings | 4 days ago 0
Apple’s Insecure iPhone Lets NSO Hack Journalists (Again)
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Incident Response Malware Mobile Security News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Apple’s Insecure iPhone Lets NSO Hack Journalists (Again)

July 20, 2021 Richi Jennings | Jul 20 0

Security Humor

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® !

The Joy of Tech® ‘Hello Again!’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.