Home » Cybersecurity » SBN News » VERT Threat Alert: July 2018 Patch Tuesday Analysis

VERT Threat Alert: July 2018 Patch Tuesday Analysis

by Tyler Reguly on July 10, 2018

Today’s VERT Alert addresses Microsoft’s July 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-786 on Wednesday, July 11th.

In-The-Wild & Disclosed CVEs

CVE-2018-8278

Microsoft Edge is vulnerable to a spoofing vulnerability that could allow an attacker to design a malicious fake website that appears to be legitimate. This is due to how Microsoft Edge handles HTML content.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE-2018-8313

A privilege escalation within the Windows Kernel API could allow attackers to impersonate processes, interject cross-process communication, or interrupt system functionality. This attack requires that an authenticated, local user run a purpose-built application. Changes were made to how the Windows Kernel API enforces permissions to resolve this vulnerability.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE-2018-8314

Attackers can escalate privileges and escape a sandbox due to failure in how Windows file picker handles paths. This could allow an attacker to gain higher levels of access but does not specifically allow code execution, attackers would need to pair this attack with another vulnerability if code execution is the desired goal.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) for older software releases (the latest software release is not affected).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag	CVE Count	CVEs
Microsoft WordPad	1	CVE-2018-8307
Active Directory	1	CVE-2018-8326
ASP.NET	1	CVE-2018-8171
Microsoft Windows	6	CVE-2018-8206, CVE-2018-8313, CVE-2018-8319, CVE-2018-8305, CVE-2018-8308, CVE-2018-8309
Microsoft PowerShell	1	CVE-2018-8327
Microsoft Devices	1	CVE-2018-8306
.NET Framework	4	CVE-2018-8202, CVE-2018-8356, CVE-2018-8260, CVE-2018-8284
Microsoft Edge	8	CVE-2018-8262, CVE-2018-8274, CVE-2018-8278, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-alert-july-2018/

July 10, 2018July 10, 2018 Tyler Reguly Microsoft, Patch Tuesday, VERT

Tyler Reguly

Tyler Reguly is Associate Director, Security R&D at Fortra, responsible for overseeing a team of researchers that provide the security expertise for the company’s integrity and compliance monitoring solution. Tyler joined Fortra in 2022 when the company acquired Tripwire, where Tyler had been a part of the research team for more than fifteen years. In addition to security research, Tyler has worked closely with Fanshawe College, from which he graduated with a diploma in Computer Systems Technology, developing five courses including subjects like Advanced Hacker Techniques & Tactics, Hacking and Exploits, Malware Research, Evolving Technologies and Threats, and Python Programming. He has also taught all five courses that he developed on multiple occasions.

tyler-reguly has 119 posts and counting.See all posts by tyler-reguly