Tuesday, October 3, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • Broken ARM: Mali Malware Pwns Phones
  • DEF CON 31 - Thomas Chauchefoin’s, Paul Gerste’s ‘Visual Studio Code Is Why I Have Workspace Trust Issues’
  • Akamai Sees Surge of Cyberattacks Aimed at Financial Services
  • Open Redirect Flaws as a Phishing Tactic
  • Wake-Up Call: New SEC Disclosure Rules Spark Incident Response Revolution
SBN News Security Bloggers Network 

Home » Cybersecurity » SBN News » VERT Threat Alert: July 2018 Patch Tuesday Analysis

SBN

VERT Threat Alert: July 2018 Patch Tuesday Analysis

by Tyler Reguly on July 10, 2018

Today’s VERT Alert addresses Microsoft’s July 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-786 on Wednesday, July 11th.

AWS Builder Community Hub

In-The-Wild & Disclosed CVEs

CVE-2018-8278

Microsoft Edge is vulnerable to a spoofing vulnerability that could allow an attacker to design a malicious fake website that appears to be legitimate. This is due to how Microsoft Edge handles HTML content.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE-2018-8313

A privilege escalation within the Windows Kernel API could allow attackers to impersonate processes, interject cross-process communication, or interrupt system functionality. This attack requires that an authenticated, local user run a purpose-built application. Changes were made to how the Windows Kernel API enforces permissions to resolve this vulnerability.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE-2018-8314

Attackers can escalate privileges and escape a sandbox due to failure in how Windows file picker handles paths. This could allow an attacker to gain higher levels of access but does not specifically allow code execution, attackers would need to pair this attack with another vulnerability if code execution is the desired goal.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) for older software releases (the latest software release is not affected).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag
CVE Count
CVEs
Microsoft WordPad
1
CVE-2018-8307
Active Directory
1
CVE-2018-8326
ASP.NET
1
CVE-2018-8171
Microsoft Windows
6
CVE-2018-8206, CVE-2018-8313, CVE-2018-8319, CVE-2018-8305, CVE-2018-8308, CVE-2018-8309
Microsoft PowerShell
1
CVE-2018-8327
Microsoft Devices
1
CVE-2018-8306
.NET Framework
4
CVE-2018-8202, CVE-2018-8356, CVE-2018-8260, CVE-2018-8284
Microsoft Edge
8
CVE-2018-8262, CVE-2018-8274, CVE-2018-8278, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-alert-july-2018/

July 10, 2018July 10, 2018 Tyler Reguly Microsoft, Patch Tuesday, VERT
  • ← Microsoft Fixes 54 Vulnerabilities on July’s Patch Tuesday
  • SolarWinds Acquires Trusted Metrics →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Wed 11

ASPM: Leveling the AppSec Playing Field

October 11 @ 1:00 pm - 2:00 pm
Mon 16

Shadow Access: Where IAM Meets Cloud Security

October 16 @ 3:00 pm - 4:00 pm
Tue 17

Securing Cloud-Native Applications Across the Software Development Life Cycle

October 17 @ 11:00 am - 12:00 pm
Wed 18

Live Workshop on ‘SCA 2.0’: Using Runtime Analysis to Find High-Risk SCA Vulnerabilities

October 18 @ 12:00 pm - 1:30 pm
Thu 19

Managing Security Posture and Entitlements in the Cloud

October 19 @ 1:00 pm - 2:00 pm
Tue 24

When Seconds Matter: Real-Time Cloud Security With AWS and Sysdig

October 24 @ 11:00 am - 12:00 pm
Tue 24

Reporting From the Pipeline: The State of Software Security in DevOps

October 24 @ 1:00 pm - 2:00 pm
Thu 26

How to Shift Left the Right Way

October 26 @ 3:00 pm - 4:00 pm
Mon 30

Zero-Trust

October 30 @ 1:00 pm - 2:00 pm
Tue 31

AppSec 101: Complete Application Security Across the SDLC

October 31 @ 11:00 am - 12:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

Don’t Say ‘Skynet’ — NSA’s AI Security Center is New Hub for Agency Efforts
Cryptomining Attacks: The Stealth Threat to Your Cloud Security
Federal Shutdown Raises Cybersecurity Risks, Experts Warn
Boards are Finally Taking Cybersecurity Seriously
How to Talk So Your CISO Will Listen
DEF CON 31 – Joseph Gabay’s ‘Warshopping- Phreaking Smart Shopping Cart Wheels Through RF Sniffing’
What You Need to Know About the libwebp Exploit
Methods To Protect Yourself From Identity Theft
2023 OWASP Top-10 Series: API10:2023 Unsafe Consumption of APIs
What Is mTLS? The Essential Guide You Can’t Afford to Miss

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

Broken ARM: Mali Malware Pwns Phones
Analytics & Intelligence API Security Application Security AppSec Cybersecurity Data Privacy Data Security Deep Fake and Other Social Engineering Tactics Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight IOT IoT & ICS Security Malware Mobile Security Most Read This Week News Popular Post Securing the Edge Security at the Edge Security Awareness Security Boulevard (Original) Social Engineering Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

Broken ARM: Mali Malware Pwns Phones

October 3, 2023 Richi Jennings | 1 hour ago 0
Don’t Say ‘Skynet’ — NSA’s AI Security Center is New Hub for Agency Efforts
AI and Machine Learning in Security AI and ML in Security Analytics & Intelligence Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Privacy Data Security Editorial Calendar Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight IOT IoT & ICS Security Malware Most Read This Week Network Security News Popular Post Regulatory Compliance Securing the Cloud Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Don’t Say ‘Skynet’ — NSA’s AI Security Center is New Hub for Agency Efforts

October 2, 2023 Richi Jennings | Yesterday 0
CISA Rolls Out a HBOM Framework to Secure Hardware Components
Cloud Security Cybersecurity Featured Industry Spotlight Network Security News Security Boulevard (Original) Spotlight Threats & Breaches 

CISA Rolls Out a HBOM Framework to Secure Hardware Components

September 29, 2023 Jeffrey Burt | 3 days ago 0

Top Stories

Akamai Sees Surge of Cyberattacks Aimed at Financial Services
Analytics & Intelligence Application Security Cybersecurity Data Privacy Data Security Featured Governance, Risk & Compliance Incident Response Malware News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Akamai Sees Surge of Cyberattacks Aimed at Financial Services

October 3, 2023 Michael Vizard | 2 hours ago 0
Threat Groups Accelerating the Use of Dual Ransomware Attacks
Analytics & Intelligence Cybersecurity Data Security Featured Identity & Access Malware Network Security News Security Boulevard (Original) Spotlight Threats & Breaches 

Threat Groups Accelerating the Use of Dual Ransomware Attacks

October 2, 2023 Jeffrey Burt | Yesterday 0
Network Security Firm IronNet Ends Operations, Plans for Bankruptcy
Cloud Security Cybersecurity Data Security Featured Network Security News Security Boulevard (Original) Spotlight 

Network Security Firm IronNet Ends Operations, Plans for Bankruptcy

October 2, 2023 Jeffrey Burt | Yesterday 0

Security Humor

A tailor’s dummy hand is separated from its arm

Broken ARM: Mali Malware Pwns Phones

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.