Sunday, December 6, 2020
  • Phishing Attacks on Your Brand are Unrelenting, AI is the Only Way to Fight Back
  • Germany’s Anti-Semitic Phonetic Alphabet
  • DEF CON 28 Safe Mode Aerospace Village – Allan Tart’s & Fabian Landis’ ‘Low Cost VHF Receiver’
  • XKCD ‘Contiguous 41 States’
  • DEF CON 28 Safe Mode Aerospace Village – Matt Gaffney’s ‘MITM: The Mystery In The Middle’

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » VERT Threat Alert: August 2018 Patch Tuesday Analysis

VERT Threat Alert: August 2018 Patch Tuesday Analysis

by Tyler Reguly on August 14, 2018

Today’s VERT Alert addresses Microsoft’s August 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-792 on Wednesday, August 15th.

In-The-Wild & Disclosed CVEs

CVE-2018-8373

A vulnerability exists within the scripting engine in Internet Explorer. An attacker exploiting this vulnerability via a malicious webpage or Office document, could execute code in the context of the current user.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely) for the latest software release, however exploitation has been detected on older releases.

CVE-2018-8414

Windows Shell does not always properly validate file paths. An attacker that convinces a user to visit a malicious page, click a malicious link, or open a malicious attachment could execute code in the context of the current user.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

 

Tag
CVE Count
CVEs
Microsoft Windows PDF
1
CVE-2018-8350
Windows Kernel
5
CVE-2018-8399, CVE-2018-8404, CVE-2018-8341, CVE-2018-8347, CVE-2018-8348
Windows Diagnostic Hub
1
CVE-2018-0952
Microsoft Windows
2
CVE-2018-8345, CVE-2018-8346
SQL Server
1
CVE-2018-8273
Microsoft Edge
6
CVE-2018-8358, CVE-2018-8370, CVE-2018-8377, CVE-2018-8383, CVE-2018-8388, CVE-2018-8387
Microsoft Graphics Component
9
CVE-2018-8394, CVE-2018-8396, CVE-2018-8397, CVE-2018-8398, CVE-2018-8400, CVE-2018-8401, CVE-2018-8405, CVE-2018-8406, CVE-2018-8344
.NET Framework
1
CVE-2018-8360
Microsoft Browsers
3
CVE-2018-8403, CVE-2018-8351, CVE-2018-8357
Device Guard
2
CVE-2018-8204, CVE-2018-8200
Windows Installer
1
CVE-2018-8339
Windows NDIS
1
CVE-2018-8343
Windows Shell
2
CVE-2018-8253, CVE-2018-8414
Windows Authentication Methods
1
CVE-2018-8340
Microsoft Exchange Server
2
CVE-2018-8302, CVE-2018-8374
Internet Explorer
1
CVE-2018-8316
Windows RNDIS
1
CVE-2018-8342
Windows COM
1
CVE-2018-8349
Microsoft Office
6
CVE-2018-8375, CVE-2018-8376, CVE-2018-8378, CVE-2018-8379, CVE-2018-8382, CVE-2018-8412
Microsoft Scripting Engine
13
CVE-2018-8266, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8380, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/august-2018-patch-tuesday/

August 14, 2018August 14, 2018 Tyler Reguly Vulnerability Management
  • ← The Value-add of Combining SOAR with Existing Security Technologies
  • Building values to love your team →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Michael Clark

Prevent Catastrophic Data Loss in the Cloud

Rich Gardner

CISO Roundtable: What We’ve Heard, and What We’re Looking Forward To

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Brazil Govt’s Huge Leak: Health Data of 243M
Securing the Office of the Future
California Federal Court Weighs In (Again) on Social Media Scraping
Web App Security: Don’t Let the Code Injection Grinch Steal Holiday Joy
U.S. Election Security (and Insecurities)
Drupal Core: Behind the Vulnerability
The Future Of Work: The Hybrid Workforce
VMware Horizon Architecture: Planning Your Deployment
There’s a RAT in my code: new npm malware with Bladabindi trojan spotted
“Free” Symchanger Malware Tricks Users Into Installing Backdoor

Upcoming Webinars

Mon 07

The Battle for Container Security

December 7 @ 1:00 pm - 2:00 pm
Tue 08

XDR (Extended Detection and Response): The Next Generation of Protection

December 8 @ 11:00 am - 12:00 pm
Thu 10

Data Security for Contact Centers Leveraging Cloud Technologies

December 10 @ 3:00 pm - 4:00 pm
Mon 14

Issues and Answers in Cloud Security

December 14 @ 1:00 pm - 2:00 pm
Tue 15

3 Things to Get Right for Successful DevSecOps

December 15 @ 3:00 pm - 4:00 pm
Wed 16

Unsolved Problems in Open Source Security

December 16 @ 11:00 am - 12:00 pm
Wed 16

Securing Medical Apps in the Age of COVID-19: How to Close Security Gaps and Meet Accelerated Demand

December 16 @ 1:00 pm - 2:00 pm
Wed 16

Deliver your App Anywhere … Publicly or Privately

December 16 @ 3:00 pm - 4:00 pm
Thu 17

Secure Your Peace of Mind and Your Mobile App While Giving Developers Back Their Happy Coding Time

December 17 @ 11:00 am - 12:00 pm
Thu 17

Solving Kubernetes Security Challenges Using Red Hat OpenShift and Sysdig

December 17 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Why Hackers Love the Pandemic
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

Why Hackers Love the Pandemic

December 4, 2020 Chris Hallenback | 2 days ago 0
Security and COVID-19: Securing the New Normal
Cybersecurity Data Security Industry Spotlight Network Security Security Boulevard (Original) 

Security and COVID-19: Securing the New Normal

December 3, 2020 DAVID CANELLOS | 3 days ago 0
Web App Security: Don’t Let the Code Injection Grinch Steal Holiday Joy
Cybersecurity Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Web App Security: Don’t Let the Code Injection Grinch Steal Holiday Joy

December 2, 2020 Ameet Naik | 4 days ago 0

Top Stories

Brazil Govt’s Huge Leak: Health Data of 243M
Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured News Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

Brazil Govt’s Huge Leak: Health Data of 243M

December 4, 2020 Richi Jennings | 1 day ago 0
Second Swiss Firm Said to Be CIA Encryption Puppet
Analytics & Intelligence Cyberlaw Cybersecurity Featured News Security Boulevard (Original) Spotlight Threat Intelligence 

Second Swiss Firm Said to Be CIA Encryption Puppet

November 30, 2020 Richi Jennings | Nov 30 0
Unisys Adds Visualization Tools to Stealth Platform
Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Unisys Adds Visualization Tools to Stealth Platform

November 30, 2020 Michael Vizard | Nov 30 0

Security Humor

via the comic delivery system monikered Randall Munroe resident at XKCD !

XKCD ‘Contiguous 41 States’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2020 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.