Monday, March 8, 2021
  • 3 Hiking Principles That Made Me a Better CISO
  • Diversifying the Cybersecurity Workforce this International Women’s Day
  • Keep Your Eye on the Camera
  • The Deepfake Dilemma, Microsoft Exchange Zero-Days, IT Security Investments
  • The Humanity and Evolution of Cyber

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » VERT Threat Alert: August 2018 Patch Tuesday Analysis

VERT Threat Alert: August 2018 Patch Tuesday Analysis

by Tyler Reguly on August 14, 2018

Today’s VERT Alert addresses Microsoft’s August 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-792 on Wednesday, August 15th.

In-The-Wild & Disclosed CVEs

CVE-2018-8373

A vulnerability exists within the scripting engine in Internet Explorer. An attacker exploiting this vulnerability via a malicious webpage or Office document, could execute code in the context of the current user.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely) for the latest software release, however exploitation has been detected on older releases.

CVE-2018-8414

Windows Shell does not always properly validate file paths. An attacker that convinces a user to visit a malicious page, click a malicious link, or open a malicious attachment could execute code in the context of the current user.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

 

Tag
CVE Count
CVEs
Microsoft Windows PDF
1
CVE-2018-8350
Windows Kernel
5
CVE-2018-8399, CVE-2018-8404, CVE-2018-8341, CVE-2018-8347, CVE-2018-8348
Windows Diagnostic Hub
1
CVE-2018-0952
Microsoft Windows
2
CVE-2018-8345, CVE-2018-8346
SQL Server
1
CVE-2018-8273
Microsoft Edge
6
CVE-2018-8358, CVE-2018-8370, CVE-2018-8377, CVE-2018-8383, CVE-2018-8388, CVE-2018-8387
Microsoft Graphics Component
9
CVE-2018-8394, CVE-2018-8396, CVE-2018-8397, CVE-2018-8398, CVE-2018-8400, CVE-2018-8401, CVE-2018-8405, CVE-2018-8406, CVE-2018-8344
.NET Framework
1
CVE-2018-8360
Microsoft Browsers
3
CVE-2018-8403, CVE-2018-8351, CVE-2018-8357
Device Guard
2
CVE-2018-8204, CVE-2018-8200
Windows Installer
1
CVE-2018-8339
Windows NDIS
1
CVE-2018-8343
Windows Shell
2
CVE-2018-8253, CVE-2018-8414
Windows Authentication Methods
1
CVE-2018-8340
Microsoft Exchange Server
2
CVE-2018-8302, CVE-2018-8374
Internet Explorer
1
CVE-2018-8316
Windows RNDIS
1
CVE-2018-8342
Windows COM
1
CVE-2018-8349
Microsoft Office
6
CVE-2018-8375, CVE-2018-8376, CVE-2018-8378, CVE-2018-8379, CVE-2018-8382, CVE-2018-8412
Microsoft Scripting Engine
13
CVE-2018-8266, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8380, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/august-2018-patch-tuesday/

August 14, 2018August 14, 2018 Tyler Reguly Vulnerability Management
  • ← What Is an EV Multi-Domain SSL Certificate Revocation Information and Reporting Policy?
  • Building values to love your team →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Chinese Exchange Hack: At Best, Microsoft is Incompetent
A Close Call Prompts Security Reassessment
Okta Acquisition of Auth0 Signals DevSecOps Shift Left
Zero-Trust in a Trusting World
HIPAA Security Requirements: What They Really Mean
Why Less Can Be More When It Comes to Cybersecurity
Three Top Russian Cybercrime Forums Hacked
Akamai Identified as a Leader in DDoS Mitigation by Forrester
The State of K-12 Cybersecurity Education
Active/Active Multi-Region Systems on Steroids With Serverless

Upcoming Webinars

Tue 09

Zero Trust Journey – A Security Leader’s Story

March 9 @ 11:00 am - 12:00 pm
Mon 15

Don’t Get Attached to Your Attachment!

March 15 @ 9:00 am - 10:00 am
Mon 15

Managing Security in a Decentralized World

March 15 @ 1:00 pm - 2:00 pm
Wed 17

API Security: Everything You Need to Know To Protect Your APIs

March 17 @ 1:00 pm - 2:00 pm
Mon 22

The Main Application Security Technologies to Adopt in 2021

March 22 @ 1:00 pm - 2:00 pm
Tue 30

Application Security in the Rapid Digital Transformation Age

March 30 @ 1:00 pm - 2:00 pm
Wed 31

The Anatomy of an Account Takeover Attack

March 31 @ 3:00 pm - 4:00 pm
Apr 01

Pharma Drama: An Interactive Crisis Simulation of an Insider Threat

April 1 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

3 Hiking Principles That Made Me a Better CISO
CISO Suite Cybersecurity Industry Spotlight Security Boulevard (Original) 

3 Hiking Principles That Made Me a Better CISO

March 8, 2021 Jack Hamm | 1 hour ago 0
Decentralizing Cloud Security Management
Cloud Security Cybersecurity Governance, Risk & Compliance Industry Spotlight Security Awareness Security Boulevard (Original) 

Decentralizing Cloud Security Management

March 5, 2021 Michael Salleo | 3 days ago 0
A Close Call Prompts Security Reassessment
Application Security Cybersecurity Data Security Industry Spotlight Malware Security Boulevard (Original) 

A Close Call Prompts Security Reassessment

March 4, 2021 Rui Ribeiro | 4 days ago 0

Top Stories

Chinese Exchange Hack: At Best, Microsoft is Incompetent
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Chinese Exchange Hack: At Best, Microsoft is Incompetent

March 4, 2021 Richi Jennings | 3 days ago 0
Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it

March 2, 2021 Richi Jennings | Mar 02 0
‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It

February 26, 2021 Richi Jennings | Feb 26 0

Security Humor

via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics

Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 319’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.