Friday, January 18, 2019
  • The Joy of Tech®: ‘The Cost Of Netflix!’
  • With ⅓ of Enterprises Suffering from Weak or Exposed Passwords, Is Hollywood Part of the Problem?
  • Improvements to SiteCheck Website Scanner
  • Why Integrate Machine Identities with Hardware Security Modules?
  • BSides Delaware 2018, David Schuetz’ (@DarthNull) ‘How Things Work: A Deep Dive Into 1Password Security’

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » VERT Threat Alert: August 2018 Patch Tuesday Analysis

VERT Threat Alert: August 2018 Patch Tuesday Analysis

by Tyler Reguly on August 14, 2018

Today’s VERT Alert addresses Microsoft’s August 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-792 on Wednesday, August 15th.

In-The-Wild & Disclosed CVEs

CVE-2018-8373

A vulnerability exists within the scripting engine in Internet Explorer. An attacker exploiting this vulnerability via a malicious webpage or Office document, could execute code in the context of the current user.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely) for the latest software release, however exploitation has been detected on older releases.

CVE-2018-8414

Windows Shell does not always properly validate file paths. An attacker that convinces a user to visit a malicious page, click a malicious link, or open a malicious attachment could execute code in the context of the current user.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

 

Tag
CVE Count
CVEs
Microsoft Windows PDF
1
CVE-2018-8350
Windows Kernel
5
CVE-2018-8399, CVE-2018-8404, CVE-2018-8341, CVE-2018-8347, CVE-2018-8348
Windows Diagnostic Hub
1
CVE-2018-0952
Microsoft Windows
2
CVE-2018-8345, CVE-2018-8346
SQL Server
1
CVE-2018-8273
Microsoft Edge
6
CVE-2018-8358, CVE-2018-8370, CVE-2018-8377, CVE-2018-8383, CVE-2018-8388, CVE-2018-8387
Microsoft Graphics Component
9
CVE-2018-8394, CVE-2018-8396, CVE-2018-8397, CVE-2018-8398, CVE-2018-8400, CVE-2018-8401, CVE-2018-8405, CVE-2018-8406, CVE-2018-8344
.NET Framework
1
CVE-2018-8360
Microsoft Browsers
3
CVE-2018-8403, CVE-2018-8351, CVE-2018-8357
Device Guard
2
CVE-2018-8204, CVE-2018-8200
Windows Installer
1
CVE-2018-8339
Windows NDIS
1
CVE-2018-8343
Windows Shell
2
CVE-2018-8253, CVE-2018-8414
Windows Authentication Methods
1
CVE-2018-8340
Microsoft Exchange Server
2
CVE-2018-8302, CVE-2018-8374
Internet Explorer
1
CVE-2018-8316
Windows RNDIS
1
CVE-2018-8342
Windows COM
1
CVE-2018-8349
Microsoft Office
6
CVE-2018-8375, CVE-2018-8376, CVE-2018-8378, CVE-2018-8379, CVE-2018-8382, CVE-2018-8412
Microsoft Scripting Engine
13
CVE-2018-8266, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8380, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/august-2018-patch-tuesday/

August 14, 2018August 14, 2018 Tyler Reguly Vulnerability Management
  • ← SAP Security Notes August ‘18: SQL Injection in BusinessObjects and Several High Priority Notes to take care of.
  • Stock Options, IPOs and Acquisitions Accelerate Cybertalent Divide →

Predict 2019 Virtual Summit

Featured Blog

Fortinet All Blogs

A Layered Approach to Cybersecurity: People, Processes, and Technology

Fortinet All Blogs

The Security Implications for 5G and IoT

Fortinet All Blogs

Fighting the Evolution of Malware

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Can Smart Home Leaks Lead to Major Cyberattacks?
Is NTA Just Another Kind of IDS?
Government Shutdown’s Negative Impact on Federal Cybersecurity
Security Boulevard Chat: The Evolution of Network Security with FireMon’s Tim Woods
Ryuk Ransomware That Hit U.S. Newspapers Not State-Sponsored
Del Rio City Hall Disables Internet Connection for All Departments after Ransomware Attack
Q&A: Here’s why robust ‘privileged access management’ has never been more vital
Security Boulevard Chat: The Evolution of Network Security with FireMon’s Tim Woods
3 Reasons Why the Integration of Cybersecurity Tools is a Growing Imperative
The DDoS attacker rescued by a Disney cruise ship is sentenced to over 10 years in prison

Upcoming Webinars

Mon 28

Next-Generation Cybersecurity

January 28 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Mobile-to-Mainframe: The Definitive Guide to Achieving Compliance

CISO/Security Vendor Relationship Series

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Client Applications: A Hacker’s Easiest Target?
Cybersecurity DevOps Industry Spotlight Security Boulevard (Original) 

Client Applications: A Hacker’s Easiest Target?

January 18, 2019 Bill Horne | Yesterday 0
PKI Deployment: The Top 10 Definitive Answers
Cybersecurity Data Security Industry Spotlight Network Security Security Boulevard (Original) 

PKI Deployment: The Top 10 Definitive Answers

January 17, 2019 Mark B. Cooper | 1 day ago 0
Shopping for Secure IoT Devices
Cybersecurity Industry Spotlight IoT & ICS Security Security Boulevard (Original) 

Shopping for Secure IoT Devices

January 16, 2019 Yeshwant Chauhan | 2 days ago 0

Top Stories

Government, E-commerce Sites Hacked Through Database Tool
Data Security DevOps Featured News Security Boulevard (Original) Spotlight Vulnerabilities 

Government, E-commerce Sites Hacked Through Database Tool

January 18, 2019 Lucian Constantin | Yesterday 0
Fortnite Attack Allowed Taking Over Player Accounts
Application Security Data Security DevOps Featured Identity & Access News Security Boulevard (Original) Spotlight Vulnerabilities 

Fortnite Attack Allowed Taking Over Player Accounts

January 17, 2019 Lucian Constantin | 1 day ago 0
Barracuda Networks Embeds Incident Management in Email Security Suite
Cybersecurity Featured Incident Response News Security Boulevard (Original) Social Engineering Spotlight 

Barracuda Networks Embeds Incident Management in Email Security Suite

January 17, 2019 Michael Vizard | 1 day ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.