Friday, August 19, 2022
  • The four most important aspects of software due diligence audits
  • Debunking Quantum Cloud Myths
  • Gartner® Peer Insights™ “Voice of the Customer” Report Identifies Delphix as Customers’ Choice for Data Masking
  • VPNs Don’t Work on iOS — and Apple Doesn’t Care
  • 3 Reasons Why CISOs are Prioritizing Cyber Risk Quantification

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » VERT Threat Alert: August 2018 Patch Tuesday Analysis

SBN

VERT Threat Alert: August 2018 Patch Tuesday Analysis

by Tyler Reguly on August 14, 2018

Today’s VERT Alert addresses Microsoft’s August 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-792 on Wednesday, August 15th.

AppSec/API Security 2022

In-The-Wild & Disclosed CVEs

CVE-2018-8373

A vulnerability exists within the scripting engine in Internet Explorer. An attacker exploiting this vulnerability via a malicious webpage or Office document, could execute code in the context of the current user.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely) for the latest software release, however exploitation has been detected on older releases.

CVE-2018-8414

Windows Shell does not always properly validate file paths. An attacker that convinces a user to visit a malicious page, click a malicious link, or open a malicious attachment could execute code in the context of the current user.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

 

Tag
CVE Count
CVEs
Microsoft Windows PDF
1
CVE-2018-8350
Windows Kernel
5
CVE-2018-8399, CVE-2018-8404, CVE-2018-8341, CVE-2018-8347, CVE-2018-8348
Windows Diagnostic Hub
1
CVE-2018-0952
Microsoft Windows
2
CVE-2018-8345, CVE-2018-8346
SQL Server
1
CVE-2018-8273
Microsoft Edge
6
CVE-2018-8358, CVE-2018-8370, CVE-2018-8377, CVE-2018-8383, CVE-2018-8388, CVE-2018-8387
Microsoft Graphics Component
9
CVE-2018-8394, CVE-2018-8396, CVE-2018-8397, CVE-2018-8398, CVE-2018-8400, CVE-2018-8401, CVE-2018-8405, CVE-2018-8406, CVE-2018-8344
.NET Framework
1
CVE-2018-8360
Microsoft Browsers
3
CVE-2018-8403, CVE-2018-8351, CVE-2018-8357
Device Guard
2
CVE-2018-8204, CVE-2018-8200
Windows Installer
1
CVE-2018-8339
Windows NDIS
1
CVE-2018-8343
Windows Shell
2
CVE-2018-8253, CVE-2018-8414
Windows Authentication Methods
1
CVE-2018-8340
Microsoft Exchange Server
2
CVE-2018-8302, CVE-2018-8374
Internet Explorer
1
CVE-2018-8316
Windows RNDIS
1
CVE-2018-8342
Windows COM
1
CVE-2018-8349
Microsoft Office
6
CVE-2018-8375, CVE-2018-8376, CVE-2018-8378, CVE-2018-8379, CVE-2018-8382, CVE-2018-8412
Microsoft Scripting Engine
13
CVE-2018-8266, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8380, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/august-2018-patch-tuesday/

August 14, 2018August 14, 2018 Tyler Reguly Vulnerability Management
  • ← What Is an EV Multi-Domain SSL Certificate Revocation Information and Reporting Policy?
  • Building values to love your team →

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Subscribe to our Newsletters

Most Read on the Boulevard

Gmail Lets Candidates Spam You — FEC FAIL
The Power of Provenance: From Reactive to Proactive Cybersecurity
Lacework Adds Time Series Modeling to Cybersecurity Platform
Incident Response Teams Fight Back With Virtual Patching
Cybersecurity in the Wake of Ukraine
What the SEC Can Tell Us About Board Governance of Cyber Risk
The Week in Cybersecurity: MFA shortcomings paved the way for Cisco breach
1.5 Million Customers Impacted By US Bank Data Breach – Possible Lessons Learned
Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace
Black Hat: We Should Have Seen The Colonial Ransomware Attack Coming

Upcoming Webinars

Mon 22

API Security

August 22 @ 1:00 pm - 2:00 pm
Wed 24

Implementing Identity Access Prioritization and Risk-Based Alerting for High-Fidelity Alerts

August 24 @ 1:00 pm - 2:00 pm
Tue 30

CISO Talk Master Class Episode: Catch Lightning in a Bottle – The Essentials: Bringing It All Together

August 30 @ 1:00 pm - 2:00 pm
Sep 15

Finding Suspicious Events with AWS CloudTrail: Fundamentals and Best Practices

September 15 @ 11:00 am - 12:00 pm
Sep 19

Identity Zero-Trust: From Vision to Practical Implementation

September 19 @ 11:00 am - 12:00 pm
Sep 20

SaaS Security Trends, Challenges and Solutions for 2022

September 20 @ 11:00 am - 12:00 pm
Sep 21

Doing More With Less: How to Improve AppSec Programs When Budgets Decrease

September 21 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Industry Spotlight

Self-Driving Vehicles: A Serious Security Risk?
Cybersecurity Industry Spotlight Security Boulevard (Original) 

Self-Driving Vehicles: A Serious Security Risk?

August 19, 2022 Millie Fuller | 7 hours ago 0
4 Common Automotive Cybersecurity Vulnerabilities
Cybersecurity Industry Spotlight Security Boulevard (Original) 

4 Common Automotive Cybersecurity Vulnerabilities

August 19, 2022 Joe Agee | 8 hours ago 0
Gmail Lets Candidates Spam You — FEC FAIL
Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity DevOps Editorial Calendar Featured Governance, Risk & Compliance Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches 

Gmail Lets Candidates Spam You — FEC FAIL

August 15, 2022 Richi Jennings | 4 days ago 0

Top Stories

VPNs Don’t Work on iOS — and Apple Doesn’t Care
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cybersecurity Data Security Editorial Calendar Endpoint Featured Identity & Access Incident Response Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

VPNs Don’t Work on iOS — and Apple Doesn’t Care

August 19, 2022 Richi Jennings | 4 hours ago 0
Task Force Gives SMBs Blueprint to Defend Against Ransomware
Application Security Cybersecurity Data Security Featured Incident Response News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Vulnerabilities 

Task Force Gives SMBs Blueprint to Defend Against Ransomware

August 18, 2022 Teri Robinson | Yesterday 0
Radware Report Sees Major Spike in DDoS Attacks
Featured News Spotlight Uncategorized 

Radware Report Sees Major Spike in DDoS Attacks

August 17, 2022 Michael Vizard | 2 days ago 0

Security Humor

Daniel Stori's 'terminal transparency'

Daniel Stori’s ‘terminal transparency’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.