Thursday, September 20, 2018
  • Magecart Hackers Stole Customers Payment Card Data from Newegg
  • Sustes Malware: CPU for Monero
  • Amazon Hit from Within, Employees Leak Proprietary Data for Profit
  • Multi-cloud use, regulatory compliance and information protection drive new era of encryption and key management in France
  • Server Maintenance Checklist: 15 Common Issues and How to Fix Them

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
SBN News Security Bloggers Network 

Home » Cybersecurity » SBN News » VERT Threat Alert: September 2018 Patch Tuesday Analysis

VERT Threat Alert: September 2018 Patch Tuesday Analysis

by Tyler Reguly on September 11, 2018

Today’s VERT Alert addresses Microsoft’s September 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-796 on Wednesday, September 12th. 

In-The-Wild & Disclosed CVEs

CVE-2018-8440

This vulnerability was disclosed on Twitter on August 27th, and a high level analysis was published on August 28th. More recently, ESET published a write-up on the vulnerability after it was used in malware. The vulnerability takes advantage of a flaw in the task scheduler ALPC (Advanced Local Procedure Call) to escalate privileges.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8475

Microsoft has stated that this vulnerability has already been publicly disclosed, and it appears to present significant risk. A vulnerability in how Windows handles image files means that exploitation can occur simply by viewing the image.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8457

A vulnerability exists in the scripting engine found in Microsoft browsers around their method of handling objects in memory. Successful exploitation of the vulnerability could lead to code execution in the context of the current user. The update changes how the scripting engine handles objects in memory.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8409

This denial-of-service vulnerability impacts System.IO.Piplines available in .NET Core and ASP.NET Core. Microsoft has released a detailed write-up as part of the ASP.NET Core project.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)

Other Information

In addition to the Microsoft vulnerabilities included in the September Security Guidance, a pair of security advisories were also made available.

Windows Denial of Service Vulnerability [ADV180022]

Microsoft has released an advisory for CVE-2018-5391 (“FragmentSmack”), which allows attackers to (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-threat-alert-september-2018-patch-tuesday-analysis/

September 11, 2018September 11, 2018 Tyler Reguly 0 Comments Microsoft, Patch Tuesday, VERT, vulnerability
  • ← Patch Tuesday, September 2018 Edition
  • Taking Stock: The Internet of Things, and Machine Learning Algorithms at War →
Featured Blog

2 weeks ago

A Brighter Future For DevSecOps? It’s Closer Than You Think

1 month ago

Secure Code Dojo: How to Defeat SQL Injection

2 months ago

Why gamification is the key to leveling up your software security

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Study Finds Mobile Fraud, Threats Soar
Our All White Male Panel Discusses Diversity in Cybersecurity – CISO/Security Vendor Relationship Podcast
NVR Software Flaw Threatens Thousands of Devices
Do You Have Security Champions in Your Company?
Unusual IoT Botnet Removes Cryptomining Malware from Devices
50 Best Cloud Security Podcasts
Erlang Authenticated Remote Code Execution
8 critical safety tips for safer online banking
FIDO2: The Passwordless Web is Coming
Healthcare’s Many Cybersecurity Challenges — Security Awareness (CyberSpeak Podcast)

Upcoming Webinars

Jun 29

Security as Code

June 29, 2017 @ 1:00 pm - 2:00 pm
Wed 27

Better Training for Better Security

September 27, 2017 @ 1:00 pm - 2:00 pm
Jan 18

Your Resolution for 2018: Five Principles For Securing DevOps

January 18 @ 11:00 am - 12:00 pm
Apr 02

RSA 2018- What’s Hot in the Cyber Security Space

April 2 @ 1:00 pm - 2:00 pm
Feb 12

How Machine Learning & AI Will Improve Cyber Security

February 12 @ 1:00 pm - 2:00 pm
Jan 11

On-Demand Viewing: Is GDPR Getting Ready to Give Your Company the Left Hook?

January 11 @ 8:00 am - 5:00 pm
Feb 22

2018 – The Year Ahead in Cybersecurity

February 22 @ 11:00 am - 12:00 pm
Feb 15

Implementing Secure DevOps: Challenges and Opportunities

February 15 @ 1:00 pm - 2:00 pm
Mar 07

After the Data Breach: Stolen Credentials

March 7 @ 3:00 pm - 4:00 pm
Mar 01

Seven Deadly Saves To Security With Integrations

March 1 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The State of Security RSA Special Report

CISO/Security Vendor Relationship Series

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Do You Have Security Champions in Your Company?
Cybersecurity Industry Spotlight Security Awareness Security Boulevard (Original) 

Do You Have Security Champions in Your Company?

September 18, 2018 Shubham Vashist | 2 days ago 0
What the Healthcare Industry Needs: Cybersecurity Pros
Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) 

What the Healthcare Industry Needs: Cybersecurity Pros

September 13, 2018 Tom Gilheany | Sep 13 0
Security Gets ‘Baked In’ at VMworld
DevOps Industry Spotlight Security Boulevard (Original) 

Security Gets ‘Baked In’ at VMworld

September 12, 2018 Tim Woods | Sep 12 0

Top Stories

Unusual IoT Botnet Removes Cryptomining Malware from Devices
Featured IoT & ICS Security Malware News Security Boulevard (Original) Spotlight 

Unusual IoT Botnet Removes Cryptomining Malware from Devices

September 19, 2018 Lucian Constantin | Yesterday 0
NVR Software Flaw Threatens Thousands of Devices
Featured IoT & ICS Security Network Security News Security Boulevard (Original) Spotlight Vulnerabilities 

NVR Software Flaw Threatens Thousands of Devices

September 18, 2018 Lucian Constantin | 1 day ago 0
IT Security: Bomgar to Become BeyondTrust
Cybersecurity Featured Identity & Access News Spotlight 

IT Security: Bomgar to Become BeyondTrust

September 14, 2018 Michael Vizard | Sep 14 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.