Friday, September 18, 2020
  • U.S. Requires Servers to Ban TikTok, WeChat Traffic
  • Eliminating “Proof of Concept” Friction 
  • How standardizing access can make your business more secure and efficient
  • DuckDuckGo: Crazy Name, Growing Crazy-Fast
  • The JumpCloud Lounge Q&A Roundup: Enrolling in JumpCloud MDM, Pulling Disk Space, & Using Hardware for MFA

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
SBN News Security Bloggers Network 

Home » Cybersecurity » SBN News » VERT Threat Alert: September 2018 Patch Tuesday Analysis

VERT Threat Alert: September 2018 Patch Tuesday Analysis

by Tyler Reguly on September 11, 2018

Today’s VERT Alert addresses Microsoft’s September 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-796 on Wednesday, September 12th. 

In-The-Wild & Disclosed CVEs

CVE-2018-8440

This vulnerability was disclosed on Twitter on August 27th, and a high level analysis was published on August 28th. More recently, ESET published a write-up on the vulnerability after it was used in malware. The vulnerability takes advantage of a flaw in the task scheduler ALPC (Advanced Local Procedure Call) to escalate privileges.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8475

Microsoft has stated that this vulnerability has already been publicly disclosed, and it appears to present significant risk. A vulnerability in how Windows handles image files means that exploitation can occur simply by viewing the image.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8457

A vulnerability exists in the scripting engine found in Microsoft browsers around their method of handling objects in memory. Successful exploitation of the vulnerability could lead to code execution in the context of the current user. The update changes how the scripting engine handles objects in memory.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8409

This denial-of-service vulnerability impacts System.IO.Piplines available in .NET Core and ASP.NET Core. Microsoft has released a detailed write-up as part of the ASP.NET Core project.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)

Other Information

In addition to the Microsoft vulnerabilities included in the September Security Guidance, a pair of security advisories were also made available.

Windows Denial of Service Vulnerability [ADV180022]

Microsoft has released an advisory for CVE-2018-5391 (“FragmentSmack”), which allows attackers to (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-threat-alert-september-2018-patch-tuesday-analysis/

September 11, 2018September 11, 2018 Tyler Reguly Microsoft, Patch Tuesday, VERT, vulnerability
  • ← Patch Tuesday, September 2018 Edition
  • Taking Stock: The Internet of Things, and Machine Learning Algorithms at War →

TechStrong TV – Live Streaming

TechStrong TV - All Episodes
Featured Blog

blubracket

Git it right—How hackers exploit Git misconfigurations & what to do about it

blubracket

Uncovering Secrets in Code—A Case Study

blubracket

BluBracket Adds Stolen and Leaked Code Detection, Remediation to its CodeSecurity Suite

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

DataSecOps: Protecting Data in the Cloud
Intelligence-Sharing in Action: COVID-19 Cyber Threat Coalition
Black Hat Conference: Multi-Vector EDR, With Qualys
Using SaaS Backup and Recovery to Protect Your Data With a Virtual Air Gap
Perimeter 81 Looks to Take Firewall Appliances Out
Over 1 Million Patients and Donors Impacted by Inova Health System Data Breach
US Staffing Firm Artech Keeps Silent About Data Breach, Leaves Customers at Risk of Fraud for Eight Months
Why Are Some Cybersecurity Professionals Not Finding Jobs?
An Introduction to Hardware Hacking
Ransomware Was the Top Cyber Insurance Claim in Q1 2020

Upcoming Webinars

Mon 21

Managing the AppSec Toolstack

September 21 @ 1:00 pm - 2:00 pm
Tue 22

Preventing Code Leaks & Other Critical Security Risks from Code

September 22 @ 3:00 pm - 4:00 pm
Thu 24

Automating App Security with AI: How to Secure a Million Lines of Code in Five Minutes

September 24 @ 3:00 pm - 4:00 pm
Tue 29

Step-by-Step Guide to Protecting Web Apps with Google reCAPTCHA

September 29 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

How Your Vendor Access Management Tools Are Putting Your Company at Risk

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Patching in the Time of Remote Work
Cybersecurity Endpoint Industry Spotlight Security Boulevard (Original) 

Patching in the Time of Remote Work

September 18, 2020 Jason Short | 12 hours ago 0
Adopting Quantum-Safe Cryptography: Why Y2Q Will Be Too Late
Cybersecurity Data Security Industry Spotlight Security Awareness Security Boulevard (Original) Threats & Breaches 

Adopting Quantum-Safe Cryptography: Why Y2Q Will Be Too Late

September 17, 2020 Philip Lafrance | Yesterday 0
The Value of Data From a Consumer Perspective
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

The Value of Data From a Consumer Perspective

September 16, 2020 Mike Nelson | 2 days ago 0

Top Stories

U.S. Requires Servers to Ban TikTok, WeChat Traffic
Application Security Cybersecurity Featured News Security Boulevard (Original) Spotlight 

U.S. Requires Servers to Ban TikTok, WeChat Traffic

September 18, 2020 Mark Rasch | 1 hour ago 0
DuckDuckGo: Crazy Name, Growing Crazy-Fast
Cloud Security Cybersecurity Endpoint Featured Mobile Security News Security Awareness Security Boulevard (Original) Spotlight 

DuckDuckGo: Crazy Name, Growing Crazy-Fast

September 18, 2020 Richi Jennings | 3 hours ago 0
RangeForce Expands Security Training Cloud Service
Cybersecurity Featured Incident Response News Security Awareness Security Boulevard (Original) Spotlight 

RangeForce Expands Security Training Cloud Service

September 17, 2020 Michael Vizard | Yesterday 0

Security Humor

via the comic delivery system monikered Randall Munroe resident at XKCD !

XKCD ‘Common Star Types’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2020 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.