Saturday, January 19, 2019
  • 10 Internet security tips to make 2019 your most cyber secure year ever
  • Emsisoft’s free ransomware removal tools save users more than $500 million
  • The Joy of Tech®: ‘The Cost Of Netflix!’
  • With ⅓ of Enterprises Suffering from Weak or Exposed Passwords, Is Hollywood Part of the Problem?
  • Improvements to SiteCheck Website Scanner

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
SBN News Security Bloggers Network 

Home » Cybersecurity » SBN News » VERT Threat Alert: September 2018 Patch Tuesday Analysis

VERT Threat Alert: September 2018 Patch Tuesday Analysis

by Tyler Reguly on September 11, 2018

Today’s VERT Alert addresses Microsoft’s September 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-796 on Wednesday, September 12th. 

In-The-Wild & Disclosed CVEs

CVE-2018-8440

This vulnerability was disclosed on Twitter on August 27th, and a high level analysis was published on August 28th. More recently, ESET published a write-up on the vulnerability after it was used in malware. The vulnerability takes advantage of a flaw in the task scheduler ALPC (Advanced Local Procedure Call) to escalate privileges.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8475

Microsoft has stated that this vulnerability has already been publicly disclosed, and it appears to present significant risk. A vulnerability in how Windows handles image files means that exploitation can occur simply by viewing the image.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8457

A vulnerability exists in the scripting engine found in Microsoft browsers around their method of handling objects in memory. Successful exploitation of the vulnerability could lead to code execution in the context of the current user. The update changes how the scripting engine handles objects in memory.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8409

This denial-of-service vulnerability impacts System.IO.Piplines available in .NET Core and ASP.NET Core. Microsoft has released a detailed write-up as part of the ASP.NET Core project.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)

Other Information

In addition to the Microsoft vulnerabilities included in the September Security Guidance, a pair of security advisories were also made available.

Windows Denial of Service Vulnerability [ADV180022]

Microsoft has released an advisory for CVE-2018-5391 (“FragmentSmack”), which allows attackers to (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-threat-alert-september-2018-patch-tuesday-analysis/

September 11, 2018September 11, 2018 Tyler Reguly Microsoft, Patch Tuesday, VERT, vulnerability
  • ← Patch Tuesday, September 2018 Edition
  • Taking Stock: The Internet of Things, and Machine Learning Algorithms at War →

Predict 2019 Virtual Summit

Featured Blog

Fortinet All Blogs

A Layered Approach to Cybersecurity: People, Processes, and Technology

Fortinet All Blogs

The Security Implications for 5G and IoT

Fortinet All Blogs

Fighting the Evolution of Malware

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Can Smart Home Leaks Lead to Major Cyberattacks?
Government Shutdown’s Negative Impact on Federal Cybersecurity
Ryuk Ransomware That Hit U.S. Newspapers Not State-Sponsored
Windows VCF Zero-Day Exploit Allows Remote Code Execution
Shopping for Secure IoT Devices
Del Rio City Hall Disables Internet Connection for All Departments after Ransomware Attack
Q&A: Here’s why robust ‘privileged access management’ has never been more vital
3 Reasons Why the Integration of Cybersecurity Tools is a Growing Imperative
The DDoS attacker rescued by a Disney cruise ship is sentenced to over 10 years in prison
Risk Management In the Digital Age

Upcoming Webinars

Mon 28

Next-Generation Cybersecurity

January 28 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The State of Open Source Vulnerability Management

CISO/Security Vendor Relationship Series

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Client Applications: A Hacker’s Easiest Target?
Cybersecurity DevOps Industry Spotlight Security Boulevard (Original) 

Client Applications: A Hacker’s Easiest Target?

January 18, 2019 Bill Horne | Yesterday 0
PKI Deployment: The Top 10 Definitive Answers
Cybersecurity Data Security Industry Spotlight Network Security Security Boulevard (Original) 

PKI Deployment: The Top 10 Definitive Answers

January 17, 2019 Mark B. Cooper | 2 days ago 0
Shopping for Secure IoT Devices
Cybersecurity Industry Spotlight IoT & ICS Security Security Boulevard (Original) 

Shopping for Secure IoT Devices

January 16, 2019 Yeshwant Chauhan | 3 days ago 0

Top Stories

Government, E-commerce Sites Hacked Through Database Tool
Data Security DevOps Featured News Security Boulevard (Original) Spotlight Vulnerabilities 

Government, E-commerce Sites Hacked Through Database Tool

January 18, 2019 Lucian Constantin | Yesterday 0
Fortnite Attack Allowed Taking Over Player Accounts
Application Security Data Security DevOps Featured Identity & Access News Security Boulevard (Original) Spotlight Vulnerabilities 

Fortnite Attack Allowed Taking Over Player Accounts

January 17, 2019 Lucian Constantin | 1 day ago 0
Barracuda Networks Embeds Incident Management in Email Security Suite
Cybersecurity Featured Incident Response News Security Boulevard (Original) Social Engineering Spotlight 

Barracuda Networks Embeds Incident Management in Email Security Suite

January 17, 2019 Michael Vizard | 1 day ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.