Thursday, November 15, 2018
  • Juniper Networks: Cryptomining Exploit Targeting Docker Containers
  • DerbyCon 2018, Deral Heiland’s ‘Hardware Slashing, Smashing And Reconstructing For Root Access’
  • Veritas Predictive Insights Uses Artificial Intelligence and Machine Learning to Predict and Prevent Unplanned Service
  • The Open Source Conundrum
  • Identify Good UEBA Data with “Feature Analysis”

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
SBN News Security Bloggers Network 

Home » Cybersecurity » SBN News » VERT Threat Alert: September 2018 Patch Tuesday Analysis

VERT Threat Alert: September 2018 Patch Tuesday Analysis

by Tyler Reguly on September 11, 2018

Today’s VERT Alert addresses Microsoft’s September 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-796 on Wednesday, September 12th. 

In-The-Wild & Disclosed CVEs

CVE-2018-8440

This vulnerability was disclosed on Twitter on August 27th, and a high level analysis was published on August 28th. More recently, ESET published a write-up on the vulnerability after it was used in malware. The vulnerability takes advantage of a flaw in the task scheduler ALPC (Advanced Local Procedure Call) to escalate privileges.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8475

Microsoft has stated that this vulnerability has already been publicly disclosed, and it appears to present significant risk. A vulnerability in how Windows handles image files means that exploitation can occur simply by viewing the image.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8457

A vulnerability exists in the scripting engine found in Microsoft browsers around their method of handling objects in memory. Successful exploitation of the vulnerability could lead to code execution in the context of the current user. The update changes how the scripting engine handles objects in memory.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8409

This denial-of-service vulnerability impacts System.IO.Piplines available in .NET Core and ASP.NET Core. Microsoft has released a detailed write-up as part of the ASP.NET Core project.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)

Other Information

In addition to the Microsoft vulnerabilities included in the September Security Guidance, a pair of security advisories were also made available.

Windows Denial of Service Vulnerability [ADV180022]

Microsoft has released an advisory for CVE-2018-5391 (“FragmentSmack”), which allows attackers to (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-threat-alert-september-2018-patch-tuesday-analysis/

September 11, 2018September 11, 2018 Tyler Reguly Microsoft, Patch Tuesday, VERT, vulnerability
  • ← Patch Tuesday, September 2018 Edition
  • Taking Stock: The Internet of Things, and Machine Learning Algorithms at War →
Featured Blog

Fortinet All Blogs

New Loki Variant Being Spread By Phishing Email

Fortinet All Blogs

Predictions: AI Fuzzing and Machine Learning Poisoning

Fortinet All Blogs

As the Holiday Season Draws Near, Mobile Malware Attacks Are Prevalent

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Hackers Exploit Recently Patched ColdFusion Vulnerability
The Changing Face of Web Application Security
The Top 5 Industries Grappling with Bad Bots
Convergence of Security, Networking Services Accelerates
Hackers Exploit Critical Flaw in WordPress GDPR Compliance Plug-in
How to choose the best password manager | Avast
How to Increase Security in Your Smart Home
Your Definitive Guide to Information Security Conferences in 2019
Dharma Ransomware: What It’s Teaching Us
Security Vulnerabilities identified in Washington, Georgia, and North Carolina’s voting systems

Upcoming Webinars

Tue 27

2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyber Defenses

November 27 @ 11:00 am - 12:00 pm
Thu 29

Cloud Security: What You Need to Know

November 29 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The Four Current Threats Enterprises Can’t Ignore

CISO/Security Vendor Relationship Series

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Move Over, Ransomware: Cryptojacking is the New Kid in Town
Cybersecurity Endpoint Industry Spotlight Security Boulevard (Original) 

Move Over, Ransomware: Cryptojacking is the New Kid in Town

November 15, 2018 Nick Bilogorskiy | 15 hours ago 0
The Top 5 Industries Grappling with Bad Bots
Cybersecurity Industry Spotlight Malware Security Boulevard (Original) 

The Top 5 Industries Grappling with Bad Bots

November 13, 2018 Reid Tatoris | 2 days ago 0
The Changing Face of Web Application Security
Application Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

The Changing Face of Web Application Security

November 12, 2018 Tiffany Olson Kleemann | 3 days ago 0

Top Stories

Juniper Networks: Cryptomining Exploit Targeting Docker Containers
Cloud Security Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Juniper Networks: Cryptomining Exploit Targeting Docker Containers

November 15, 2018 Michael Vizard | 2 hours ago 0
Microsoft and Adobe Patch Zero-Day Vulnerabilities
Endpoint Featured News Security Boulevard (Original) Spotlight Vulnerabilities 

Microsoft and Adobe Patch Zero-Day Vulnerabilities

November 14, 2018 Lucian Constantin | Yesterday 0
Convergence of Security, Networking Services Accelerates
Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Convergence of Security, Networking Services Accelerates

November 13, 2018 Michael Vizard | 2 days ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.