Tuesday, October 15, 2019
  • First Impressions and Cybersecurity
  • Getting on Top of Enterprise Cyber Risk Management
  • The Increasing UK Cyber Skills Gap
  • To Determine Insider Threat Risk, Chart It Out
  • Private Cloud vs Public Cloud Security Challenges

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
SBN News Security Bloggers Network 

Home » Cybersecurity » SBN News » VERT Threat Alert: September 2018 Patch Tuesday Analysis

VERT Threat Alert: September 2018 Patch Tuesday Analysis

by Tyler Reguly on September 11, 2018

Today’s VERT Alert addresses Microsoft’s September 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-796 on Wednesday, September 12th. 

In-The-Wild & Disclosed CVEs

CVE-2018-8440

This vulnerability was disclosed on Twitter on August 27th, and a high level analysis was published on August 28th. More recently, ESET published a write-up on the vulnerability after it was used in malware. The vulnerability takes advantage of a flaw in the task scheduler ALPC (Advanced Local Procedure Call) to escalate privileges.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8475

Microsoft has stated that this vulnerability has already been publicly disclosed, and it appears to present significant risk. A vulnerability in how Windows handles image files means that exploitation can occur simply by viewing the image.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8457

A vulnerability exists in the scripting engine found in Microsoft browsers around their method of handling objects in memory. Successful exploitation of the vulnerability could lead to code execution in the context of the current user. The update changes how the scripting engine handles objects in memory.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8409

This denial-of-service vulnerability impacts System.IO.Piplines available in .NET Core and ASP.NET Core. Microsoft has released a detailed write-up as part of the ASP.NET Core project.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)

Other Information

In addition to the Microsoft vulnerabilities included in the September Security Guidance, a pair of security advisories were also made available.

Windows Denial of Service Vulnerability [ADV180022]

Microsoft has released an advisory for CVE-2018-5391 (“FragmentSmack”), which allows attackers to (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-threat-alert-september-2018-patch-tuesday-analysis/

September 11, 2018September 11, 2018 Tyler Reguly Microsoft, Patch Tuesday, VERT, vulnerability
  • ← Patch Tuesday, September 2018 Edition
  • Taking Stock: The Internet of Things, and Machine Learning Algorithms at War →

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Establishing and Growing Your Security Framework
DevOps Chat: Interactive App Testing, With Synopsys
iTunes for Windows Zero-Day Exploited for Ransomware
Keeping Digital Assets Safe: Security for DAM
To Determine Insider Threat Risk, Chart It Out
New Reductor Nation-State Malware Compromises TLS
20 DevSecOps Pros Reveal the Most Important Considerations in Building a DevSecOps Pipeline
Understanding DDoS attacks: a guide for WordPress administrators
What steps can companies take to adopt a Zero Trust approach to security?
MY TAKE: CASBs help companies meet ‘shared responsibility’ for complex, rising cloud risks

Upcoming Webinars

Mon 21

Open Source Security – Weighing the Pros and Cons

October 21 @ 1:00 pm - 2:00 pm
Wed 23

6 Essential Steps to Avoid Container Security Vulnerabilities

October 23 @ 11:00 am - 12:00 pm
Nov 14

Top Cybersecurity Threats and How SIEM Protects Against Them

November 14 @ 11:00 am - 12:00 pm
Nov 18

Scaling DevSecOps

November 18 @ 1:00 pm - 2:00 pm
Nov 19

SAP Concur’s Cloud Journey

November 19 @ 1:00 pm - 2:00 pm
Dec 09

Cloud Security – Keeping Serverless Data Safe

December 9 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

7 Reasons Why CISOs Should Care About DevSecOps

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Getting on Top of Enterprise Cyber Risk Management
Cybersecurity Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) 

Getting on Top of Enterprise Cyber Risk Management

October 15, 2019 Syed Abdur | 2 hours ago 0
Keeping Digital Assets Safe: Security for DAM
Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) 

Keeping Digital Assets Safe: Security for DAM

October 14, 2019 Gilad David Maayan | Yesterday 0
Establishing and Growing Your Security Framework
Cybersecurity Industry Spotlight Security Awareness Security Boulevard (Original) 

Establishing and Growing Your Security Framework

October 11, 2019 Simon Hall | 4 days ago 0

Top Stories

iTunes for Windows Zero-Day Exploited for Ransomware
Application Security Cybersecurity Data Security Featured Malware News Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

iTunes for Windows Zero-Day Exploited for Ransomware

October 14, 2019 Richi Jennings | Yesterday 0
OASIS to Lead Cybersecurity Interoperability Initiative
Cybersecurity Featured News Security Awareness Security Boulevard (Original) Spotlight 

OASIS to Lead Cybersecurity Interoperability Initiative

October 8, 2019 Michael Vizard | Oct 08 0
Android Zero-Day Panic as Ancient Linux Flaw Forgotten
Cybersecurity Featured Incident Response Malware Mobile Security News Popular Post Security Boulevard (Original) Spotlight 

Android Zero-Day Panic as Ancient Linux Flaw Forgotten

October 7, 2019 Richi Jennings | Oct 07 0

Security Humor

via  Luke Kingma  and  Lou Patrick-Mackay  at  Futurism Cartoons

Luke Kingma’s & Lou Patrick-Mackay’s Futurism Comics, ‘Heat Tolerant’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.