Wednesday, December 6, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • CISA: Hackers Use ColdFusion Flaw to Breach Federal Agency
  • Adobe ColdFusion Vulnerability: SafeBreach Coverage for US-CERT Alert (AA23-339A)
  • DEF CON 31 - Joe Slowik’s ‘Contextualizing The Vulkan Leaks & State Sponsored Offensive Ops’
  • BlackCloak's Approach to Executive Cyber Health: Understanding, Measuring, and Securing
  • Top insights from SiGMA Malta to uplevel your 2024 iGaming fraud prevention strategy
SBN News Security Bloggers Network 

Home » Cybersecurity » SBN News » VERT Threat Alert: September 2018 Patch Tuesday Analysis

SBN

VERT Threat Alert: September 2018 Patch Tuesday Analysis

by Tyler Reguly on September 11, 2018

Today’s VERT Alert addresses Microsoft’s September 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-796 on Wednesday, September 12th. 

In-The-Wild & Disclosed CVEs

CVE-2018-8440

AI on ActionSponsorships Available

This vulnerability was disclosed on Twitter on August 27th, and a high level analysis was published on August 28th. More recently, ESET published a write-up on the vulnerability after it was used in malware. The vulnerability takes advantage of a flaw in the task scheduler ALPC (Advanced Local Procedure Call) to escalate privileges.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8475

Microsoft has stated that this vulnerability has already been publicly disclosed, and it appears to present significant risk. A vulnerability in how Windows handles image files means that exploitation can occur simply by viewing the image.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8457

A vulnerability exists in the scripting engine found in Microsoft browsers around their method of handling objects in memory. Successful exploitation of the vulnerability could lead to code execution in the context of the current user. The update changes how the scripting engine handles objects in memory.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely)

CVE-2018-8409

This denial-of-service vulnerability impacts System.IO.Piplines available in .NET Core and ASP.NET Core. Microsoft has released a detailed write-up as part of the ASP.NET Core project.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely)

Other Information

In addition to the Microsoft vulnerabilities included in the September Security Guidance, a pair of security advisories were also made available.

Windows Denial of Service Vulnerability [ADV180022]

Microsoft has released an advisory for CVE-2018-5391 (“FragmentSmack”), which allows attackers to (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-threat-alert-september-2018-patch-tuesday-analysis/

September 11, 2018September 11, 2018 Tyler Reguly Microsoft, Patch Tuesday, VERT, vulnerability
  • ← Patch Tuesday, September 2018 Edition
  • Taking Stock: The Internet of Things, and Machine Learning Algorithms at War →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Thu 07

Improved Patient Experience: What That Means for Your Cybersecurity Posture

December 7 @ 1:00 pm - 2:00 pm
Mon 11

How Boundless Software Accelerated Customer Onboarding With Calico Cloud and Amazon EKS

December 11 @ 11:00 am - 12:00 pm
Mon 11

API Security

December 11 @ 1:00 pm - 2:00 pm
Thu 14

AWS Immersion Day: Securing Your Infrastructure-as-Code With Snyk and HashiCorp

December 14 @ 1:00 pm - 3:00 pm
Tue 19

Best Practices to Secure and Protect Modern Software Applications

December 19 @ 9:00 am - 10:00 am
Feb 12

Ransomware

February 12, 2024 @ 1:00 pm - 2:00 pm
Mar 11

Securing Open Source

March 11, 2024 @ 1:00 pm - 2:00 pm
May 20

Zero-Trust

May 20, 2024 @ 1:00 pm - 2:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

Limiting Remote Access Exposure in Hybrid Work Environments
23andMe Finally Admits: 6.9 MILLION Users’ PII Breached
Exposed Hugging Face APIs Opened AI Models to Cyberattacks
P2PInfect Botnet Is Now Targeting MIPS-Based IoT Devices
Use Windows 10? You Must PAY for Security
Application Security Trends & Challenges with Tanya Janca
2023’s Dark Horse Cyber Story: Critical Infrastructure Attacks
How Kasada Counters Toll Fraud and Fake Account Creation for Enterprises
China continues Pig-Butchering Crack-down
STIX & TAXII Threat Intelligence: A Quick Guide

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Industry Spotlight

Use Windows 10? You Must PAY for Security
API Security Application Security AppSec Cybersecurity Data Privacy Data Security Editorial Calendar Endpoint Featured Humor Industry Spotlight IoT & ICS Security Malware Most Read This Week Network Security News Popular Post Ransomware Securing the Edge Security at the Edge Security Awareness Security Boulevard (Original) Security Challenges and Opportunities of Remote Work Software Supply Chain Security Spotlight Threats & Breaches Vulnerabilities 

Use Windows 10? You Must PAY for Security

December 6, 2023 Richi Jennings | Yesterday 0
Russian-Backed Hackers Target High-Value US, European Entities
Cybersecurity Data Security DevOps Industry Spotlight IoT & ICS Security Malware Network Security News Security Boulevard (Original) Social - X Social Engineering Spotlight Threat Intelligence 

Russian-Backed Hackers Target High-Value US, European Entities

December 6, 2023 Jeffrey Burt | Yesterday 0
23andMe Finally Admits: 6.9 MILLION Users’ PII Breached
Analytics & Intelligence Application Security AppSec Cloud Security Cloud Security Cyberlaw Cybersecurity Data Privacy Data Security DevOps DevSecOps Digital Transformation Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Regulatory Compliance Securing the Cloud Security Awareness Security Boulevard (Original) Security Operations Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

23andMe Finally Admits: 6.9 MILLION Users’ PII Breached

December 5, 2023 Richi Jennings | 1 day ago 0

Top Stories

CISA: Hackers Use ColdFusion Flaw to Breach Federal Agency
Application Security Cloud Security Cybersecurity Data Security Identity & Access Malware Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches 

CISA: Hackers Use ColdFusion Flaw to Breach Federal Agency

December 6, 2023 Jeffrey Burt | Yesterday 0
Survey Surfaces Wasted Efforts Collecting Cybersecurity Data
Analytics & Intelligence Cybersecurity Data Security Featured Governance, Risk & Compliance Network Security News Security Boulevard (Original) Social - X Spotlight Threats & Breaches Vulnerabilities 

Survey Surfaces Wasted Efforts Collecting Cybersecurity Data

December 6, 2023 Michael Vizard | Yesterday 0
Exposed Hugging Face APIs Opened AI Models to Cyberattacks
Cloud Security Cybersecurity Data Security DevOps Featured Industry Spotlight Network Security News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Vulnerabilities 

Exposed Hugging Face APIs Opened AI Models to Cyberattacks

December 4, 2023 Jeffrey Burt | 2 days ago 0

Security Humor

Randall Munroe’s XKCD ‘Space Typography’

Randall Munroe’s XKCD ‘Space Typography’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.

Cloud Workload Resilience PulseMeter

Step 1 of 8

12%
How do you define cloud resiliency for cloud workloads? (Select 3)(Required)
  • Smaller, self-contained microservices fail independently without impacting overall availability.
  • Containerized software provides isolation and consistency, making it easier to scale and recover from failure.
  • Stateless design patterns increase scalability and can fail independently without impacting other parts of cloud applications.
  • Serverless design pattern allows events to initiate the operation of the discrete functions as needed.
  • Cloud-native architecture significantly influences the resiliency of cloud-deployed applications.
  • Cloud-native architecture provides limited or no resiliency improvement.
How important is improving the resiliency of cloud workloads for your organization in 2024? (Select 1)(Required)
Which of the following do you use to improve the resiliency of cloud workloads? (Select all that apply)(Required)
  • Distribute workloads
  • Portable workloads across multiple cloud providers
  • Move some workloads to the edge
  • Kubernetes clusters for failover and load distribution
  • Stateless software design
  • Increased security posture
  • Setting meaningful and achievable resiliency goals
What are the most significant challenges to improving the resiliency of cloud workloads or cloud-native applications? (Select all that apply)(Required)
How much of your cloud workload is cloud-native today? (Select 1)(Required)
What is your business or organization's size (# employees)? (Select 1)(Required)