Monday, January 30, 2023
  • Randall Munroe’s XKCD ‘Code Lifespan’
  • Top IoT Predictions for 2023: Doubling Down on IoT Device Security, Introducing New Standards, and More
  • Open source software: A pillar of modern software development
  • USENIX Security ’22 – Lei Xue, Yangyang Liu, Tianqi Li, Kaifa Zhao, Jianfeng Li, Le Yu, Xiapu Luo, Yajin Zhou, Guofei Gu – ‘SAID: State-aware Defense Against Injection Attacks on In-vehicle Network’
  • Sectigo Announces Further Advancements to Industry-Leading CLM Platform

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » VERT Threat Alert: December 2018 Patch Tuesday Analysis

SBN

VERT Threat Alert: December 2018 Patch Tuesday Analysis

by Tyler Reguly on December 11, 2018

Today’s VERT Alert addresses Microsoft’s December 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-809 on Wednesday, December 12th.

TechStrong Con 2023Sponsorships Available

In-The-Wild & Disclosed CVEs

CVE-2018-8611

Microsoft is reporting that this Windows kernel privilege escalation vulnerability is seeing active exploitation on older versions of Windows. Successful exploitation can allow an attacker to run code in kernel mode. This issue was resolved by changing how the Windows kernel handles objects in memory.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) on their latest Windows release, while active exploitation has been detected on older releases.

CVE-2018-8517

This vulnerability is a publicly disclosed issue with the .NET Framework that could allow an unauthenticated attacker to DoS a .NET Framework based web application by sending malformed web requests.

Microsoft has rated this as a 3 on the Exploitability Index (Exploitation Unlikely).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag
CVE Count
CVEs
Microsoft Dynamics
1
CVE-2018-8651
Windows Kernel-Mode Drivers
1
CVE-2018-8641
Microsoft Windows DNS
2
CVE-2018-8514, CVE-2018-8626
Microsoft Windows
1
CVE-2018-8649
Windows Azure Pack
1
CVE-2018-8652
.NET Framework
2
CVE-2018-8517, CVE-2018-8540
Microsoft Graphics Component
4
CVE-2018-8595, CVE-2018-8596, CVE-2018-8638, CVE-2018-8639
Visual Studio
1
CVE-2018-8599
Windows Kernel
6
CVE-2018-8477, CVE-2018-8611, CVE-2018-8612, CVE-2018-8621, CVE-2018-8622, CVE-2018-8637
Windows Authentication Methods
1
CVE-2018-8634
Internet Explorer
2
CVE-2018-8619, CVE-2018-8631
Microsoft Exchange Server
1
CVE-2018-8604
Microsoft Office
6
CVE-2018-8587, CVE-2018-8597, CVE-2018-8598, CVE-2018-8627, CVE-2018-8628, CVE-2018-8636
Microsoft Scripting Engine
7
CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624, CVE-2018-8625, CVE-2018-8629, CVE-2018-8643
Microsoft Office SharePoint
2
CVE-2018-8580, CVE-2018-8635

 

Other Information

In addition to the Microsoft vulnerabilities included in the December Security Guidance, a pair of Adobe bulletins are available today.

December (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-threat-alert-december-2018-patch-tuesday-analysis/

December 11, 2018December 11, 2018 Tyler Reguly VERT
  • ← Professionally Evil CISSP Certification: Breaking the Bootcamp Model
  • Patch Tuesday, December 2018 Edition →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al
More Details of LastPass Breach: Hackers Used Stolen Encryption Key
New Ransomware Payment Reporting Requirements on Horizon
Chainguard Unveils Memory-Safe Linux Distribution
RIP Perimeter Security: Critical Infrastructure Breaches Demand New Approach
The Godfather Banking Trojan Expands Application Targeting to Affect More Europe-Based Victims
Magecart Attack: Hacker steals credit card info from Canada’s largest alcohol retailer
Authomize Research on Post-Holiday Account Takeovers
Public Groups Identify Tesla Terrorist After Unexplained Police Delay
What role does Cloud Computing play in Banking and Financial Services?

Upcoming Webinars

Tue 31

Moving Beyond SBOMs to Secure the Software Supply Chain

January 31 @ 11:00 am - 12:00 pm
Tue 31

Live-Hacking Container Workloads on AWS

January 31 @ 1:00 pm - 2:00 pm
Feb 01

Achieving DevSecOps: Reducing AppSec Noise at Scale

February 1 @ 1:00 pm - 2:00 pm
Feb 13

AI in Machine Learning

February 13 @ 1:00 pm - 2:00 pm
Feb 15

Understanding Cyber Insurance Identity Security Requirements for 2023

February 15 @ 11:00 am - 12:00 pm
Feb 15

Where Will DevSecOps ‘Shift’ Next?

February 15 @ 1:00 pm - 2:00 pm
Feb 21

Headwinds, Crosswinds and Tailwinds: Securing the Cloud in Turbulent Times

February 21 @ 1:00 pm - 2:00 pm
Feb 22

Best Practices to Secure Your Software Supply Chain

February 22 @ 1:00 pm - 2:00 pm
Feb 28

SaaS-Based Container Networking and Security on Amazon EKS

February 28 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew

January 23, 2023 Richi Jennings | Jan 23 0
T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks
Analytics & Intelligence API Security Careers Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks

January 20, 2023 Richi Jennings | Jan 20 0
APIs in Vehicle Software Vulnerable to Attacks
API Security Application Security Cybersecurity Data Security Featured Industry Spotlight Malware Security Boulevard (Original) Threat Intelligence Vulnerabilities 

APIs in Vehicle Software Vulnerable to Attacks

January 18, 2023 Sue Poremba | Jan 18 0

Top Stories

Chainguard Unveils Memory-Safe Linux Distribution
Application Security Cybersecurity Featured Mobile Security Network Security News Security Awareness Security Boulevard (Original) Spotlight 

Chainguard Unveils Memory-Safe Linux Distribution

January 27, 2023 Michael Vizard | 3 days ago 0
‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

January 27, 2023 Richi Jennings | 3 days ago 0
More Details of LastPass Breach: Hackers Used Stolen Encryption Key
Analytics & Intelligence Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

More Details of LastPass Breach: Hackers Used Stolen Encryption Key

January 27, 2023 Teri Robinson | 3 days ago 0

Security Humor

Randall Munroe’s XKCD ‘Code Lifespan’

Randall Munroe’s XKCD ‘Code Lifespan’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.