Tuesday, April 23, 2019
  • A Beginner’s Guide to PCI Compliance
  • Connecting the Dots on OT/IT Convergence
  • Active Exploitation of Confluence Vulnerability CVE-2019-3396 Dropping Gandcrab Ransomware
  • The Joy of Tech®, ‘Huawei Makes A Pitch!’
  • What your login success rate says about your threat surface

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » VERT Threat Alert: December 2018 Patch Tuesday Analysis

VERT Threat Alert: December 2018 Patch Tuesday Analysis

by Tyler Reguly on December 11, 2018

Today’s VERT Alert addresses Microsoft’s December 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-809 on Wednesday, December 12th.

In-The-Wild & Disclosed CVEs

CVE-2018-8611

Microsoft is reporting that this Windows kernel privilege escalation vulnerability is seeing active exploitation on older versions of Windows. Successful exploitation can allow an attacker to run code in kernel mode. This issue was resolved by changing how the Windows kernel handles objects in memory.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) on their latest Windows release, while active exploitation has been detected on older releases.

CVE-2018-8517

This vulnerability is a publicly disclosed issue with the .NET Framework that could allow an unauthenticated attacker to DoS a .NET Framework based web application by sending malformed web requests.

Microsoft has rated this as a 3 on the Exploitability Index (Exploitation Unlikely).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag
CVE Count
CVEs
Microsoft Dynamics
1
CVE-2018-8651
Windows Kernel-Mode Drivers
1
CVE-2018-8641
Microsoft Windows DNS
2
CVE-2018-8514, CVE-2018-8626
Microsoft Windows
1
CVE-2018-8649
Windows Azure Pack
1
CVE-2018-8652
.NET Framework
2
CVE-2018-8517, CVE-2018-8540
Microsoft Graphics Component
4
CVE-2018-8595, CVE-2018-8596, CVE-2018-8638, CVE-2018-8639
Visual Studio
1
CVE-2018-8599
Windows Kernel
6
CVE-2018-8477, CVE-2018-8611, CVE-2018-8612, CVE-2018-8621, CVE-2018-8622, CVE-2018-8637
Windows Authentication Methods
1
CVE-2018-8634
Internet Explorer
2
CVE-2018-8619, CVE-2018-8631
Microsoft Exchange Server
1
CVE-2018-8604
Microsoft Office
6
CVE-2018-8587, CVE-2018-8597, CVE-2018-8598, CVE-2018-8627, CVE-2018-8628, CVE-2018-8636
Microsoft Scripting Engine
7
CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624, CVE-2018-8625, CVE-2018-8629, CVE-2018-8643
Microsoft Office SharePoint
2
CVE-2018-8580, CVE-2018-8635

 

Other Information

In addition to the Microsoft vulnerabilities included in the December Security Guidance, a pair of Adobe bulletins are available today.

December (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-threat-alert-december-2018-patch-tuesday-analysis/

December 11, 2018December 11, 2018 Tyler Reguly VERT
  • ← Professionally Evil CISSP Certification: Breaking the Bootcamp Model
  • Patch Tuesday, December 2018 Edition →
Featured Blog

Ellen Neveux

What is privileged access management (PAM)?

SecureLink

Proposed Texas Bill Would Regulate Vendor Contracts

Ellen Neveux

SecureLink named a March 2019 Gartner Peer Insights Customers’ Choice for Privileged Access Management

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

DevOps Chat: The Rise of the Cloud-First Architect, with Zscaler’s Chris Hines
Threat Modeling: Protecting Security Infrastructures in 2019
U.S. Army, Towson University Aim to Advance Intrusion Detection
Popular ‘WiFi Finder’ App Leaks 2 Million+ Passwords
Most IT Shops Have Latent Cyberthreats in Their Backups
Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware
Companies Must Develop More Precise Cybersecurity Road Maps and Strategies
The American Data Dissemination Act (FTC-ADDA)
PCI for SMB: Requirement 12 – Maintain an Information Security Policy
21 CyberSecurity Twitter Accounts You Should Be Following

Upcoming Webinars

There are no upcoming webinars at this time.

Download Free eBook

7 Reasons Why CISOs Should Care About DevSecOps

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Most IT Shops Have Latent Cyberthreats in Their Backups
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

Most IT Shops Have Latent Cyberthreats in Their Backups

April 23, 2019 Lynn LeBlanc | Yesterday 0
Threat Modeling: Protecting Security Infrastructures in 2019
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

Threat Modeling: Protecting Security Infrastructures in 2019

April 22, 2019 Anurag Agarwal | 1 day ago 0
Information Security is a Fundamentals Game
Cybersecurity Industry Spotlight Security Awareness Security Boulevard (Original) 

Information Security is a Fundamentals Game

April 18, 2019 Paul Ziegler | Apr 18 0

Top Stories

Popular ‘WiFi Finder’ App Leaks 2 Million+ Passwords
Cybersecurity Data Security Featured Network Security News Security Boulevard (Original) Spotlight 

Popular ‘WiFi Finder’ App Leaks 2 Million+ Passwords

April 23, 2019 Richi Jennings | Yesterday 0
News 

Capsule8 Supports Google Cloud Security Command Center with Security Partner Integration

April 18, 2019 Deb Schalm | Apr 18 0
With No Permission, Facebook Slurped up ‘Hundreds of Millions’ of Email Contacts
Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) Spotlight 

With No Permission, Facebook Slurped up ‘Hundreds of Millions’ of Email Contacts

April 18, 2019 Richi Jennings | Apr 18 0

Security Humor

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech®

The Joy of Tech®, ‘Huawei Makes A Pitch!’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.