Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s August 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-792 on Wednesday, August 15th.

In-The-Wild & Disclosed CVEs

CVE-2018-8373

A vulnerability exists within the scripting engine in Internet Explorer. An attacker exploiting this vulnerability via a malicious webpage or Office document, could execute code in the context of the current user.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely) for the latest software release, however exploitation has been detected on older releases.

CVE-2018-8414

Windows Shell does not always properly validate file paths. An attacker that convinces a user to visit a malicious page, click a malicious link, or open a malicious attachment could execute code in the context of the current user.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

 

Tag
CVE Count
CVEs
Microsoft Windows PDF
1
CVE-2018-8350
Windows Kernel
5
CVE-2018-8399, CVE-2018-8404, CVE-2018-8341, CVE-2018-8347, CVE-2018-8348
Windows Diagnostic Hub
1
CVE-2018-0952
Microsoft Windows
2
CVE-2018-8345, CVE-2018-8346
SQL Server
1
CVE-2018-8273
Microsoft Edge
6
CVE-2018-8358, CVE-2018-8370, CVE-2018-8377, CVE-2018-8383, CVE-2018-8388, CVE-2018-8387
Microsoft Graphics Component
9
CVE-2018-8394, CVE-2018-8396, CVE-2018-8397, CVE-2018-8398, CVE-2018-8400, CVE-2018-8401, CVE-2018-8405, CVE-2018-8406, CVE-2018-8344
.NET Framework
1
CVE-2018-8360
Microsoft Browsers
3
CVE-2018-8403, CVE-2018-8351, CVE-2018-8357
Device Guard
2
CVE-2018-8204, CVE-2018-8200
Windows Installer
1
CVE-2018-8339
Windows NDIS
1
CVE-2018-8343
Windows Shell
2
CVE-2018-8253, CVE-2018-8414
Windows Authentication Methods
1
CVE-2018-8340
Microsoft Exchange Server
2
CVE-2018-8302, CVE-2018-8374
Internet Explorer
1
CVE-2018-8316
Windows RNDIS
1
CVE-2018-8342
Windows COM
1
CVE-2018-8349
Microsoft Office
6
CVE-2018-8375, CVE-2018-8376, CVE-2018-8378, CVE-2018-8379, CVE-2018-8382, CVE-2018-8412
Microsoft Scripting Engine
13
CVE-2018-8266, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8380, CVE-2018-8381, CVE-2018-8384, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390, CVE-2018-8353, CVE-2018-8355, CVE-2018-8359

 

Other Information

In addition to the Microsoft vulnerabilities included in the August Security Guidance, a security advisory was also made available.

August 2018 Adobe Flash Security Update [ADV180020]

Microsoft released updates for Adobe Flash. These correspond with Adobe Update APSB18-25. This includes fixes for CVE-2018-12824, CVE-2018-12825, CVE-2018-12826, CVE-2018-12827, and CVE-2018-12828.

The Executive's Guide to the Top 20 Critical Security Controls