VERT 脅威アラート – 2018年8月マイクロソフト月例パッチの分析 (英語版)

avatar

 2018.08.21  Japanブログ編集部

  •  ホーム
  •  VERT
  •  VERT 脅威アラート – 2018年8月マイクロソフト月例パッチの分析 (英語版)

Today’s VERT Alert addresses Microsoft’s August 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-792 on Wednesday, August 15th.

出回っている & 公開されているCVE

CVE-2018-8373

A vulnerability exists within the scripting engine in Internet Explorer. An attacker exploiting this vulnerability via a malicious webpage or Office document, could execute code in the context of the current user.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely) for the latest software release, however exploitation has been detected on older releases.

CVE-2018-8414

Windows Shell does not always properly validate file paths. An attacker that convinces a user to visit a malicious page, click a malicious link, or open a malicious attachment could execute code in the context of the current user.

Microsoftはこの脆弱性について、悪用可能性指標の1 (悪用される可能性は高い) と評価しています。

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

TAG
CVE COUNT
CVES
MICROSOFT WINDOWS PDF
1
CVE-2018-8350
WINDOWS KERNEL
5
CVE-2018-8399, CVE-2018-8404, CVE-2018-8341, CVE-2018-8347, CVE-2018-8348
WINDOWS DIAGNOSTIC HUB
1
CVE-2018-0952
MICROSOFT WINDOWS
2
CVE-2018-8345, CVE-2018-8346
SQL SERVER
1
CVE-2018-8273
MICROSOFT EDGE
6
CVE-2018-8358, CVE-2018-8370, CVE-2018-8377, CVE-2018-8383, CVE-2018-8388, CVE-2018-8387
MICROSOFT GRAPHICS COMPONENT
9
CVE-2018-8394, CVE-2018-8396, CVE-2018-8397, CVE-2018-8398, CVE-2018-8400, CVE-2018-8401, CVE-2018-8405, CVE-2018-8406, CVE-2018-8344
.NET FRAMEWORK
1
CVE-2018-8360
MICROSOFT BROWSERS
3
CVE-2018-8403, CVE-2018-8351, CVE-2018-8357
DEVICE GUARD
2
CVE-2018-8204, CVE-2018-8200
WINDOWS INSTALLER
1
CVE-2018-8339
WINDOWS NDIS
1
CVE-2018-8343
WINDOWS SHELL
2
CVE-2018-8253, CVE-2018-8414
WINDOWS AUTHENTICATION METHODS
1
CVE-2018-8340
MICROSOFT EXCHANGE SERVER
2
CVE-2018-8302, CVE-2018-8374
INTERNET EXPLORER
1
CVE-2018-8316
WINDOWS RNDIS
1
CVE-2018-8342
WINDOWS COM
1
CVE-2018-8349
MICROSOFT OFFICE
6
CVE-2018-8375, CVE-2018-8376, CVE-2018-8378, CVE-2018-8379, CVE-2018-8382, CVE-2018-8412
MICROSOFT SCRIPTING ENGINE
13
CVE-2018-8266, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8380, CVE-2018-8381, CVE-2018-8384, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390, CVE-2018-8353, CVE-2018-8355, CVE-2018-8359


その他の情報 

In addition to the Microsoft vulnerabilities included in the August Security Guidance, a security advisory was also made available.

AUGUST 2018 ADOBE FLASH SECURITY UPDATE [ADV180020]

Microsoft released updates for Adobe Flash. These correspond with Adobe Update APSB18-25. This includes fixes for CVE-2018-12824, CVE-2018-12825, CVE-2018-12826, CVE-2018-12827, and CVE-2018-12828.
TRIPWIRE IP360 データシート

RECOMMEND関連記事

RECENT POST「VERT」の最新記事

VERT

2020.04.09

VERT 脅威アラート – 2020年3月パッチプライオリティ指標(Patch Priority Index:PPI) (英語版)
VERT

2020.03.12

VERT 脅威アラート – 2020年3月マイクロソフト月例パッチの分析 (英語版)
VERT

2020.03.03

VERT 脅威アラート – 2020年2月パッチプライオリティ指標(Patch Priority Index:PPI) (英語版)
VERT

2020.02.18

VERT 脅威アラート – 2020年2月マイクロソフト月例パッチの分析 (英語版)
この記事が気に入ったらいいねしよう!

Navigation
© 2024 Tripwire Japan K.K.
All Rights Reserved.