• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Network   »   Zero-Day Coverage Update – Week of July 9, 2018

Zero-Day Coverage Update – Week of July 9, 2018

  • Posted on:July 13, 2018
  • Posted in:Network, Security, Zero Day Initiative
  • Posted by:
    Elisa Lippincott (Global Threat Communications)
0

Earlier this week, I wrote a blog covering a couple of the statistics from the Zero Day Initiative’s (ZDI) first half of 2018. One of the stats that I didn’t cover is the increasing focus on enterprise applications. The team is seeing consistent growth in submissions of Microsoft and Apple vulnerabilities, but now they’re also seeing an increase of submissions in virtualization software vulnerabilities from the likes of VMware and Oracle. With a 33% increase in published advisories compared to 2017, the ZDI has their hands full. With more than 500 new researchers registering to participate in the program this year, the internal ZDI team is growing as well to accommodate this growth. 2018 may just be the biggest year yet for ZDI!

In case you missed it, you can read Brian Gorenc’s blog covering the detailed stats from the ZDI’s first half of 2018.

Microsoft Security Updates

This week’s Digital Vaccine® (DV) package includes coverage for Microsoft updates released on or before July 10, 2018. It was another big month for Microsoft with 53 security patches covering both browsers (Internet Explorer, Edge), ChakraCore, Windows, .NET Framework, ASP.NET, PowerShell, Visual Studio, and Microsoft Office and Office Services. Of these 53 CVEs, 18 are listed as Critical, 33 are rated Important, one is rated as Moderate, and one is rated as Low in severity.

Five CVEs in this month’s Microsoft update came through the Zero Day Initiative:

  • CVE-2018-8242
  • CVE-2018-8274
  • CVE-2018-8275
  • CVE-2018-8282
  • CVE-2018-8307

The following table maps Digital Vaccine filters to Microsoft’s updates. You can get more detailed information on this month’s security updates from Dustin Childs’ July 2018 Security Update Review from the Zero Day Initiative:

CVE # Digital Vaccine Filter # Status
CVE-2018-0949 32494
CVE-2018-8125 32486
CVE-2018-8171 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8172 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8202 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8206 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8222 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8232 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8238 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8242 32487
CVE-2018-8260 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8262 32491
CVE-2018-8274 32492
CVE-2018-8275 32493
CVE-2018-8276 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8278 32358
CVE-2018-8279 32359
CVE-2018-8280 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8281 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8282 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8283 32361
CVE-2018-8284 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8286 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8287 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8288 32488
CVE-2018-8289 32490
CVE-2018-8290 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8291 32360
CVE-2018-8294 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8296 32478
CVE-2018-8297 32551
CVE-2018-8298 32479
CVE-2018-8299 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8300 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8301 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8304 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8305 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8306 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8307 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8308 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8309 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8310 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8311 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8312 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8313 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8314 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8319 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8323 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8324 32558
CVE-2018-8325 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8326 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8327 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2018-8356 Vendor Deemed Reproducibility or Exploitation Unlikely

 

Zero-Day Filters

There is one new zero-day filter covering one vendor in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Advantech (1)

  • 32341: RPC: Advantech Webaccess webvrpcs Directory Traversal Vulnerability (ZDI-18-024)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

Related posts:

  1. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 12, 2018
  2. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 11, 2018
  3. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 9, 2018
  4. Zero-Day Coverage Update – Week of July 2, 2018

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.