{"id":12793,"date":"2018-07-13T07:00:10","date_gmt":"2018-07-13T15:00:10","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/07\/13\/news-6561\/"},"modified":"2018-07-13T07:00:10","modified_gmt":"2018-07-13T15:00:10","slug":"news-6561","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/07\/13\/news-6561\/","title":{"rendered":"Zero-Day Coverage Update \u2013 Week of July 9, 2018"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (Global Threat Communications)| Date: Fri, 13 Jul 2018 14:10:20 +0000<\/strong><\/p>\n

\"\"<\/p>\n

Earlier this week, I wrote a blog<\/a> covering a couple of the statistics from the Zero Day Initiative\u2019s (ZDI) first half of 2018. One of the stats that I didn\u2019t cover is the increasing focus on enterprise applications. The team is seeing consistent growth in submissions of Microsoft and Apple vulnerabilities, but now they\u2019re also seeing an increase of submissions in virtualization software vulnerabilities from the likes of VMware and Oracle. With a 33% increase in published advisories compared to 2017, the ZDI has their hands full. With more than 500 new researchers registering to participate in the program this year, the internal ZDI team is growing as well to accommodate this growth. 2018 may just be the biggest year yet for ZDI!<\/p>\n

In case you missed it, you can read Brian Gorenc\u2019s blog<\/a> covering the detailed stats from the ZDI\u2019s first half of 2018.<\/p>\n

Microsoft Security Updates<\/strong><\/p>\n

This week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before July 10, 2018. It was another big month for Microsoft with 53 security patches covering both browsers (Internet Explorer, Edge), ChakraCore, Windows, .NET Framework, ASP.NET, PowerShell, Visual Studio, and Microsoft Office and Office Services. Of these 53 CVEs, 18 are listed as Critical, 33 are rated Important, one is rated as Moderate, and one is rated as Low in severity.<\/p>\n

Five CVEs in this month\u2019s Microsoft update came through the Zero Day Initiative:<\/p>\n\n\n\n\n
<\/td>\n\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

The following table maps Digital Vaccine filters to Microsoft\u2019s updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 July 2018 Security Update Review<\/a> from the Zero Day Initiative:<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
CVE #<\/strong><\/td>\nDigital Vaccine Filter #<\/strong><\/td>\nStatus<\/strong><\/td>\n<\/tr>\n
CVE-2018-0949<\/td>\n32494<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-8125<\/td>\n32486<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-8171<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8172<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8202<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8206<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8222<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8232<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8238<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8242<\/td>\n32487<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-8260<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8262<\/td>\n32491<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-8274<\/td>\n32492<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-8275<\/td>\n32493<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-8276<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8278<\/td>\n32358<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-8279<\/td>\n32359<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-8280<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8281<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8282<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8283<\/td>\n32361<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-8284<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8286<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8287<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8288<\/td>\n32488<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-8289<\/td>\n32490<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-8290<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8291<\/td>\n32360<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-8294<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8296<\/td>\n32478<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-8297<\/td>\n32551<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-8298<\/td>\n32479<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-8299<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8300<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8301<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8304<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8305<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8306<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8307<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8308<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8309<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8310<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8311<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8312<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8313<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8314<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8319<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8323<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8324<\/td>\n32558<\/td>\n<\/td>\n<\/tr>\n
CVE-2018-8325<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8326<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8327<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n
CVE-2018-8356<\/td>\n<\/td>\nVendor Deemed Reproducibility or Exploitation Unlikely<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n

 <\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There is one new zero-day filter covering one vendor in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website. You can also follow the Zero Day Initiative on Twitter @thezdi<\/a> and on their blog<\/a>.<\/p>\n

Advantech (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 32341: RPC: Advantech Webaccess webvrpcs Directory Traversal Vulnerability (ZDI-18-024)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Missed Last Week\u2019s News?<\/strong><\/p>\n

Catch up on last week\u2019s news in my weekly recap<\/a>.<\/p>\n

The post Zero-Day Coverage Update \u2013 Week of July 9, 2018<\/a> appeared first on <\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Elisa Lippincott (Global Threat Communications)| Date: Fri, 13 Jul 2018 14:10:20 +0000<\/strong><\/p>\n

\"\"<\/p>\n

Earlier this week, I wrote a blog covering a couple of the statistics from the Zero Day Initiative\u2019s (ZDI) first half of 2018. One of the stats that I didn\u2019t cover is the increasing focus on enterprise applications. The team is seeing consistent growth in submissions of Microsoft and Apple vulnerabilities, but now they\u2019re also…<\/p>\n

The post Zero-Day Coverage Update \u2013 Week of July 9, 2018<\/a> appeared first on <\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[18755,18255,10384,714,10415,18967],"class_list":["post-12793","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-advantech","tag-digital-vaccine","tag-network","tag-security","tag-zero-day-initiative","tag-zero-day-coverage"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12793","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=12793"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12793\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=12793"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=12793"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=12793"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}