NSFOCUS Weekly Cybersecurity Report

NSFOCUS Weekly Cybersecurity Report

junho 20, 2018 | Adeline Zhang

(Report ID: 201824)

Internet Threat Status

CVE Statistics

Last week we saw a slight increase in the total entries of CVE IDs.

 

Threat Review

New ‘Lazy FP State Restore’ Vulnerability Found in All Modern Intel CPUs

Date: 06-13-2018

Description: Hell Yeah! Another security vulnerability has been discovered in Intel chips that affects the processor’s speculative execution technology—like Specter and Meltdown—and could potentially be exploited to access sensitive information, including encryption related data.

Reference: https://thehackernews.com/2018/06/intel-processor-vulnerability.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29

Dixons Carphone breach: Millions of card and user data compromised

Date: 06-13-2018

Description: A prominent United Kingdom-based retailer has suffered a massive data breach in which personal and financial data of millions of customers have been compromised.

Reference:     https://www.hackread.com/dixons-carphone-breach-card-user-datacompromised/

 Amazon Fire TV & Fire TV Stick hit by crypto mining Android malware

Date: 06-12-2018

Description: A traditional malware aims at stealing user data or keeps an eye on victim’s online activities whereas depending on its capabilities a crypto mining malware not only steals data but also uses computing power (CPU) of victim’s PC to mine cryptocurrency and slow down its performance.

Reference:  https://www.hackread.com/amazon-fire-tv-fire-tv-stick-crypto-miningandroid-

Signature Validation Bug Let Malware Bypass Several Mac Security Products

Date: 06-12-2018

Description: A years-old vulnerability has been discovered in the way several security products for Mac implement Apple’s code-signing API that could make it easier for malicious programs to bypass the security check, potentially leaving millions of Apple users vulnerable to hackers.

Reference:   https://thehackernews.com/2018/06/apple-mac-code-signing.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29

US debuts world’s fastest supercomputer

Date: 06-11-2018

Description: The machine can process 200,000 trillion calculations per second – or 200 petaflops. China’s Sunway TaihuLight supercomputer, until now the world’s most powerful machine, has a processing power of 93 petaflops.

Reference:   https://www.bbc.com/news/technology-44439515

(Compiled by: NSFOCUS TI & Cybersecurity Lab)

Vulnerability Research

Updates of NSFOCUS’s Vulnerability Database

As of 15 June 2018, there have been 40,102 vulnerabilities in NSFOCUS’s vulnerability database. Among 64 vulnerabilities that were newly-added last week, 63 were high-risk ones, one was of medium severity, and there was no low-risk vulnerability.

Adobe Flash Player Out-of-bounds Read Vulnerability (CVE-2018-5001)

  • Severity: Critical
  • BID:104413
  • CVE ID: CVE-2018-5001

Adobe Flash Player Integer Overflow Vulnerability (CVE-2018-5000)

  • Severity: Critical
  • BID:104413
  • CVE ID: CVE-2018-5000

Adobe Flash Player Type Confusion Vulnerability (CVE-2018-4945)

  • Severity: Critical
  • BID:104413
  • CVE ID: CVE-2018-4945

Adobe Flash Player Stack-based Buffer Overflow Vulnerability (CVE-2018-5002)

  • Severity: Critical
  • BID:104412
  • CVE ID: CVE-2018-5002

Cisco Meeting Server Information Disclosure Vulnerability (CVE-2018-0263)

  • Severity: Critical
  • BID:104419
  • CVE ID: CVE-2018-0263

Multiple Cisco Products Disk Utilization Denial of Service Vulnerability (CVE-2017-6779)

  • Severity: Critical
  • CVE ID: CVE-2017-6779

Cisco AppDynamics App iQ Platform SQL Injection Vulnerability (CVE-2018-0225)

  • Severity: Medium
  • CVE ID: CVE-2018-0225

Cisco IP Phone 6800/7800/8800 Series with Multiplatform Firmware Denail of Service Vulnerability (CVE-2018-0316)

  • Severity: Critical
  • CVE ID: CVE-2018-0316

Cisco IOS XE Software Remote Code Execution Vulnerability (CVE-2018-0315)

  • Severity: Critical
  • BID:104410
  • CVE ID: CVE-2018-0315

Cisco Adaptive Security Appliance Denail of Service (CVE-2018-0296)

  • Severity: Critical
  • CVE ID: CVE-2018-0296

Cisco Network Services Orchestrator Arbitray Command Execution Vulnerability (CVE-2018-0274)

  • Severity: Critical
  • CVE ID: CVE-2018-0274

Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability(CVE-2018-0317)

  • Severity: Critical
  • BID:104432
  • CVE ID: CVE-2018-0317

Cisco Prime Collaboration ProvisioningUnauthorized Password Reset Vulnerability(CVE-2018-0318)

  • Severity: Critical
  • BID:104434
  • CVE ID: CVE-2018-0318

Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8110)

  • Severity: Critical
  • BID:104330
  • CVE ID: CVE-2018-8110

Cisco Prime Collaboration ProvisioningUnauthorized Password Recovery Vulnerability (CVE-2018-0319)

  • Severity: Critical
  • BID:104431
  • CVE ID: CVE-2018-0319

Microsoft Edge Remote Memory Corruption Vulnerability (CVE-2018-8111)

  • Severity: Critical
  • BID:104335
  • CVE ID: CVE-2018-8111

Microsoft Edge Remote Information Disclosure Vulnerability (CVE-2018-0871)

  • Severity: Critical
  • BID:104339
  • CVE ID: CVE-2018-0871

Microsoft Remote Memory Corruption Vulnerability (CVE-2018-8236)

  • Severity: Critical
  • BID:104336
  • CVE ID: CVE-2018-8236

Microsoft EdgeRemote Information Disclosure Vulnerability (CVE-2018-8234)

  • Severity: Critical
  • BID:104340
  • CVE ID: CVE-2018-8234

Microsoft EdgeSecurity Bypass Vulnerability (CVE-2018-8235)

  • Severity: Critical
  • BID:104343
  • CVE ID: CVE-2018-8235

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8267)

  • Severity: Critical
  • BID:104404
  • CVE ID: CVE-2018-8267

Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2018-8225)

  • Severity: Critical
  • BID:104395
  • CVE ID: CVE-2018-8225

Microsoft Windows Arbitray Code Execution Vulnerability (CVE-2018-8213)

  • Severity: Critical
  • BID:104406
  • CVE ID: CVE-2018-8213

Microsoft Internet Explorer Remote Memory Corruption Vulnerability (CVE-2018-8249)

  • Severity: Critical
  • BID:104363
  • CVE ID: CVE-2018-8249

Microsoft Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8243)

  • Severity: Critical
  • BID:104403
  • CVE ID: CVE-2018-8243

Microsoft Windows ‘HTTP.sys’ Remote Code Execution Vulnerability (CVE-2018-8231)

  • Severity: Critical
  • BID:104373
  • CVE ID: CVE-2018-8231

Microsoft Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8229)

  • Severity: Critical
  • 
BID:104369
  • CVE ID: CVE-2018-8229

Microsoft Windows Media Foundation Memory Corruption Vulnerability (CVE-2018-8251)

  • Severity: Critical
  • BID:104398
  • CVE ID: CVE-2018-8251

Microsoft Windows Kernel Local Privilege Escalation Vulnerability (CVE-2018-0982)

  • Severity: Critical
  • BID:104382
  • CVE ID: CVE-2018-0982

Microsoft Windows WebDAV Denial of Service Vulnerability (CVE-2018-8175)

  • Severity: Critical
  • BID:104359
  • CVE ID: CVE-2018-8175

Microsoft Windows HIDParser Local Privilege Escalation Vulnerability (CVE-2018-8169)

  • Severity: Critical
  • BID:104356
  • CVE ID: CVE-2018-8169

Microsoft Windows Cortana Local Privilege Escalation Vulnerability (CVE-2018-8140)

  • Severity: Critical
  • BID:104354
  • CVE ID: CVE-2018-8140

Microsoft Windows Kernel LocalInformation Disclosure Vulnerability (CVE-2018-8121)

  • Severity: Critical
  • BID:104380
  • CVE ID: CVE-2018-8121

Microsoft Internet Explorer Security Bypass Vulnerability (CVE-2018-8113)

  • Severity: Critical
  • BID:104365
  • CVE ID: CVE-2018-8113

Microsoft Windows Code Integrity Module Denial of Service Vulnerability (CVE-2018-1040)

  • Severity: Critical
  • BID:104389
  • CVE ID: CVE-2018-1040

Microsoft Windows NTFS Local Privilege Escalation Vulnerability (CVE-2018-1036)

  • Severity: Critical
  • BID:104360
  • CVE ID: CVE-2018-1036

Microsoft Windows Desktop Bridge Local Privilege Escalation Vulnerability (CVE-2018-8208)

  • Severity: Critical
  • BID:104392
  • CVE ID: CVE-2018-8208

Microsoft Windows Device Guard Local Security Bypass Vulnerability (CVE-2018-8201)

  • Severity: Critical
  • BID:104331
  • CVE ID: CVE-2018-8201

Microsoft Windows Kernel Local Information Disclosure Vulnerability (CVE-2018-8207)

  • Severity: Critical
  • BID:104379
  • CVE ID: CVE-2018-8207

Microsoft WindowsLocal Denial of Service Vulnerability (CVE-2018-8205)

  • Severity: Critical
  • BID:104391
  • CVE ID: CVE-2018-8205

Microsoft Windows Wireless Network Profile LocalInformation Disclosure Vulnerability (CVE-2018-8209)

  • Severity: Critical
  • BID:104393
  • CVE ID: CVE-2018-8209

Microsoft Windows Device Guard Local Security Bypass Vulnerability (CVE-2018-8221)

  • Severity: Critical
  • BID:104338
  • CVE ID: CVE-2018-8221

Microsoft Windows Device Guard Local Security Bypass Vulnerability (CVE-2018-8217)

  • Severity: Critical
  • BID:104337
  • CVE ID: CVE-2018-8217

Microsoft Windows Device Guard Local Security Bypass Vulnerability (CVE-2018-8216)

  • Severity: Critical
  • BID:104334
  • CVE ID: CVE-2018-8216

Microsoft Windows Device Guard Local Security Bypass Vulnerability (CVE-2018-8215)

  • Severity: Critical
  • BID:104333
  • CVE ID: CVE-2018-8215

Microsoft Windows Device Guard Local Security Bypass Vulnerability(CVE-2018-8212)

  • Severity: Critical
  • BID:104328
  • CVE ID: CVE-2018-8212

Microsoft Windows Device Guard Local Security Bypass Vulnerability (CVE-2018-8211)

  • Severity: Critical
  • BID:104326
  • CVE ID: CVE-2018-8211

Microsoft Windows Remote Code Execution Vulnerability (CVE-2018-8210)

  • Severity: Critical
  • BID:104407
  • CVE ID: CVE-2018-8210

Microsoft Windows GDI Component Information Disclosure Vulnerability (CVE-2018-8239)

  • Severity: Critical
  • BID:104401
  • CVE ID: CVE-2018-8239

Microsoft Office Remote Privilege Escalation Vulnerability (CVE-2018-8245)

  • Severity: Critical
  • BID:104405
  • CVE ID: CVE-2018-8245

Microsoft Outlook Remote Privilege Escalation Vulnerability (CVE-2018-8244)

  • Severity: Critical
  • BID:104323
  • CVE ID: CVE-2018-8244

Microsoft Office Remote Privilege Escalation Vulnerability (CVE-2018-8247)

  • Severity: Critical
  • BID:104319
  • CVE ID: CVE-2018-8247

Microsoft Windows Desktop Bridge Local Privilege Escalation Vulnerability (CVE-2018-8214)

  • Severity: Critical
  • BID:104394
  • CVE ID: CVE-2018-8214

Microsoft Excel Information Disclosure Vulnerability (CVE-2018-8246)

  • Severity: Critical
  • BID:104322
  • CVE ID: CVE-2018-8246

Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-8248)

  • Severity: Critical
  • BID:104318
  • CVE ID: CVE-2018-8248

Microsoft SharePoint Server Remote Privilege Escalation Vulnerability (CVE-2018-8252)

  • Severity: Critical
  • BID:104317
  • CVE ID: CVE-2018-8252

Microsoft SharePoint Server Remote Privilege Escalation Vulnerability(CVE-2018-8254)

  • Severity: Critical
  •  BID:104325
  • CVE ID: CVE-2018-8254

Microsoft Windows Hyper-V Code Integrity Privilege Escalation Vulnerability (CVE-2018-8219)

  • Severity: Critical
  • BID:104353
  • CVE ID: CVE-2018-8219

Microsoft Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8227)

  • Severity: Critical
  • BID:104368
  • CVE ID: CVE-2018-8227

Microsoft Internet Explorer Remote Memory Corruption Vulnerability (CVE-2018-0978)

  • Severity: Critical
  • BID:104364
  • CVE ID: CVE-2018-0978

Microsoft Windows Hyper-VDenial of Service Vulnerability (CVE-2018-8218)

  • Severity: Critical
  • BID:104402
  • CVE ID: CVE-2018-8218

Microsoft Windows Kernel Local Privilege Escalation Vulnerability (CVE-2018-8224)

  • Severity: Critical
  • BID:10438
  • CVE ID: CVE-2018-8224

Microsoft Windows ‘HTTP.sys’ Remote Denial of Service Vulnerability (CVE-2018-8226)

  • Severity: Critical
  • BID:104361
  • CVE ID: CVE-2018-8226

Microsoft Windows Kernel ‘Win32k.sys’Local Privilege Escalation Vulnerability (CVE-2018-8233)

  • Severity: Critical
  • BID:104383
  • CVE ID: CVE-2018-8233

(Source: NSFOCUS Security Research Department & Product Groups)

 

Vulnerability in the Spotlight

Adobe Flash Player Remote Code Execution Vulnerability

NSFOCUS ID: 40042

CVE ID: CVE-2018-5002

Affected Versions: Adobe Flash Player <= 29.0.0.171

Comment: Flash Player is a multimedia program player released by Adobe. A type confusion vulnerability was disclosed in Adobe Flash Player 29.0.0.171 and its earlier versions. This vulnerability could be exploited by attackers to execute arbitrary code. At present, attacks exploiting this vulnerability have appeared. Adobe has issued a security advisory (APSB18-19), together with corresponding patches. Users are advised to fix it as soon as possible.

(Source: NSFOCUS Security Research & Product Groups)