The amazon-ebs Packer builder is able to create Amazon AMIs backed by EBS volumes for use in EC2. Found design weakness on Amazon Web Services (AWS) that CLI could provide weaker than expected security, caused by the failure to require the –owners flag when describing images. By setting similar image properties, a remote attacker could exploit this vulnerability to trigger the loading of an undesired AMI.

For details, please refer below url:

https://github.com/hashicorp/packer/issues/6584

Retropective of the programming history, JavaScript was used primarily for client-side scripting, in which scripts written in JavaScript are embedded in a webpage’s HTML and run client-side by a JavaScript engine in the user’s web browser. Node js programming technique lets developers use JavaScript to write command line tools thus transfer script programming function to server-side. It let the programming scripts execute on server-side to produce dynamic web page content before the page is sent to the user’s web browser. As a result, it provides equivalent asynchronous I/O functionality (also non-sequential I/O). Asynchronous is a form of input/output processing that permits other processing to continue before the transmission has finished. But node js itself is difficult ro avoid traditional design bottleneck. For instance memory leakage issues. Found 2 issue on node js this month. However similar Buffer ucs2 and utf16le encoding issue found on 2012. For instance memory leakage issues. Found 2 issue on node js this month. However such similar Buffer ucs2 and utf16le encoding issue was found on 2012.

Official details shown below URL: https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/

We heard cyber attack causes privileges escalation. Thus technology expert in creative way discover many solution to avoid such behavior happen. Perhaps we are focusing the patch management, antivirus signature update, malware detector yara rules. A silent way similar penetrate to your end point devices, even though server side will be compromised of this attack. Yes, we are talking about the Windows privilege escalation. Sounds like complicate, but it is simple on the other way round. If your remote client access software use SSL certificate establish TLS encryption. One of the possible way shown as below diagram. Be aware and stay alert! There are more products has this vulnerability but not exploit yet!

On the other hand, Adobe announce security updates for Creative Cloud Desktop Application. No specifics details provided. But only know the impact cause by Improper Certificate Validation. Detail shown as below url:

https://helpx.adobe.com/security/products/creative-cloud/apsb18-32.html

Above vulnerability looks complicated. It is only effect SQL server 2016 and 2017.

I do a debug on the download file.

Found the following syntax “ntdll.dll RtlEnterCriticalSection”. It looks that the software patch focus on PageHeap, which is intended for debugging of memory overhead.
In Microsoft SQL server 2016 and 2017 environment, each IAM and PFS page covers lots of data pages, so there are few IAM and PFS pages in a database. So the IAM and PFS pages are generally in memory in the SQL Server buffer pool. As seen, the file provided by Microsoft around 700MB. Not a minor modification. See whether what will be happen on the next stage?

Should you have interest, please reference below diagram.

Official announcement shown below:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8273