Above vulnerability looks complicated. It is only effect SQL server 2016 and 2017.

I do a debug on the download file.

Found the following syntax “ntdll.dll RtlEnterCriticalSection”. It looks that the software patch focus on PageHeap, which is intended for debugging of memory overhead.
In Microsoft SQL server 2016 and 2017 environment, each IAM and PFS page covers lots of data pages, so there are few IAM and PFS pages in a database. So the IAM and PFS pages are generally in memory in the SQL Server buffer pool. As seen, the file provided by Microsoft around 700MB. Not a minor modification. See whether what will be happen on the next stage?

Should you have interest, please reference below diagram.

Official announcement shown below:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8273

Since the popularity of VM machine. Software development team and IT operations team will do the testing on their own premises in the first. May be you would say, this is not compliance for best practice. But the fact is that this is one of the way. VMware alert to public last week (14th Aug 2018 -CVE-2018-6973). In high level point of view, this vulnerability only occurs in VMware Workstation and Fusion products. VMware workstation is a solution for running virtual machines on Windows and Linux, while Fusion is used for running virtual machines on macOS. So the popularity and volume of usage will be much high than VM server in public. But do not contempt this bug, if such vulnerabilities occurs in your local workstation. It will jeopardizes your infrastructure because you workstation will become vulnerable. Wishing that the attached pictures can tell you the story.

Official reference details shown as below:

https://www.vmware.com/security/advisories/VMSA-2018-0022.html

If you are easy nervous, seems IT job not suitable for you! The Domain Name System (DNS) is the backbone of the modern internet. The workstation similar a blind people searching the correct pathway in the dark. ISC releases security advisory for BIND yesterday. My roughly statistic shown to me that this is the third times within this year!

A technical feature so called “Deny-answer-aliases” design to protect end users against DNS rebinding attack. A defact causes an INSIST assertion failure in named. causing the named process to stop execution and resulting in denial of services to client. What is Named. The Named is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. Named will read the default configuration file /etc/named.conf, read any initial data, and listen for queries. For more details about this vulnerability. Please refer the following – https://kb.isc.org/article/AA-01639/0

ISC BIND vulnerabilities details on May and June this year.

June 2018

June 13, 2018 – ISC Releases Security Advisory for BIND

May 2018

May 18, 2018 – ISC Releases Security Advisories for BIND

The hardware vendors deploy Linux OS on demand growth. Even though your firewall appliances, malware detector, load balancer, network L2 and L3 switch and IoT devices are the Linux. The attacker found a tricks recently. If source device feeds tiny packets completely out of order. The parameter (tcp_collapse_ofo_queue()) might scan the whole rb-tree. As a result , attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessions. I think the specfiy vulnerability we can not contempt. The worst case is that attacker is possible to conduct denial of services on non-patch hardware appliances and IoT devices.
In the meantime, we are waiting for hardware vendor responses?

US CERT official announcement shown as below:

Linux Kernel TCP implementation vulnerable to Denial of Service

Original Release date: 06 Aug 2018 | Last revised: 06 Aug 2018

https://www.kb.cert.org/vuls/id/962459

Cisco Prime Collaboration Provisioning provides a scalable web-based solution to manage your company’s next-generation communication services. CiscoPrimeCollaboration Provisioning manages IPcommunication endpoints and services in an integrated IP telephony, video, voicemail and unified messaging environment
that includes Cisco Unified Communications Manager, Cisco Unified Communications  Manager Express, Cisco Unity Express, Cisco Unity Connection systems and analog gateways.

But the technical issue on authentication especially password looks can’t been resolved yet! I am not going to move the focus to conspiracy topic somethings like backdoor rumours. From technical point of view, the architecture relies on https. Refer to attached diagram, whether any similar architecture there and trigger traditional service ID issue. Since the traditional service ID on web will be store in someplace and it is hardcode.
Offical announcement shown below URL:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-pcp-dos

Jenkins is the leading open-source automation server. Built with Java, it provides over 1000 plugins to support automation. Is it a robot?

Basically, Jenkins is commonly used for building projects, running tests to detect bugs and other issues as soon as they are introduced, static code analysis and deployment.

For instance combining Jenkins and Docker together can bring improved speed and consistency to your automation tasks.

That is you can configure Jenkins to build Docker Images based on a Dockerfile. You can use Docker within a CI/CD pipeline, using Images as a build artefact that can be promoted to different environments and finally production. Usually, the freestyle automated job can create to accomplish a specific task in the CI pipeline, it can be compile the code, run integration tests or deploy application.

Remark:

A complete CI pipeline is made up of three major parts: Integration: Build code and run unit tests.

Delivery: Deploy your application to a staging or production environment.

If Jenkins is sick (vulnerabilities) today? Any worries about that?

An official announment state the following: https://jenkins.io/security/advisory/2018-07-18/#SECURITY-390

Retrospectively cyber attack encountered on Nuclear power facility in past. The SCADA system facilities vendor are working hard to hardening their device and provided cyber security advisory. An cyber security alert announced by ABB that a software engineering tool for configure Panel 800 has vulnerability occurs. ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used. However the vulnerabilites indicated that theattacker could create a specially crafted file and try to trick a person using the Panel Builder 800 to open this file (see below hyperlink – technical note)

http://search-ext.abb.com/library/Download.aspx?DocumentID=3BSE092089&Action=Launch

Perhaps the techincal limitation sometimes was happened in their fundemental design. See Alert B in attached diagram. Since panel 800 is a Intel CPU base with Windows CE OS. My concern is that It is not known whether Intel XScale or Marvell Feroceon cores are affected by these issues (Meltdown and Spectre)? But no worries, tomorrow will be a better day!