Security News

Microsoft Security Bulletin Coverage

By

SonicWall has analyzed and addressed Microsoft’s security advisories for the month of June, 2017. A list of issues reported, along with SonicWall coverage information are as follows:

Microsoft Coverage

  • CVE-2017-0173 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0193 Hypervisor Code Integrity Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0215 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0216 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0218 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0219 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0260 Microsoft Office Remote Code Execution
    There are no known exploits in the wild.

  • CVE-2017-0282 Windows Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0283 Windows Uniscribe Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0284 Windows Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0285 Windows Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0286 Windows Graphics Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0287 Windows Graphics Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0288 Windows Graphics Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0289 Windows Graphics Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0291 Windows PDF Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0292 Windows PDF Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0294 Windows Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0295 Windows Default Folder Tampering Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0296 Windows TDX Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0297 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0298 Windows COM Session Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0299 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0300 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8460 Windows PDF Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8461 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8462 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8464 LNK Remote Code Execution Vulnerability
    SPY:1493 Malformed-File lnk.MP.2

  • CVE-2017-8465 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8466 Windows Cursor Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8468 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8469 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8470 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8471 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8472 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8473 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8474 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8475 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8476 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8477 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8478 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8479 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8480 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8481 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8482 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8483 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8484 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8485 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8487 Windows olecnv32.dll Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8488 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8489 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8490 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8491 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8492 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8493 Windows Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8494 Windows Elevation of Privilege V
    ulnerability
    There are no known exploits in the wild.

  • CVE-2017-8496 Microsoft Edge Memory Corruption Vulnerability
    IPS:12846 Microsoft Edge Memory Corruption Vulnerability (JUN 17) 1

  • CVE-2017-8497 Microsoft Edge Memory Corruption Vulnerability
    IPS:12845 Microsoft Browser Memory Corruption Vulnerability (JUN 17) 1

  • CVE-2017-8498 Microsoft Edge Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8499 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8504 Microsoft Edge Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8506 Microsoft Office Remote Code Execution
    There are no known exploits in the wild.

  • CVE-2017-8507 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8508 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8509 Microsoft Office Remote Code Execution Vulnerability
    SPY:1489 Malformed-File doc.MP.44

  • CVE-2017-8510 Microsoft Office Remote Code Execution Vulnerability
    SPY:1492 Malformed-File rtf.MP.19

  • CVE-2017-8511 Microsoft Office Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8512 Microsoft Office Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8513 Microsoft PowerPoint Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8514 Microsoft SharePoint Reflective XSS Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8515 Windows VAD Cloning Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8517 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8519 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8520 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8521 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8522 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8523 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8524 Scripting Engine Memory Corruption Vulnerability
    IPS:12843 Scripting Engine Memory Corruption Vulnerability (JUN 17) 1

  • CVE-2017-8527 Windows Graphics Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8528 Windows Uniscribe Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8529 Microsoft Browser Information Disclosure Vulnerability
    IPS:12844 Microsoft Browser Information Disclosure Vulnerability (JUN 17) 1

  • CVE-2017-8530 Microsoft Edge Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8531 Windows Graphics Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8532 Windows Graphics Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8533 Windows Graphics Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8534 Windows Uniscribe Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8543 Windows Search Remote Code Execution Vulnerability
    IPS:12847 Windows Search Remote Code Execution Vulnerability (JUN 17) 1

    • IPS:12848 Windows Search Remote Code Execution Vulnerability (JUN 17) 2

  • CVE-2017-8544 Windows Search Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8545 Microsoft Outlook for Mac Spoofing Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8547 Internet Explorer Memory Corruption Vulnerability
    SPY:6315 HTTP Client Shellcode Exploit 86

  • CVE-2017-8548 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8549 Scripting Engine Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8550 Skype for Business Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8551 SharePoint XSS vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8553 GDI Information Disclosure Vulnerablity
    There are no known exploits in the wild.

  • CVE-2017-8554 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-8555 Microsoft Edge Security Feature Bypass
    There are no known exploits in the wild.

Adobe Coverage

APSB17-17 Security updates for Adobe Flash Player:

  • CVE-2017-3075 Adobe Flash Player Use After Free Vulnerability
    Spy:1494 Malformed-File swf.MP.562

  • CVE-2017-3081 Adobe Flash Player Use After Free Vulnerability
    Spy:1499 Malformed-File swf.MP.565
    Spy:1500 Malformed-File swf.MP.566

  • CVE-2017-3083 Adobe Flash Player Use After Free Vulnerability
    Spy:1502 Malformed-File swf.MP.568

  • CVE-2017-3084 Adobe Flash Player Use After Free Vulnerability
    Spy:1503 Malformed-File swf.MP.569

  • CVE-2017-3076 Adobe Flash Player Memory Corruption Vulnerability
    Spy:1495 Malformed-File swf.MP.563

  • CVE-2017-3077 Adobe Flash Player Memory Corruption Vulnerability
    Spy:1496 Malformed-File png.MP.3

  • CVE-2017-3078 Adobe Flash Player Memory Corruption Vulnerability
    Spy:1497 Malformed-File atf.MP.1

  • CVE-2017-3079 Adobe Flash Player Memory Corruption Vulnerability
    Spy:1498 Malformed-File swf.MP.564

  • CVE-2017-3082 Adobe Flash Player Memory Corruption Vulnerability
    Spy:1501 Malformed-File swf.MP.567

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
SAP Sybase ESP Vulnerabilities (Jun 27, 2014)
OpenSSL X509_cmp_time DoS
Cyber Security News & Trends – 09-21-18
QuadRooter - the flaw that can affect millions of Android devices ( August 9, 2016)
MiniDuke: Multi Component info-stealer spreads via Social Engineering
Netgear ProSAFE NMS300 SQLi Vulnerability
Ransomware not asking for payment but asks the victim to help the needy
PDF Phishing campaign uses Google Docs to steal victim's Email credentials