Microsoft Security Bulletin Coverage

SonicWall has analyzed and addressed Microsoft’s security advisories for the month of July, 2017. A list of issues reported, along with SonicWall coverage information are as follows:

Microsoft Coverage

• CVE-2017-0170 Windows Performance Monitor Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-0243 Microsoft Office Remote Code Execution Vulnerability
  spy:1522 Malformed-File doc.MP.45

• CVE-2017-8463 Windows Explorer Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8467 Win32k Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8486 Win32k Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8495 Kerberos SNAME Security Feature Bypass Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8501 Microsoft Office Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8502 Microsoft Office Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8556 Microsoft Graphics Component Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8557 Windows System Information Console Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8559 Microsoft Exchange Cross-Site Scripting Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8560 Microsoft Exchange Cross-Site Scripting Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8561 Windows Kernel Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8562 Windows ALPC Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8563 Windows Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8564 Windows Kernel Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8565 Windows PowerShell Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8566 Windows IME Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8569 SharePoint Server XSS Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8570 Office Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8571 Office Outlook Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8572 Office Outlook Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8573 Microsoft Graphics Component Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8574 Microsoft Graphics Component Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8577 Win32k Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8578 Win32k Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8580 Win32k Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8581 Win32k Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8582 Asp.Net Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8584 Hololens Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8585 .NET Denial of Service Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8587 Windows Explorer Denial of Service Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8588 WordPad Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8589 Windows Search Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8590 Windows CLFS Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8592 Microsoft Browser Security Feature Bypass
  ips:12885 Microsoft Browser Security Feature Bypass (JUL 17)

• CVE-2017-8594 Internet Explorer Memory Corruption Vulnerability
  ips:12886 Internet Explorer Memory Corruption Vulnerability (JUL 17)

• CVE-2017-8595 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8596 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8598 Scripting Engine Memory Corruption Vulnerability
  ips:12887 Scripting Engine Memory Corruption Vulnerability (JUL 17) 1

• CVE-2017-8599 Microsoft Edge Security Feature Bypass Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8601 Scripting Engine Memory Corruption Vulnerability
  ips:12888 Scripting Engine Memory Corruption Vulnerability (JUL 17) 2

• CVE-2017-8602 Microsoft Browser Spoofing Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8603 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8604 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8605 Scripting Engine Memory Corruption Vulnerability
  ips:12889 Scripting Engine Memory Corruption Vulnerability (JUL 17) 3

• CVE-2017-8606 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8607 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8608 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8609 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8610 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8611 Microsoft Edge Spoofing Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8617 Microsoft Edge Remote Code Execution Vulnerability
  ips:12890 Microsoft Edge Remote Code Execut
  ion Vulnerability (JUL 17) 1

• CVE-2017-8618 Internet Explorer Remote Code Execution Vulnerability
  ips:12892 Internet Explorer Remote Code Execution Vulnerability (JUL 17) 1

• CVE-2017-8619 Microsoft Edge Remote Code Execution Vulnerability
  ips:12891 Microsoft Edge Remote Code Execution Vulnerability (JUL 17) 2

• CVE-2017-8621 Microsoft Exchange Open Redirect Vulnerability
  There are no known exploits in the wild.

Adobe Coverage

APSB17-21 Security updates for Adobe Flash Player:

• CVE-2017-3080 
  spy:1526 Malformed-File dll.MP.1

• CVE-2017-3099 
  spy:1527 Malformed-File swf.MP.570

• CVE-2017-3100 
  spy:1528 Malformed-File swf.MP.571

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.