Microsoft Security Bulletin Coverage for September 2017

SonicWall has analyzed and addressed Microsoft’s security advisories for the month of September, 2017. A list of issues reported, along with SonicWall coverage information are as follows:

Microsoft Coverage

• CVE-2017-0161 NetBIOS Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-11761 Microsoft Exchange Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-11764 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-11766 Microsoft Edge Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8567 Microsoft Office Remote Code Execution
  There are no known exploits in the wild.

• CVE-2017-8597 Microsoft Edge Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8628 Microsoft Bluetooth Driver Spoofing Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8629 Microsoft SharePoint XSS Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8630 Microsoft Office Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8631 Microsoft Office Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8632 Microsoft Office Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8643 Microsoft Edge Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8648 Microsoft Edge Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8649 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8660 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8675 Win32k Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8676 Windows GDI+ Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8677 Win32k Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8678 Win32k Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8679 Windows Kernel Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8680 Win32k Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8681 Win32k Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8682 Win32k Graphics Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8683 Win32k Graphics Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8684 Windows GDI+ Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8685 Windows GDI+ Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8686 Windows DHCP Server Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8687 Win32k Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8688 Windows GDI+ Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8692 Uniscribe Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8695 Graphics Component Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8696 Microsoft Graphics Component Remote Code Execution
  There are no known exploits in the wild.

• CVE-2017-8699 Windows Shell Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8702 Windows Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8704 Hyper-V Denial of Service Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8706 Hyper-V Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8707 Hyper-V Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8708 Windows Kernel Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8709 Windows Kernel Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8710 Windows Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8711 Hyper-V Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8712 Hyper-V Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8713 Hyper-V Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8714 Remote Desktop Virtual Host Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8716 Windows Security Feature Bypass Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8719 Windows Kernel Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8720 Win32k Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8723 Microsoft Edge Security Feature Bypass Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8724 Microsoft Edge Spoofing Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8725 Microsoft Office Publisher Remote Code Execution
  There are no known exploits in the wild.

• CVE-2017-8728 Microsoft PDF Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8729 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8731 Microsoft Edge Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8733 Internet Explorer Spoofing Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8734 Microsoft Edge Memory Corruption Vulnerability
  ips:12977
   Microsoft Edge Memory Corruption Vulnerability (SEP 17) 1

• CVE-2017-8735 Microsoft Edge Spoofing Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8736 Microsoft Browser Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8737 Microsoft PDF Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8738 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8739 Scripting Engine Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8740 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8741 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8742 PowerPoint Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8743 PowerPoint Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8744 Microsoft Office Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8745 Microsoft SharePoint Cross Site Scripting Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8746 Device Guard Security Feature Bypass Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8747 Internet Explorer Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8748 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8749 Internet Explorer Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8750 Microsoft Browser Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8751 Microsoft Edge Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8752 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8753 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8754 Microsoft Edge Security Feature Bypass Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8755 Microsoft Edge Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8756 Microsoft Edge Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8757 Microsoft Edge Remote Code Execution Vulnerability
  ips:12978 Microsoft Edge Remote Code Execution Vulnerability (SEP 17) 1

• CVE-2017-8758 Microsoft Exchange Cross-Site Scripting Vulnerability
  There are no known exploits in the wild.

• CVE-2017-8759 .NET Framework Remote Code Execution Vulnerability
  ips:12980 .NET Framework Remote Code Execution Vulnerability (Sep 17)

• CVE-2017-9417 Broadcom BCM43xx Remote Code Execution Vulnerability
  There are no known exploits in the wild.

Adobe Coverage

• CVE-2017-11281 Adobe Flash Player Memory Corruption Vulnerability 
  spy:1572 Malformed-File mp4.MP.2

• CVE-2017-11281 Adobe Flash Player Memory Corruption Vulnerability 
  spy:1573 Malformed-File mp4.MP.3

• CVE-2017-11282 Adobe Flash Player Memory Corruption Vulnerability 
  spy:1574 Malformed-File swf.MP.573

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.