Microsoft Security Bulletin Coverage for November 2017

By

SonicWall Capture Labs Threat Research teamhas analyzed and addressed Microsoft’s security advisories for the month of November, 2017. A list of issues reported, along with SonicWall coverage information are as follows:

Microsoft Coverages

  • CVE-2017-11768 Windows Media Player Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11770 .NET CORE Denial Of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11788 Windows Search Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11791 Scripting Engine Information Disclosure Vulnerability
    IPS:13065 Scripting Engine Memory Corruption Vulnerability (Nov 17) 9

  • CVE-2017-11803 Microsoft Edge Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11827 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11830 Device Guard Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11831 Windows Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11832 Windows EOT Font Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11833 Microsoft Edge Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11834 Scripting Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11835 Windows EOT Font Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11836 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11837 Scripting Engine Memory Corruption Vulnerability
    IPS:13066 Scripting Engine Memory Corruption Vulnerability (Nov 17) 5

  • CVE-2017-11838 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11839 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11840 Scripting Engine Memory Corruption Vulnerability
    IPS:13067 Scripting Engine Memory Corruption Vulnerability (Nov 17) 6

  • CVE-2017-11841 Scripting Engine Memory Corruption Vulnerability
    IPS:13068 Scripting Engine Memory Corruption Vulnerability (Nov 17) 7

  • CVE-2017-11842 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11843 Scripting Engine Memory Corruption Vulnerability
    IPS:13069 Scripting Engine Memory Corruption Vulnerability (Nov 17) 8

  • CVE-2017-11844 Microsoft Edge Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11845 Microsoft Edge Memory Corruption Vulnerability

    SPY:1616 Malformed-File html.MP.66

  • CVE-2017-11846 Scripting Engine Memory Corruption Vulnerability
    IPS:12784 Scripting Engine Memory Corruption Vulnerability (MAY 17) 4

  • CVE-2017-11847 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11848 Internet Explorer Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11849 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11850 Microsoft Graphics Component Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11851 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11852 Windows GDI Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11853 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11854 Microsoft Word Memory Corruption Vulnerability
    SPY:1614 Malformed-File rtf.MP.21

  • CVE-2017-11855 Internet Explorer Memory Corruption Vulnerability
    IPS:13071 Internet Explorer Memory Corruption Vulnerability (NOV 17) 1

  • CVE-2017-11856 Internet Explorer Memory Corruption Vulnerability
    IPS:13072 Internet Explorer Memory Corruption Vulnerability (NOV 17) 2

  • CVE-2017-11858 Scripting Engine Memory Corruption Vulnerability
    IPS:13059 Scripting Engine Memory Corruption Vulnerability (Nov 17) 1

  • CVE-2017-11861 Scripting Engine Memory Corruption Vulnerability
    IPS:13060 Scripting Engine Memory Corruption Vulnerability (Nov 17) 2

  • CVE-2017-11862 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11863 Microsoft Edge Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11866 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11869 Scripting Engine Memory Corruption Vulnerability
    IPS:13062 Scripting Engine Memory Corruption Vulnerability (Nov 17) 3

  • CVE-2017-11870 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11871 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11872 Microsoft Edge Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11873 Scripting Engine Memory Corruption Vulnerability
    IPS:13063 Scripting Engine Memory Corruption Vulnerability (Nov 17) 4

  • CVE-2017-11874 Microsoft Edge Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11876 Microsoft Project Server Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11877 Microsoft Excel Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11878 Microsoft Excel Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11879 ASP.NET Core Elevation Of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11880 Windows Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11882 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
    CVE-2017-11884 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8700 ASP.NET Core Information Disclosure Vulnerability
    There are no known exploits in the wild.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.