Microsoft Security Bulletin Coverage for December 2017

By

SonicWall has analyzed and addressed Microsoft’s security advisories for the month of December, 2017. A list of issues reported, along with SonicWall coverage information are as follows:

  • CVE-2017-11885 Windows RRAS Service Remote Code Execution Vulnerability
    IPS:7037 Suspicious SMB Traffic -ts 7

  • CVE-2017-11886 Scripting Engine Memory Corruption Vulnerability
    IPS:11665 Scripting Engine Memory Corruption Vulnerability (MS16-063) 2

  • CVE-2017-11887 Scripting Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11888 Microsoft Edge Memory Corruption Vulnerability
    SPY:5049 Malformed-File html.MP.71

  • CVE-2017-11889 Scripting Engine Memory Corruption Vulnerability
    IPS:13119 Scripting Engine Memory Corruption Vulnerability (DEC 17) 10

  • CVE-2017-11890 Scripting Engine Memory Corruption Vulnerability
    IPS:13118 Scripting Engine Memory Corruption Vulnerability (DEC 17) 9

  • CVE-2017-11893 Scripting Engine Memory Corruption Vulnerability
    IPS:13117 Scripting Engine Memory Corruption Vulnerability (DEC 17) 8

  • CVE-2017-11894 Scripting Engine Memory Corruption Vulnerability
    IPS:13116 Scripting Engine Memory Corruption Vulnerability (DEC 17) 7

  • CVE-2017-11895 Scripting Engine Memory Corruption Vulnerability
    IPS:13115 Scripting Engine Memory Corruption Vulnerability (DEC 17) 6

  • CVE-2017-11899 Microsoft Windows Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11901 Scripting Engine Memory Corruption Vulnerability
    IPS:13114 Scripting Engine Memory Corruption Vulnerability (DEC 17) 5

  • CVE-2017-11903 Scripting Engine Memory Corruption Vulnerability
    IPS:13113 Scripting Engine Memory Corruption Vulnerability (DEC 17) 4

  • CVE-2017-11905 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11906 Scripting Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11907 Scripting Engine Memory Corruption Vulnerability
    IPS:13109 Scripting Engine Memory Corruption Vulnerability (DEC 17) 1

  • CVE-2017-11908 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11909 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11910 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11911 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11912 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11913 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11914 Scripting Engine Memory Corruption Vulnerability
    IPS:13110 Scripting Engine Memory Corruption Vulnerability (DEC 17) 2

  • CVE-2017-11916 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11918 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11919 Scripting Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11927 Microsoft Windows Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11930 Scripting Engine Memory Corruption Vulnerability
    IPS:13111 Scripting Engine Memory Corruption Vulnerability (DEC 17) 3

  • CVE-2017-11932 Microsoft Exchange Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11934 Microsoft PowerPoint Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11935 Microsoft Excel Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11936 Microsoft SharePoint Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11937 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11939 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11940 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
    There are no known exploits in the wild.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.