Microsoft Security Bulletin Coverage for January 2018

SonicWall has analyzed and addressed Microsoft’s security advisories for the month of January, 2018. A list of issues reported, along with SonicWall coverage information are as follows:

• CVE-2018-0741 Microsoft Color Management Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0743 Windows Subsystem for Linux Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0744 Windows Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0745 Windows Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0746 Windows Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0747 Windows Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0748 Windows Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0749 SMB Server Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0750 Windows GDI Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0751 Windows Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0752 Windows Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0753 Windows IPSec Denial of Service Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0754 OpenType Font Driver Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0758 Scripting Engine Memory Corruption Vulnerability
  IPS:13155 Scripting Engine Memory Corruption Vulnerability (JAN 18) 1

• CVE-2018-0762 Scripting Engine Memory Corruption Vulnerability
  IPS:13156 Scripting Engine Memory Corruption Vulnerability (JAN 18) 2

• CVE-2018-0764 .NET and .NET Core Denial Of Service Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0766 Microsoft Edge Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0767 Scripting Engine Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0768 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0769 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0770 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0772 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0773 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0774 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0775 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0776 Scripting Engine Memory Corruption Vulnerability
  IPS:13157 Scripting Engine Memory Corruption Vulnerability (JAN 18) 3

• CVE-2018-0777 Scripting Engine Memory Corruption Vulnerability
  IPS:13158 Scripting Engine Memory Corruption Vulnerability (JAN 18) 4

• CVE-2018-0778 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0780 Scripting Engine Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0781 Scripting Engine Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0784 ASP.NET Core Elevation Of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0785 ASP.NET Core Cross Site Request Forgery Vulnerabilty
  There are no known exploits in the wild.

• CVE-2018-0786 .NET Security Feature Bypass Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0787 ASP.NET Core Elevation Of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0788 OpenType Font Driver Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0789 Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0790 Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0791 Microsoft Outlook Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0792 Microsoft Word Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0793 Microsoft Outlook Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0794 Microsoft Word Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0795 Microsoft Office Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0796 Microsoft Excel Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0797 Microsoft Word Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0798 Microsoft Office Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0799 Microsoft Access Tampering Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0800 Scripting Engine Information Disclosure Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0801 Microsoft Office Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0802 Microsoft Office Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0803 Microsoft Edge Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0804 Microsoft Word Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0805 Microsoft Word Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0806 Microsoft Word Remote Code Execution Vulnerability
  There are no known expl
  oits in the wild.

• CVE-2018-0807 Microsoft Word Remote Code Execution Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0808 ASP.NET Core Denial Of Service Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0812 Microsoft Word Memory Corruption Vulnerability
  There are no known exploits in the wild.

• CVE-2018-0818 Scripting Engine Security Feature Bypass
  There are no known exploits in the wild.

• CVE-2018-0819 Spoofing Vulnerability in Microsoft Office for MAC
  There are no known exploits in the wild.

Adobe vulnerabilities:

APSB18-01 Security updates for Adobe Flash Player:

• CVE-2018-4871 Adobe Flash Player Information Disclosure Vulnerability
  SPY:5055 Malformed-File atf.MP.2

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.