Microsoft Security Bulletin Coverage for July 2018

By

SonicWall Capture Labs Threats Research Team has analyzed and addressed Microsoft’s security advisories for the month of July 2018. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2018-0949 Internet Explorer Security Feature Bypass Vulnerability
IPS : 13412 Internet Explorer Security Feature Bypass Vulnerability (JUL 18)
CVE-2018-8125 Chakra Scripting Engine Memory Corruption Vulnerability
IPS : 13418 Chakra Scripting Engine Memory Corruption Vulnerability (JUL 18)
CVE-2018-8171 ASP.NET Core Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8172 Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8202 .NET Framework Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8206 Windows FTP Server Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8222 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8232 Microsoft Macro Assembler Tampering Vulnerability
There are no known exploits in the wild.
CVE-2018-8238 Skype for Business and Lync Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8242 Scripting Engine Memory Corruption Vulnerability
13414Scripting Engine Memory Corruption Vulnerability (JUL 18) 4
CVE-2018-8260 .NET Framework Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8262 Microsoft Edge Memory Corruption Vulnerability
IPS : 13415 Microsoft Edge Memory Corruption Vulnerability (JUL 18) 1
CVE-2018-8274 Microsoft Edge Memory Corruption Vulnerability
IPS : 13417 Microsoft Edge Memory Corruption Vulnerability (JUL 18) 2
CVE-2018-8275 Scripting Engine Memory Corruption Vulnerability
IPS : 13416 Scripting Engine Memory Corruption Vulnerability (JUL 18) 5
CVE-2018-8276 Scripting Engine Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8278 Microsoft Edge Spoofing Vulnerability
IPS : 13419Microsoft Edge Spoofing Vulnerability (JUL 18)
CVE-2018-8279 Scripting Engine Memory Corruption Vulnerability
IPS : 13420Microsoft Edge Memory Corruption Vulnerability (JUL 18) 3
CVE-2018-8280 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8281 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8282 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8283 Scripting Engine Memory Corruption Vulnerability
IPS : 13421 Scripting Engine Memory Corruption Vulnerability (JUL 18) 6
CVE-2018-8284 .NET Framework Remote Code Injection Vulnerability
There are no known exploits in the wild.
CVE-2018-8286 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8287 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8288 Scripting Engine Memory Corruption Vulnerability
IPS : 13422 Scripting Engine Memory Corruption Vulnerability (JUL 18) 7
CVE-2018-8289 Microsoft Edge Information Disclosure Vulnerability
IPS : 13423 Microsoft Edge Information Disclosure Vulnerability (JUL 18) 3
CVE-2018-8290 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8291 Scripting Engine Memory Corruption Vulnerability
IPS : 13407 Scripting Engine Memory Corruption Vulnerability (JUL 18) 1
CVE-2018-8294 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8296 Scripting Engine Memory Corruption Vulnerability
IPS : 13410 Scripting Engine Memory Corruption Vulnerability (JUL 18) 3
CVE-2018-8297 Microsoft Edge Information Disclosure Vulnerability
IPS : 13408 Microsoft Edge Information Disclosure Vulnerability (JUL 18) 1
CVE-2018-8298 Scripting Engine Memory Corruption Vulnerability
IPS : 13409 Scripting Engine Memory Corruption Vulnerability (JUL 18) 2
CVE-2018-8299 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8300 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8301 Microsoft Edge Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8304 Windows DNSAPI Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8305 Windows Mail Client Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8306 Microsoft Wireless Display Adapter Command Injection Vulnerability
There are no known exploits in the wild.
CVE-2018-8307 WordPad Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8308 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8309 Windows Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8310 Microsoft Office Tampering Vulnerability
There are no known exploits in the wild.
CVE-2018-8311 Remote Code Execution Vulnerability in Skype For Business and Lync
There are no known exploits in the wild.
CVE-2018-8312 Microsoft Access Remote Code Execution Use After Free Vulnerability
There are no known exploits in the wild.
CVE-2018-8313 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8314 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8319 MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8323 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8324 Microsoft Edge Information Disclosure Vulnerability
IPS : 13411 Microsoft Edge Information Disclosure Vulnerability (JUL 18) 2
CVE-2018-8325 Microsoft Edge Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8326 Open Source Customization for Active Directory Federation Services XSS Vulnerability
There are no known exploits in the wild.
CVE-2018-8327 PowerShell Editor Services Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8356 .NET Framework Security Feature Bypass Vulnerability
There are no known exploits in the wild.

Adobe Flash (APSB18-24 ) and Adobe Reader (APSB18-21) Coverage :

CVE-2018-5007 Arbitrary Code Execution
ASPY: 5192 Malformed-File swf.MP.595
CVE-2018-5008 Information Disclosure
ASPY: 5189 Malformed-File swf.MP.594

CVE-2018-5028 Heap Overflow
ASPY : 5188 Malformed-File xps.MP.5
CVE-2018-5040 Heap Overflow
ASPY : 5184 Malformed-File pdf.MP.317
CVE-2018-5052 Heap Overflow
ASPY : 5185 Malformed-File pdf.MP.318
CVE-2018-5061 Out-of-bounds read
ASPY : 5186 Malformed-File emf.MP.63
CVE-2018-12789 Out-of-bounds read
ASPY : 5187 Malformed-File emf.MP.64

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.