Microsoft Security Update August 2018

By

Zero day CVE’s in the wild:

Find below the two zero day CVE’s for which SonicWall has provided protection with the specified signatures

CVE-2018-8414 Windows Shell Remote Code Execution Vulnerability

This is publicly known and being exploited in the wild.  Windows safe file formats have been abused by attackers for running malicious shell commands. Remote code execution can be achieved with minimal to no user interaction.

GAV: 15756 DeepLink.B_3

CVE-2018-8373 Internet Explorer Memory Corruption Vulnerability

A memory corruption vulnerability exists in the Microsoft Windows VBScript engine due to incorrect handling of a dynamic Array variable. A remote attacker can exploit this vulnerability by enticing a user to open a crafted web page using Internet Explorer or a crafted Microsoft Office document.

IPS: 13465 Scripting Engine Memory Corruption Vulnerability (AUG 18) 3

Critical & Important vulnerabilities:

Find below the other critical & important vulnerabilities for which SonicWall has provided protection with the specified signatures:

CVE-2018-8266 Chakra Scripting Engine Memory Corruption Vulnerability
IPS: 13463 Chakra Scripting Engine Memory Corruption Vulnerability (AUG 18) 1
CVE-2018-8344 Microsoft Graphics Remote Code Execution Vulnerability
IPS: 13464 Microsoft Graphics Remote Code Execution Vulnerability (AUG 18)
CVE-2018-8345 LNK Remote Code Execution Vulnerability
SPY: 5225 Malformed-File lnk.MP.3
CVE-2018-8353 Scripting Engine Memory Corruption Vulnerability
IPS: 13458 Scripting Engine Memory Corruption Vulnerability (AUG 18) 1
CVE-2018-8355 Chakra Scripting Engine Memory Corruption Vulnerability
IPS: 13454 Scripting Engine Memory Corruption Vulnerability (AUG 18) 2
CVE-2018-8371 Internet Explorer Memory Corruption Vulnerability
IPS: 11663 Scripting Engine Memory Corruption Vulnerability 1
CVE-2018-8372 Chakra Scripting Engine Memory Corruption Vulnerability
IPS: 13454 Scripting Engine Memory Corruption Vulnerability (AUG 18) 1
CVE-2018-8376 Microsoft PowerPoint Remote Code Exectuion Vulnerability
SPY: 5221 Malformed-File pps.MP.2
CVE-2018-8379 Microsoft Excel Remote Code Execution Vulnerability
IPS: 13456 Microsoft Excel Remote Code Execution (AUG 18)
CVE-2018-8383 Microsoft Edge Spoofing Vulnerability
IPS: 13455 Microsoft Edge Spoofing Vulnerability (AUG 18)
CVE-2018-8384 Chakra Scripting Engine Memory Corruption Vulnerability
IPS: 13459 Chakra Scripting Engine Memory Corruption Vulnerability (AUG 18) 3
CVE-2018-8387 Microsoft Edge Memory Corruption Vulnerability
IPS: 13460 Microsoft Edge Memory Corruption Vulnerability (AUG 18)
CVE-2018-8389 Internet Explorer Memory Corruption Vulnerability
IPS: 13461 Internet Explorer Memory Corruption Vulnerability (AUG 18)
CVE-2018-8403 Microsoft Browser Memory Corruption Vulnerability
IPS: 13462 Microsoft Browser Memory Corruption Vulnerability (AUG 18)
CVE-2018-8401 DirectX Graphics Kernel Elevation of Privilege Vulnerability
GAV: CVE-2018-8401 (Exploit)
CVE-2018-8404 Win32k Elevation of Privilege Vulnerability
GAV: CVE-2018-8404 (Exploit)
CVE-2018-8405 DirectX Graphics Kernel Elevation of Privilege Vulnerability
GAV: CVE-2018-8405 (Exploit)
CVE-2018-8406 DirectX Graphics Kernel Elevation of Privilege Vulnerability
GAV: CVE-2018-8406 (Exploit)

Find below the additional vulnerabilities that are not active or publicly known. SonicWall may release signatures as vulnerability information becomes available:

CVE-2018-0952 Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability
CVE-2018-8200 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2018-8204 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2018-8253 Cortana Elevation of Privilege Vulnerability
CVE-2018-8273 Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2018-8302 Microsoft Exchange Memory Corruption Vulnerability
CVE-2018-8316 Internet Explorer Remote Code Execution Vulnerability
CVE-2018-8338 Windows DHCP Server Remote Code Execution Vulnerability
CVE-2018-8339 Windows Installer Elevation of Privilege Vulnerability
CVE-2018-8340 ADFS Security Feature Bypass Vulnerability
CVE-2018-8341 Windows Kernel Information Disclosure Vulnerability
CVE-2018-8342 Windows NDIS Elevation of Privilege Vulnerability
CVE-2018-8343 Windows NDIS Elevation of Privilege Vulnerability
CVE-2018-8346 LNK Remote Code Execution Vulnerability
CVE-2018-8347 Windows Kernel Elevation of Privilege Vulnerability
CVE-2018-8348 Windows Kernel Information Disclosure Vulnerability
CVE-2018-8349 Microsoft COM for Windows Remote Code Execution Vulnerability
CVE-2018-8350 Windows PDF Remote Code Execution Vulnerability
CVE-2018-8351 Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8357 Internet Explorer Elevation of Privilege Vulnerability
CVE-2018-8358 Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8359 Scripting Engine Information Disclosure Vulnerability
CVE-2018-8360 .NET Framework Information Disclosure Vulnerability
CVE-2018-8370 Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8374 Microsoft Exchange Elevation of Privilege Vulnerability
CVE-2018-8377 Microsoft Edge Memory Corruption Vulnerability
CVE-2018-8378 Microsoft Office Information Disclosure Vulnerability
CVE-2018-8380 Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8381 Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8382 Microsoft Excel Information Disclosure Vulnerability
CVE-2018-8385 Scripting Engine Memory Corruption Vulnerability
CVE-2018-8388 Microsoft Edge Elevation of Privilege Vulnerability
CVE-2018-8390 Scripting Engine Memory Corruption Vulnerability
CVE-2018-8394 Windows GDI Information Disclosure Vulnerability
CVE-2018-8395 Microsoft Edge Spoofing Vulnerability
CVE-2018-8396 Windows GDI Information Disclosure Vulnerability
CVE-2018-8397 GDI+ Remote Code Execution Vulnerability
CVE-2018-8398 Windows GDI Information Disclosure Vulnerability
CVE-2018-8399 Win32k Elevation of Privilege Vulnerability
CVE-2018-8400 DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2018-8412 Microsoft (MAU) Office Elevation of Privilege Vulnerability

Adobe Flash Security Bulletin APSB18-25

CVE-2018-12824  Out-of-bounds read
SPY: 5219 Malformed-File swf.MP.223
CVE-2018-12825  Security bypass
SPY: 5223 Malformed-File swf.MP.225
CVE-2018-12826  Out-of-bounds read
SPY: 5222 Malformed-File swf.MP.224
CVE-2018-12827  Out-of-bounds read
SPY: 5224 Malformed-File swf.MP.226
CVE-2018-12828 Use of a component with a known vulnerability

Adobe Reader Security Bulletin APSB18-29

CVE-2018-12799 Untrusted pointer dereference
SPY: 5220 malformed-File pdf.MP.319
CVE-2018-12808 Out-of-bounds write

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.