Microsoft Security Bulletin Coverage for September 2018

By

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of September 2018. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2018-0965 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8269 OData Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8271 Windows Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8315 Microsoft Scripting Engine Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8331 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8332 Win32k Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8335 Windows SMB Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8336 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8337 Windows Subsystem for Linux Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8354 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8366 Microsoft Edge Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8367 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13598 : Chakra Scripting Engine Memory Corruption Vulnerability (SEP 18) 3
CVE-2018-8391 Scripting Engine Memory Corruption Vulnerability
IPS 13599 : Chakra Scripting Engine Memory Corruption Vulnerability (SEP 18) 4
CVE-2018-8392 Microsoft JET Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8393 Microsoft JET Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8409 ASP.NET Core Denial of Service
There are no known exploits in the wild.
CVE-2018-8410 Windows Registry Elevation of Privilege Vulnerability
ASPY 5251 : Malformed-File exe.MP.36
CVE-2018-8419 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8420 MS XML Remote Code Execution Vulnerability
IPS  13600 : MS XML Remote Code Execution Vulnerability (SEP 18)
CVE-2018-8421 .NET Framework Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8423 Microsoft JET Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8424 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8425 Microsoft Edge Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2018-8426 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2018-8428 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8429 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8430 Word PDF Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8431 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8433 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8434 Windows Hyper-V Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8435 Windows Hyper-V Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8436 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8437 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8438 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8439 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8440 Windows ALPC Elevation of Privilege Vulnerability
GAV 2809 : Injector.PC
CVE-2018-8441 Windows Subsystem for Linux Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8442 Windows Kernel Information Disclosure Vulnerability
SPY 5252 : Malformed-File exe.MP.37
CVE-2018-8443 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8444 Windows SMB Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8445 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8446
There are no known exploits in the wild.
CVE-2018-8447 Internet Explorer Memory Corruption Vulnerability
IPS 13601 : Internet Explorer Memory Corruption Vulnerability (SEP 18) 1
CVE-2018-8449 Device Guard Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8452 Scripting Engine Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8455 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8456 Scripting Engine Memory Corruption Vulnerability
IPS 13602 : Chakra Scripting Engine Memory Corruption Vulnerability (SEP 18) 5
CVE-2018-8457 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8459 Scripting Engine Memory Corruption Vulnerability
IPS 13603 : Chakra Scripting Engine Memory Corruption Vulnerability (SEP 18) 6
CVE-2018-8461 Internet Explorer Memory Corruption Vulnerability
IPS 13604 : Internet Explorer Memory Corruption Vulnerability (SEP 18) 2
CVE-2018-8462 DirectX Graphics Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8463 Microsoft Edge Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8464 Microsoft Edge PDF Remote Code Execution Vulnerability
ASPY 5244 : Malformed-File pdf.MP.320
CVE-2018-8465 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8466 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13594 : Chakra Scripting Engine Memory Corruption Vulnerability (SEP 18) 1
CVE-2018-8467 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13595 : Chakra Scripting Engine Memory Corruption Vulnerability (SEP 18) 2
CVE-2018-8468 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8469 Microsoft Edge Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8470 Internet Explorer Security Feature Bypass Vulnerability
IPS 13597 : Internet Explorer Security Feature Bypass Vulnerability (SEP 18)
CVE-2018-8474 Lync for Mac 2011 Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8475 Windows Remote Code Execution Vulnerability
ASPY 5253 : Malformed-File tif.MP.23
CVE-2018-8479 Azure IoT SDK Spoofing Vulnerability
There are no known exploits in the wild.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.