Microsoft Security Bulletin Coverage for October 2018

By

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of October 2018. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2010-3190 MFC Insecure Library Loading Vulnerability
There are no known exploits in the wild.
CVE-2018-8265 Microsoft Exchange Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8320 Windows DNS Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8329 Linux On Windows Elevation Of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8330 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8333 Microsoft Filter Manager Elevation Of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8411 NTFS Elevation of Privilege Vulnerability
ASPY 5282 : Malformed-File exe.MP.38
CVE-2018-8413 Windows Theme API Remote Code Execution Vulnerability
ASPY 5283 : Malformed-File theme.MP
CVE-2018-8423 Microsoft JET Database Engine Remote Code Execution Vulnerability
ASPY 5271 : Malformed-File mdb.TL.4
ASPY 5272 : Malformed-File mdb.TL.5
CVE-2018-8427 Microsoft Graphics Components Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8432 Microsoft Graphics Components Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8448 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8453 Win32k Elevation of Privilege Vulnerability
ASPY 5284 : Malformed-File exe.MP.39
CVE-2018-8460 Internet Explorer Memory Corruption Vulnerability
IPS 13639 : Internet Explorer Memory Corruption Vulnerability (OCT 18) 1
CVE-2018-8472 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8473 Microsoft Edge Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8480 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8481 Windows Media Player Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8482 Windows Media Player Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8484 DirectX Graphics Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8486 DirectX Information Disclosure Vulnerability
IPS 5285 : Malformed-File exe.MP.40
CVE-2018-8488 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8489 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8490 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8491 Internet Explorer Memory Corruption Vulnerability
IPS 13640 : Internet Explorer Memory Corruption Vulnerability (OCT 18) 2
CVE-2018-8492 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8493 Windows TCP/IP Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8494 MS XML Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8495 Windows Shell Remote Code Execution Vulnerability
IPS 13637 : Windows Shell Remote Code Execution Vulnerability (OCT 18) 1
CVE-2018-8497 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8498 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8500 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8501 Microsoft PowerPoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8502 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8503 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8504 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8505 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13636 : Chakra Scripting Engine Memory Corruption Vulnerability (OCT 18) 1
CVE-2018-8506 Microsoft Windows Codecs Library Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8509 Microsoft Edge Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8510 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8511 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8512 Microsoft Edge Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8513 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8518 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8527 SQL Server Management Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8530 Microsoft Edge Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8531 Azure IoT Device Client SDK Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8532 SQL Server Management Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8533 SQL Server Management Studio Information Disclosure Vulnerability
There are no known exploits in the wild.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.