Posts

Microsoft Security Bulletin Coverage for October 2018

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of October 2018. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2010-3190 MFC Insecure Library Loading Vulnerability
There are no known exploits in the wild.
CVE-2018-8265 Microsoft Exchange Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8320 Windows DNS Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8329 Linux On Windows Elevation Of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8330 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8333 Microsoft Filter Manager Elevation Of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8411 NTFS Elevation of Privilege Vulnerability
ASPY 5282 : Malformed-File exe.MP.38
CVE-2018-8413 Windows Theme API Remote Code Execution Vulnerability
ASPY 5283 : Malformed-File theme.MP
CVE-2018-8423 Microsoft JET Database Engine Remote Code Execution Vulnerability
ASPY 5271 : Malformed-File mdb.TL.4
ASPY 5272 : Malformed-File mdb.TL.5
CVE-2018-8427 Microsoft Graphics Components Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8432 Microsoft Graphics Components Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8448 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8453 Win32k Elevation of Privilege Vulnerability
ASPY 5284 : Malformed-File exe.MP.39
CVE-2018-8460 Internet Explorer Memory Corruption Vulnerability
IPS 13639 : Internet Explorer Memory Corruption Vulnerability (OCT 18) 1
CVE-2018-8472 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8473 Microsoft Edge Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8480 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8481 Windows Media Player Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8482 Windows Media Player Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8484 DirectX Graphics Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8486 DirectX Information Disclosure Vulnerability
IPS 5285 : Malformed-File exe.MP.40
CVE-2018-8488 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8489 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8490 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8491 Internet Explorer Memory Corruption Vulnerability
IPS 13640 : Internet Explorer Memory Corruption Vulnerability (OCT 18) 2
CVE-2018-8492 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8493 Windows TCP/IP Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8494 MS XML Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8495 Windows Shell Remote Code Execution Vulnerability
IPS 13637 : Windows Shell Remote Code Execution Vulnerability (OCT 18) 1
CVE-2018-8497 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8498 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8500 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8501 Microsoft PowerPoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8502 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8503 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8504 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8505 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13636 : Chakra Scripting Engine Memory Corruption Vulnerability (OCT 18) 1
CVE-2018-8506 Microsoft Windows Codecs Library Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8509 Microsoft Edge Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8510 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8511 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8512 Microsoft Edge Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8513 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8518 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8527 SQL Server Management Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8530 Microsoft Edge Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8531 Azure IoT Device Client SDK Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8532 SQL Server Management Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8533 SQL Server Management Studio Information Disclosure Vulnerability
There are no known exploits in the wild.

Microsoft Security Bulletins Coverage (April 12, 2011)

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of April, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-018 Cumulative Security Update for Internet Explorer (2497640)

  • CVE-2011-0094 – Layouts Handling Memory Corruption Vulnerability
    IPS 6432 MS IE Memory Corruption Vulnerability
  • CVE-2011-0346 – MSHTML Memory Corruption Vulnerability
    There is no feasable method of detection.
  • CVE-2011-1245 – Javascript Information Disclosure Vulnerability
    IPS 6435 MS IE Javascript Information Disclosure Vulnerability
  • CVE-2011-1345 – Object Management Memory Corruption Vulnerability
    IPS 6427 MS IE Double Release Object Vulnerability
    IPS 6428 MS IE Double Release Object Vulnerability 2
    GAV IExploit.A6428

MS11-019 Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)

  • CVE-2011-0654 – Browser Pool Corruption Vulnerability
    IPS 6248 Generic Netbios Shellcode Exploit
  • CVE-2011-0660 – SMB Client Response Parsing Vulnerability
    IPS 6436 SMB Client Response Parsing Vulnerability Exploit

MS11-020 Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)

  • CVE-2011-0661 – SMB Transaction Parsing Vulnerability
    There is no feasable method of detection.

MS11-021 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)

  • CVE-2011-0097 – Excel Integer Overrun Vulnerability
    GAV MS.Xsl.E
  • CVE-2011-0098 – Excel Heap Overflow Vulnerability
    GAV MS.Xsl.E_2
  • CVE-2011-0101 – Excel Record Parsing WriteAV Vulnerability
    GAV MS.Xsl.E_3
  • CVE-2011-0103 – Excel Memory Corruption Vulnerability
    GAV MS.Xsl.E_5
  • CVE-2011-0104 – Excel Buffer Overwrite Vulnerability
    GAV Hlink.BO.A
    GAV Hlink.BO.B
  • CVE-2011-0105 – Excel Data Initialization Vulnerability
    GAV MS.Xsl.E_6
  • CVE-2011-0978 – Excel Array Indexing Vulnerability
    GAV MS.Xsl.E_7
  • CVE-2011-0979 – Excel Linked List Corruption Vulnerability
    GAV MS.Xsl.E_8
  • CVE-2011-0980 – Excel Dangling Pointer Vulnerability
    GAV MS.Xsl.E_4

MS11-022 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)

  • CVE-2011-0685 – Floating Point Techno-color Time Bandit RCE Vulnerability
    GAV MS.Ppt.E
  • CVE-2011-0656 – Persist Directory RCE Vulnerability
    GAV MS.Ppt.E_2
  • CVE-2011-0976 – OfficeArt Atom RCE Vulnerability
    GAV MS.Ppt.E_3

MS11-023 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)

  • CVE-2011-0107 – Office Component Insecure Library Loading Vulnerability
    IPS 5726 Possible Binary Planting Attempt
  • CVE-2011-0977 – Microsoft Office Graphic Object Dereferencing Vulnerability
    GAV MS.Xsl.E_9

MS11-024 Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)

  • CVE-2010-3974 – Fax Cover Page Editor Memory Corruption Vulnerability
    GAV MS.cov.E

MS11-025 Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)

  • CVE-2010-3190 – MFC Insecure Library Loading Vulnerability
    IPS 5726 Possible Binary Planting Attempt

MS11-026 Vulnerability in MHTML Could Allow Information Disclosure (2503658)

  • CVE-2011-0096 – MHTML Mime-Formatted Request Vulnerability
    IPS 6205 MHTML Protocol Handler XSS Attack Attempt 4

MS11-027 Cumulative Security Update of ActiveX Kill Bits (2508272)

  • CVE-2010-0811 – Microsoft Internet Explorer 8 Developer Tools Vulnerability
    IPS 6437 MS Windows IE8 Developer Tools ActiveX Invocation Attempt
  • CVE-2010-3973 – Microsoft WMITools ActiveX Control Vulnerability
    IPS 6434 MS Windows WMITools ActiveX Control Invocation Attempt
  • CVE-2011-1243 – Microsoft Windows Messenger ActiveX Control Vulnerability
    IPS 6433 MS Windows Live Messenger ActiveX invocation attempt

MS11-028 Vulnera
bility in .NET Framework Could Allow Remote Code Execution (2484015)

  • CVE-2010-3958 – NET Framework Stack Corruption Vulnerability
    This is a local vulnerability.

MS11-029 Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)

  • CVE-2011-0041 – GDI+ Integer Overflow Vulnerability
    GAV ms11-029.ms

MS11-030 Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)

  • CVE-2011-0657 – DNS Query Vulnerability
    There is no feasable method of detection.

MS11-031 Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)

  • CVE-2011-0663 – Scripting Memory Reallocation Vulnerability
    There is no feasable method of detection.

MS11-032 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)

  • CVE-2011-0034 – OpenType Font Stack Overflow Vulnerability
    IPS 6438 MS OpenType Font Stack Overflow Exploit

MS11-033 Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)

  • CVE-2011-0028 – WordPad Converter Parsing Vulnerability
    GAV ms11-033.ms.ttextflow
    GAV ms11-033.ms.tsplit

MS11-034 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)

  • CVE-2011-0662 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0665 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0666 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0667 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0670 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0671 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0672 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0673 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0674 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0675 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0676 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0677 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1225 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1226 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1227 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1228 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1229 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1230 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1231 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1232 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1233 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1234 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1235 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1236 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1237 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1238 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1239 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1240 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1241 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1242 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability