Posts

Microsoft Security Bulletin Coverage for October 2018

/in /by

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of October 2018. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2010-3190 MFC Insecure Library Loading Vulnerability
There are no known exploits in the wild.
CVE-2018-8265 Microsoft Exchange Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8320 Windows DNS Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8329 Linux On Windows Elevation Of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8330 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8333 Microsoft Filter Manager Elevation Of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8411 NTFS Elevation of Privilege Vulnerability
ASPY 5282 : Malformed-File exe.MP.38
CVE-2018-8413 Windows Theme API Remote Code Execution Vulnerability
ASPY 5283 : Malformed-File theme.MP
CVE-2018-8423 Microsoft JET Database Engine Remote Code Execution Vulnerability
ASPY 5271 : Malformed-File mdb.TL.4
ASPY 5272 : Malformed-File mdb.TL.5
CVE-2018-8427 Microsoft Graphics Components Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8432 Microsoft Graphics Components Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8448 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8453 Win32k Elevation of Privilege Vulnerability
ASPY 5284 : Malformed-File exe.MP.39
CVE-2018-8460 Internet Explorer Memory Corruption Vulnerability
IPS 13639 : Internet Explorer Memory Corruption Vulnerability (OCT 18) 1
CVE-2018-8472 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8473 Microsoft Edge Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8480 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8481 Windows Media Player Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8482 Windows Media Player Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8484 DirectX Graphics Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8486 DirectX Information Disclosure Vulnerability
IPS 5285 : Malformed-File exe.MP.40
CVE-2018-8488 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8489 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8490 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8491 Internet Explorer Memory Corruption Vulnerability
IPS 13640 : Internet Explorer Memory Corruption Vulnerability (OCT 18) 2
CVE-2018-8492 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8493 Windows TCP/IP Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8494 MS XML Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8495 Windows Shell Remote Code Execution Vulnerability
IPS 13637 : Windows Shell Remote Code Execution Vulnerability (OCT 18) 1
CVE-2018-8497 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8498 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8500 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8501 Microsoft PowerPoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8502 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8503 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8504 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8505 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13636 : Chakra Scripting Engine Memory Corruption Vulnerability (OCT 18) 1
CVE-2018-8506 Microsoft Windows Codecs Library Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8509 Microsoft Edge Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8510 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8511 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8512 Microsoft Edge Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8513 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8518 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8527 SQL Server Management Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8530 Microsoft Edge Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8531 Azure IoT Device Client SDK Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8532 SQL Server Management Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8533 SQL Server Management Studio Information Disclosure Vulnerability
There are no known exploits in the wild.

Microsoft Security Bulletins Coverage (April 12, 2011)

/in /by

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of April, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-018 Cumulative Security Update for Internet Explorer (2497640)

  • CVE-2011-0094 – Layouts Handling Memory Corruption Vulnerability
    IPS 6432 MS IE Memory Corruption Vulnerability
  • CVE-2011-0346 – MSHTML Memory Corruption Vulnerability
    There is no feasable method of detection.
  • CVE-2011-1245 – Javascript Information Disclosure Vulnerability
    IPS 6435 MS IE Javascript Information Disclosure Vulnerability
  • CVE-2011-1345 – Object Management Memory Corruption Vulnerability
    IPS 6427 MS IE Double Release Object Vulnerability
    IPS 6428 MS IE Double Release Object Vulnerability 2
    GAV IExploit.A6428

MS11-019 Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)

  • CVE-2011-0654 – Browser Pool Corruption Vulnerability
    IPS 6248 Generic Netbios Shellcode Exploit
  • CVE-2011-0660 – SMB Client Response Parsing Vulnerability
    IPS 6436 SMB Client Response Parsing Vulnerability Exploit

MS11-020 Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)

  • CVE-2011-0661 – SMB Transaction Parsing Vulnerability
    There is no feasable method of detection.

MS11-021 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)

  • CVE-2011-0097 – Excel Integer Overrun Vulnerability
    GAV MS.Xsl.E
  • CVE-2011-0098 – Excel Heap Overflow Vulnerability
    GAV MS.Xsl.E_2
  • CVE-2011-0101 – Excel Record Parsing WriteAV Vulnerability
    GAV MS.Xsl.E_3
  • CVE-2011-0103 – Excel Memory Corruption Vulnerability
    GAV MS.Xsl.E_5
  • CVE-2011-0104 – Excel Buffer Overwrite Vulnerability
    GAV Hlink.BO.A
    GAV Hlink.BO.B
  • CVE-2011-0105 – Excel Data Initialization Vulnerability
    GAV MS.Xsl.E_6
  • CVE-2011-0978 – Excel Array Indexing Vulnerability
    GAV MS.Xsl.E_7
  • CVE-2011-0979 – Excel Linked List Corruption Vulnerability
    GAV MS.Xsl.E_8
  • CVE-2011-0980 – Excel Dangling Pointer Vulnerability
    GAV MS.Xsl.E_4

MS11-022 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)

  • CVE-2011-0685 – Floating Point Techno-color Time Bandit RCE Vulnerability
    GAV MS.Ppt.E
  • CVE-2011-0656 – Persist Directory RCE Vulnerability
    GAV MS.Ppt.E_2
  • CVE-2011-0976 – OfficeArt Atom RCE Vulnerability
    GAV MS.Ppt.E_3

MS11-023 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)

  • CVE-2011-0107 – Office Component Insecure Library Loading Vulnerability
    IPS 5726 Possible Binary Planting Attempt
  • CVE-2011-0977 – Microsoft Office Graphic Object Dereferencing Vulnerability
    GAV MS.Xsl.E_9

MS11-024 Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)

  • CVE-2010-3974 – Fax Cover Page Editor Memory Corruption Vulnerability
    GAV MS.cov.E

MS11-025 Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)

  • CVE-2010-3190 – MFC Insecure Library Loading Vulnerability
    IPS 5726 Possible Binary Planting Attempt

MS11-026 Vulnerability in MHTML Could Allow Information Disclosure (2503658)

  • CVE-2011-0096 – MHTML Mime-Formatted Request Vulnerability
    IPS 6205 MHTML Protocol Handler XSS Attack Attempt 4

MS11-027 Cumulative Security Update of ActiveX Kill Bits (2508272)

  • CVE-2010-0811 – Microsoft Internet Explorer 8 Developer Tools Vulnerability
    IPS 6437 MS Windows IE8 Developer Tools ActiveX Invocation Attempt
  • CVE-2010-3973 – Microsoft WMITools ActiveX Control Vulnerability
    IPS 6434 MS Windows WMITools ActiveX Control Invocation Attempt
  • CVE-2011-1243 – Microsoft Windows Messenger ActiveX Control Vulnerability
    IPS 6433 MS Windows Live Messenger ActiveX invocation attempt

MS11-028 Vulnera
bility in .NET Framework Could Allow Remote Code Execution (2484015)

  • CVE-2010-3958 – NET Framework Stack Corruption Vulnerability
    This is a local vulnerability.

MS11-029 Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)

  • CVE-2011-0041 – GDI+ Integer Overflow Vulnerability
    GAV ms11-029.ms

MS11-030 Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)

  • CVE-2011-0657 – DNS Query Vulnerability
    There is no feasable method of detection.

MS11-031 Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)

  • CVE-2011-0663 – Scripting Memory Reallocation Vulnerability
    There is no feasable method of detection.

MS11-032 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)

  • CVE-2011-0034 – OpenType Font Stack Overflow Vulnerability
    IPS 6438 MS OpenType Font Stack Overflow Exploit

MS11-033 Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)

  • CVE-2011-0028 – WordPad Converter Parsing Vulnerability
    GAV ms11-033.ms.ttextflow
    GAV ms11-033.ms.tsplit

MS11-034 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)

  • CVE-2011-0662 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0665 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0666 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0667 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0670 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0671 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0672 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0673 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0674 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0675 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0676 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-0677 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1225 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1226 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1227 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1228 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1229 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1230 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1231 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1232 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1233 – Win32k Null Pointer De-reference Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1234 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1235 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1236 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1237 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1238 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1239 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1240 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1241 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability
  • CVE-2011-1242 – Win32k Use After Free Vulnerability
    Local authenticated vulnerability