Posts

Microsoft Security Bulletin Coverage for July 2017

/in /by

SonicWall has analyzed and addressed Microsoft’s security advisories for the month of July, 2017. A list of issues reported, along with SonicWall coverage information are as follows:

Microsoft Coverage

  • CVE-2017-0170 Windows Performance Monitor Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-0243 Microsoft Office Remote Code Execution Vulnerability
    spy:1522 Malformed-File doc.MP.45

  • CVE-2017-8463 Windows Explorer Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8467 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8486 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8495 Kerberos SNAME Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8501 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8502 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8556 Microsoft Graphics Component Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8557 Windows System Information Console Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8559 Microsoft Exchange Cross-Site Scripting Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8560 Microsoft Exchange Cross-Site Scripting Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8561 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8562 Windows ALPC Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8563 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8564 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8565 Windows PowerShell Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8566 Windows IME Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8569 SharePoint Server XSS Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8570 Office Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8571 Office Outlook Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8572 Office Outlook Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8573 Microsoft Graphics Component Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8574 Microsoft Graphics Component Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8577 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8578 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8580 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8581 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8582 Asp.Net Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8584 Hololens Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8585 .NET Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8587 Windows Explorer Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8588 WordPad Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8589 Windows Search Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8590 Windows CLFS Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8592 Microsoft Browser Security Feature Bypass
    ips:12885 Microsoft Browser Security Feature Bypass (JUL 17)

  • CVE-2017-8594 Internet Explorer Memory Corruption Vulnerability
    ips:12886 Internet Explorer Memory Corruption Vulnerability (JUL 17)

  • CVE-2017-8595 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8596 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8598 Scripting Engine Memory Corruption Vulnerability
    ips:12887 Scripting Engine Memory Corruption Vulnerability (JUL 17) 1

  • CVE-2017-8599 Microsoft Edge Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8601 Scripting Engine Memory Corruption Vulnerability
    ips:12888 Scripting Engine Memory Corruption Vulnerability (JUL 17) 2

  • CVE-2017-8602 Microsoft Browser Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8603 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8604 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8605 Scripting Engine Memory Corruption Vulnerability
    ips:12889 Scripting Engine Memory Corruption Vulnerability (JUL 17) 3

  • CVE-2017-8606 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8607 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8608 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8609 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8610 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8611 Microsoft Edge Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8617 Microsoft Edge Remote Code Execution Vulnerability
    ips:12890 Microsoft Edge Remote Code Execut
    ion Vulnerability (JUL 17) 1

  • CVE-2017-8618 Internet Explorer Remote Code Execution Vulnerability
    ips:12892 Internet Explorer Remote Code Execution Vulnerability (JUL 17) 1

  • CVE-2017-8619 Microsoft Edge Remote Code Execution Vulnerability
    ips:12891 Microsoft Edge Remote Code Execution Vulnerability (JUL 17) 2

  • CVE-2017-8621 Microsoft Exchange Open Redirect Vulnerability
    There are no known exploits in the wild.

Adobe Coverage

APSB17-21 Security updates for Adobe Flash Player:

  • CVE-2017-3080 
    spy:1526 Malformed-File dll.MP.1

  • CVE-2017-3099 
    spy:1527 Malformed-File swf.MP.570

  • CVE-2017-3100 
    spy:1528 Malformed-File swf.MP.571

Microsoft Security Bulletin Coverage for July 2017

/in /by

SonicWall has analyzed and addressed Microsoft’s security advisories for the month of July, 2017. A list of issues reported, along with SonicWall coverage information are as follows:

Microsoft Coverage

  • CVE-2017-0170 Windows Performance Monitor Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-0243 Microsoft Office Remote Code Execution Vulnerability
    spy:1522 Malformed-File doc.MP.45

  • CVE-2017-8463 Windows Explorer Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8467 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8486 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8495 Kerberos SNAME Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8501 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8502 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8556 Microsoft Graphics Component Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8557 Windows System Information Console Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8559 Microsoft Exchange Cross-Site Scripting Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8560 Microsoft Exchange Cross-Site Scripting Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8561 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8562 Windows ALPC Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8563 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8564 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8565 Windows PowerShell Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8566 Windows IME Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8569 SharePoint Server XSS Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8570 Office Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8571 Office Outlook Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8572 Office Outlook Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8573 Microsoft Graphics Component Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8574 Microsoft Graphics Component Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8577 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8578 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8580 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8581 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8582 Asp.Net Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8584 Hololens Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8585 .NET Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8587 Windows Explorer Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8588 WordPad Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8589 Windows Search Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8590 Windows CLFS Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8592 Microsoft Browser Security Feature Bypass
    ips:12885 Microsoft Browser Security Feature Bypass (JUL 17)

  • CVE-2017-8594 Internet Explorer Memory Corruption Vulnerability
    ips:12886 Internet Explorer Memory Corruption Vulnerability (JUL 17)

  • CVE-2017-8595 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8596 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8598 Scripting Engine Memory Corruption Vulnerability
    ips:12887 Scripting Engine Memory Corruption Vulnerability (JUL 17) 1

  • CVE-2017-8599 Microsoft Edge Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8601 Scripting Engine Memory Corruption Vulnerability
    ips:12888 Scripting Engine Memory Corruption Vulnerability (JUL 17) 2

  • CVE-2017-8602 Microsoft Browser Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8603 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8604 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8605 Scripting Engine Memory Corruption Vulnerability
    ips:12889 Scripting Engine Memory Corruption Vulnerability (JUL 17) 3

  • CVE-2017-8606 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8607 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8608 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8609 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8610 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8611 Microsoft Edge Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8617 Microsoft Edge Remote Code Execution Vulnerability
    ips:12890 Microsoft Edge Remote Code Execut
    ion Vulnerability (JUL 17) 1

  • CVE-2017-8618 Internet Explorer Remote Code Execution Vulnerability
    ips:12892 Internet Explorer Remote Code Execution Vulnerability (JUL 17) 1

  • CVE-2017-8619 Microsoft Edge Remote Code Execution Vulnerability
    ips:12891 Microsoft Edge Remote Code Execution Vulnerability (JUL 17) 2

  • CVE-2017-8621 Microsoft Exchange Open Redirect Vulnerability
    There are no known exploits in the wild.

Adobe Coverage

APSB17-21 Security updates for Adobe Flash Player:

  • CVE-2017-3080 
    spy:1526 Malformed-File dll.MP.1

  • CVE-2017-3099 
    spy:1527 Malformed-File swf.MP.570

  • CVE-2017-3100 
    spy:1528 Malformed-File swf.MP.571

Microsoft Security Bulletin Coverage for May 2017

/in /by

SonicWall has analyzed and addressed Microsoft’s security advisories for the month of May, 2017. A list of issues reported, along with SonicWall coverage information are as follows:

Microsoft Coverage

  • CVE-2017-0064 Internet Explorer Security Feature Bypass Vulnerability
    IPS:12779 Internet Explorer Security Feature Bypass Vulnerability (May 17)

  • CCVE-2017-0077 Win32k Information Disclosure Vulnerability
    SPY:1462 Malformed-File exe.MP.32

  • CVE-2017-0171 Windows DNS Server Denial of Service Vulnerability
    IPS:12777 Windows DNS Server Denial of Service Vulnerability (May 17)

  • CVE-2017-0175 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0190 Windows GDI Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0212 Windows Hyper-V vSMB Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0213 Windows COM Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0214 Windows COM Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0220 Windows COM Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0221 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0222 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0224 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0226 Microsoft Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0227 Microsoft Edge Memory Corruption Vulnerability
    IPS:12778 Microsoft Edge Memory Corruption Vulnerability (MAY 17) 1

  • CVE-2017-0228 Scripting Engine Memory Corruption Vulnerability
    IPS:12780 Scripting Engine Memory Corruption Vulnerability (MAY 17) 1

  • CVE-2017-0229 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0230 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0231 Microsoft Browser Spoofing Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0233 Microsoft Edge Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0234 Scripting Engine Memory Corruption Vulnerability
    IPS:12782 Scripting Engine Memory Corruption Vulnerability (MAY 17) 2

  • CVE-2017-0235 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0236 Scripting Engine Memory Corruption Vulnerability
    IPS:12783 Scripting Engine Memory Corruption Vulnerability (MAY 17) 3

  • CVE-2017-0238 Scripting Engine Memory Corruption Vulnerability
    IPS:12784 Scripting Engine Memory Corruption Vulnerability (MAY 17) 4

  • CVE-2017-0240 Microsoft Edge Memory Corruption Vulnerability
    IPS:12785 Microsoft Edge Memory Corruption Vulnerability (MAY 17) 2

  • CVE-2017-0241 Microsoft Edge Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0242 Microsoft ActiveX Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0243 Office Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0244 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0245 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0246 Win32k Elevation of Privilege Vulnerability
    SPY:1466 Malformed-File exe.MP.33

  • CVE-2017-0248 .Net Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0254 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0255 Microsoft SharePoint XSS Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0258 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0259 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0261 Microsoft Office Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0262 Microsoft Office Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0263 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0264 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0265 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0266 Microsoft Edge Remote Code Execution Vulnerability
    IPS:12781 Microsoft Edge Remote Code Execution Vulnerability (May 17) 1

  • CVE-2017-0267 Windows SMB Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0268 Windows SMB Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0269 Windows SMB Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0270 Windows SMB Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0271 Windows SMB Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0272 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0273 Windows SMB Denial of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0274 Windows SMB Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0275 Windows SMB Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0276 Windows SMB Information Disclosure Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0277 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0278 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0279 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0280 Windows SMB Deni
    al of Service Vulnerability
    There are no known exploits in the wild.

  • CVE-2017-0281 Microsoft Office Remote Code Execution Vulnerability
    There are no known exploits in the wild.

Adobe Coverage

APSB17-15 Security updates for Adobe Flash Player:

  • CVE-2017-3071 Adobe Flash Player Use After Free Vulnerability
    Spy:1471 Malformed-File swf.MP.558

  • CVE-2017-3068 Adobe Flash Player Memory Corruption Vulnerability
    Spy:1475 Malformed-File flv.MP.1

  • CVE-2017-3069 Adobe Flash Player Memory Corruption Vulnerability
    Spy:1469 Malformed-File swf.MP.556

  • CVE-2017-3070 Adobe Flash Player Memory Corruption Vulnerability
    Spy:1470 Malformed-File swf.MP.557

  • CVE-2017-3072 Adobe Flash Player Memory Corruption Vulnerability
    Spy:1472 Malformed-File swf.MP.559

  • CVE-2017-3073 Adobe Flash Player Memory Corruption Vulnerability
    Spy:1473 Malformed-File swf.MP.560

  • CVE-2017-3074 Adobe Flash Player Memory Corruption Vulnerability
    Spy:1474 Malformed-File swf.MP.561