Posts

Microsoft Security Bulletin Coverage for October 2017

SonicWall has analyzed and addressed Microsoft’s security advisories for the month of October, 2017. A list of issues reported, along with SonicWall coverage information are as follows:

  • ADV170012 Vulnerability in TPM could allow Security Feature Bypass
    There are no known exploits in the wild.
  • ADV170014 Windows NTLM authentication changes
    There are no known exploits in the wild.
  • ADV170016 Windows Server 2008 Defense in Depth
    There are no known exploits in the wild.
  • ADV170017 Office Defense in Depth Update
    There are no known exploits in the wild.
  • CVE-2017-11762 Microsoft Graphics Remote Code Execution Vulnerability
    SPY:1586 Malformed-File ppt.MP.7

 

  • CVE-2017-11763 Microsoft Graphics Remote Code Execution Vulnerability
    SPY:1587 Malformed-File eot.MP.1

 

  • CVE-2017-11765 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11769 TRIE Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11771 Windows Search Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11772 Microsoft Search Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11774 Microsoft Outlook Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11775 Microsoft Office SharePoint XSS Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11776 Microsoft Outlook Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11777 Microsoft Office SharePoint XSS Vulnerability
    gav:15457 CVE-2017-11777.A

 

  • CVE-2017-11779 Windows DNSAPI Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11780 Windows SMB Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11781 Windows SMB Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11782 Windows SMB Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11783 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11784 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11785 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11786 Skype for Business Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11790 Internet Explorer Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11792 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11793 Scripting Engine Memory Corruption Vulnerability
    IPS:13011 Scripting Engine Memory Corruption Vulnerability (OCT 17) 1

 

  • CVE-2017-11794 Microsoft Edge Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11796 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11797 Scripting Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11798 Scripting Engine Memory Corruption Vulnerability
    IPS:13012 Scripting Engine Memory Corruption Vulnerability (OCT 17) 2

 

  • CVE-2017-11799 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11800 Scripting Engine Memory Corruption Vulnerability
    IPS:13013 Scripting Engine Memory Corruption Vulnerability (OCT 17) 3

 

  • CVE-2017-11801 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11802 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11804 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11805 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11806 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11807 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11808 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11809 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11810 Scripting Engine Memory Corruption Vulnerability
    IPS:13014 Scripting Engine Memory Corruption Vulnerability (OCT 17) 4

 

  • CVE-2017-11811 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11812 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11813 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11814 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11815 Windows SMB Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11816 Windows GDI Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11817 Windows Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11818 Windows Storage Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11819 Windows Shell Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11820 Microsoft Office SharePoint XSS Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11821 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11822 Internet Explorer Memory Corruption Vulnerability
    IPS:13015 Internet Explorer Memory Corruption Vulnerability (OCT 17)

 

  • CVE-2017-11823 Microsoft Windows Security Feature Bypass
    There are no known exploits in the wild.
  • CVE-2017-11824 Windows Graphics Component Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-11825 Microsoft Office Remote Code Execution Vulnerability
    There are no known exploits in the wild.
    • CVE-2017-11826 Microsoft Office Memory Corruption Vulnerability
      gav:15415 CVE-2017-11826.A

spy:1589 Malformed-File docx.MP.12

 

  • CVE-2017-11829 Windows Update Delivery Optimization Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8689 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8693 Microsoft Graphics Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8694 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8703 Windows Subsystem for Linux Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8715 Windows Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8717 Microsoft JET Database Engine Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8718 Microsoft JET Database Engine Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8726 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2017-8727 Windows Shell Memory Corruption Vulnerability
    IPS:13016 Windows Shell Memory Corruption Vulnerability (OCT 17) 1