Posts

Microsoft Security Bulletin Coverage for February 2018

SonicWall has analyzed and addressed Microsoft’s security advisories for the month of Feburary 2018. A list of issues reported, along with SonicWall coverage information are as follows:

Microsoft Coverages

  • CVE-2018-0742 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0755 Windows EOT Font Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0756 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0757 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0760 Windows EOT Font Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0761 Windows EOT Font Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0763 Microsoft Edge Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0771 Microsoft Edge Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0809 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0810 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0820 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0821 Windows AppContainer Elevation Of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0822 Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0823 Named Pipe File System Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0825 StructuredQuery Remote Code Execution Vulnerability
    IPS:4780 Windows Shell Shortcut File Execution 1

  • CVE-2018-0826 Windows Storage Services Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0827 Windows Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0828 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0829 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0830 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0831 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0832 Windows Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0833 Windows Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0834 Scripting Engine Memory Corruption Vulnerability
    IPS:13206 Scripting Engine Memory Corruption Vulnerability (FEB 18) 6

  • CVE-2018-0835 Scripting Engine Memory Corruption Vulnerability
    IPS:13207 Scripting Engine Memory Corruption Vulnerability (FEB 18) 7

  • CVE-2018-0836 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0837 Scripting Engine Memory Corruption Vulnerability
    IPS:13202 Scripting Engine Memory Corruption Vulnerability (FEB 18) 2

  • CVE-2018-0838 Scripting Engine Memory Corruption Vulnerability
    IPS:13203 Scripting Engine Memory Corruption Vulnerability (FEB 18) 3

  • CVE-2018-0839 Microsoft Edge Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0840 Scripting Engine Memory Corruption Vulnerability
    IPS:13204 Scripting Engine Memory Corruption Vulnerability (FEB 18) 4

  • CVE-2018-0841 Microsoft Office Remote Code Execution Vulnerability
    SPY:1327 Malformed-File xls.MP.57

  • CVE-2018-0842 Windows Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0843 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0844 Windows Common Log File System Driver Elevation Of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0846 Windows Common Log File System Driver Elevation Of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0847 Internet Explorer Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0850 Microsoft Outlook Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0851 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0852 Microsoft Outlook Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0853 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0855 Windows EOT Font Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0856 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0857 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0858 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0859 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0860 Scripting Engine Memory Corruption Vulnerability
    IPS:13201 Scripting Engine Memory Corruption Vulnerability (FEB 18) 1

  • CVE-2018-0861 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0864 Microsoft SharePoint Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0869 Microsoft SharePoint Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0866 Scripting Engine Memory Corruption Vulnerability
    IPS:13205 Scripting Engine Memory Corruption Vulnerability (FEB 18) 5

Adobe Coverages

APSB18-02 Security updates for Adobe Adobe Ac
robat and Reader:

  • CVE-2018-4871
    Spy:5055 Malformed-File atf.MP.2
  • CVE-2018-4872
    Spy:5099 Malformed-File pdf.MP.302
  • CVE-2018-4879
    Spy:5032 Malformed-File emf.MP.51
  • CVE-2018-4881
    Spy:1389 Malformed-File bmp.MP.1
  • CVE-2018-4882
    Spy:1427 Malformed-File pdf.MP.296
  • CVE-2018-4883
    Spy:1172 Malformed-File emf.MP.23
  • CVE-2018-4884
    Spy:1440 Malformed-File bmp.MP.2
  • CVE-2018-4884
    Spy:1442 Malformed-File emf.MP.54
  • CVE-2018-4885
    Spy:1444 Malformed-File emf.MP.55
  • CVE-2018-4886
    Spy:1444 Malformed-File emf.MP.55
  • CVE-2018-4887
    Spy:1177 Malformed-File emf.MP.26
  • CVE-2018-4888
    Spy:1467 Malformed-File pdf.MP.297
  • CVE-2018-4889
    Spy:1135 Malformed-File pdf.MP.240
  • CVE-2018-4889
    Spy:5078 Malformed-File xps.MP.2
  • CVE-2018-4890
    Spy:5079 Malformed-File jpg.MP.15
  • CVE-2018-4891
    Spy:1260 Malformed-File jpg.MP.3
  • CVE-2018-4892
    Spy:5081 Malformed-File pdf.MP.298
  • CVE-2018-4893
    Spy:5082 Malformed-File ttf.MP.17
  • CVE-2018-4894
    Spy:5083 Malformed-File ttf.MP.18
  • CVE-2018-4895
    Spy:5084 Malformed-File emf.MP.58
  • CVE-2018-4896
    Spy:5032 Malformed-File emf.MP.51
  • CVE-2018-4897
    Spy:5086 Malformed-File tiff.MP.2
  • CVE-2018-4898
    Spy:1612 Malformed-File tiff.MP.1
  • CVE-2018-4899
    Spy:5088 Malformed-File xps.MP.4
  • CVE-2018-4900
    Spy:5089 Malformed-File pdf.MP.299
  • CVE-2018-4901
    Spy:5090 Malformed-File pdf.MP.300
  • CVE-2018-4902
    Spy:5091 Malformed-File pdf.MP.301
  • CVE-2018-4903
    Spy:5092 Malformed-File tif.MP.17
  • CVE-2018-4904
    Spy:5093 Malformed-File tif.MP.18
  • CVE-2018-4905
    Spy:1267 Malformed-File tif.MP.3
  • CVE-2018-4906
    Spy:5003 Malformed-File tif.MP.13
  • CVE-2018-4907
    Spy:5096 Malformed-File tif.MP.20
  • CVE-2018-4908
    Spy:1612 Malformed-File tiff.MP.1
  • CVE-2018-4909
    Spy:5098 Malformed-File jpg.MP.16
  • CVE-2018-4910
    Spy:5099 Malformed-File pdf.MP.302
  • CVE-2018-4911
    Spy:5100 Malformed-File pdf.MP.303
  • CVE-2018-4912
    Spy:5101 Malformed-File jp2.MP.2
  • CVE-2018-4913
    Spy:5102 Malformed-File pdf.MP.304
  • CVE-2018-4914
    Spy:5103 Malformed-File tif.MP.21
  • CVE-2018-4915
    Spy:5099 Malformed-File pdf.MP.302
  • CVE-2018-4916
    Spy:5105 Malformed-File tif.MP.22

Microsoft Security Bulletin Coverage for January 2018

SonicWall has analyzed and addressed Microsoft’s security advisories for the month of January, 2018. A list of issues reported, along with SonicWall coverage information are as follows:

  • CVE-2018-0741 Microsoft Color Management Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0743 Windows Subsystem for Linux Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0744 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0745 Windows Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0746 Windows Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0747 Windows Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0748 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0749 SMB Server Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0750 Windows GDI Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0751 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0752 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0753 Windows IPSec Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0754 OpenType Font Driver Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0758 Scripting Engine Memory Corruption Vulnerability
    IPS:13155 Scripting Engine Memory Corruption Vulnerability (JAN 18) 1

  • CVE-2018-0762 Scripting Engine Memory Corruption Vulnerability
    IPS:13156 Scripting Engine Memory Corruption Vulnerability (JAN 18) 2

  • CVE-2018-0764 .NET and .NET Core Denial Of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0766 Microsoft Edge Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0767 Scripting Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0768 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0769 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0770 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0772 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0773 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0774 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0775 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0776 Scripting Engine Memory Corruption Vulnerability
    IPS:13157 Scripting Engine Memory Corruption Vulnerability (JAN 18) 3

  • CVE-2018-0777 Scripting Engine Memory Corruption Vulnerability
    IPS:13158 Scripting Engine Memory Corruption Vulnerability (JAN 18) 4

  • CVE-2018-0778 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0780 Scripting Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0781 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0784 ASP.NET Core Elevation Of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0785 ASP.NET Core Cross Site Request Forgery Vulnerabilty
    There are no known exploits in the wild.
  • CVE-2018-0786 .NET Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0787 ASP.NET Core Elevation Of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0788 OpenType Font Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0789 Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0790 Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0791 Microsoft Outlook Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0792 Microsoft Word Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0793 Microsoft Outlook Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0794 Microsoft Word Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0795 Microsoft Office Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0796 Microsoft Excel Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0797 Microsoft Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0798 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0799 Microsoft Access Tampering Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0800 Scripting Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0801 Microsoft Office Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0802 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0803 Microsoft Edge Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0804 Microsoft Word Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0805 Microsoft Word Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0806 Microsoft Word Remote Code Execution Vulnerability
    There are no known expl
    oits in the wild.
  • CVE-2018-0807 Microsoft Word Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0808 ASP.NET Core Denial Of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0812 Microsoft Word Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0818 Scripting Engine Security Feature Bypass
    There are no known exploits in the wild.
  • CVE-2018-0819 Spoofing Vulnerability in Microsoft Office for MAC
    There are no known exploits in the wild.

Adobe vulnerabilities:

APSB18-01 Security updates for Adobe Flash Player:

  • CVE-2018-4871 Adobe Flash Player Information Disclosure Vulnerability
    SPY:5055 Malformed-File atf.MP.2