Symantec product detections for Microsoft monthly Security Bulletins - November 2017

book

Article ID: 170466

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.
Note: These have been referred to previously as Security Advisories. The language has been updated to Security Bulletins to maintain cadence with Microsoft's terminology
Note: The fields for KB and Bulletin are no longer populated or used by Microsoft, and they no longer appear here as of April 2017 

Resolution

 

ID and Rating

CAN/CVE ID: ADV170019

BID: N/A

Microsoft Rating: Critical

Vulnerability Type

November 2017 Flash Security Updates

Vulnerability Affects

See Adobe.com for details

Details

See Adobe.com for details

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11836

BID: 101727

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11837

BID: 101722

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Internet Explorer 11 Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Web Attack: CVE-2017-11837 Remote Memory Corruption Vulnerability

Other Detections

AV: Exp.CVE-2017-11837

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11838

BID: 101737

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft Internet Explorer 11 Microsoft ChakraCore

Details

 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11839

BID: 101735

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11840

BID: 101734

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11841

BID: 101733

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2017-11841

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11843

BID: 101740

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft Internet Explorer 11 Microsoft ChakraCore Microsoft Internet Explorer 9 Microsoft Internet Explorer 10

Details

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Web Attack: CVE-2017-11843 Remote Memory Corruption Vulnerability

Other Detections

AV: Exp.CVE-2017-11843

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11845

BID: 101708

Microsoft Rating: Critical

Vulnerability Type

Microsoft Edge Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Under review

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11846

BID: 101741

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft Internet Explorer 11 Microsoft ChakraCore Microsoft Internet Explorer 9 Microsoft Internet Explorer 10

Details

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Web Attack: CVE-2017-11846 Remote Memory Corruption Vulnerability

Other Detections

AV: Exp.CVE-2017-11846

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11855

BID: 101751

Microsoft Rating: Critical

Vulnerability Type

Internet Explorer Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 Microsoft Internet Explorer 9

Details

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Web Attack: CVE-2017-11855 Remote Memory Corruption Vulnerability

Other Detections

AV: Exp.CVE-2017-11855

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11856

BID: 101753

Microsoft Rating: Critical

Vulnerability Type

Internet Explorer Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Internet Explorer 11

Details

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2017-11856

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11858

BID: 101716

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft Internet Explorer 11 Microsoft ChakraCore Microsoft Internet Explorer 9 Microsoft Internet Explorer 10

Details

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Exp.CVE-2017-11858

Other Detections

AV: Under review

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11859

BID: 101720

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11861

BID: 101723

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2017-11861

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11862

BID: 101724

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11866

BID: 101732

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11869

BID: 101742

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10

Details

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2017-11869

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11870

BID: 101731

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11871

BID: 101730

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11873

BID: 101728

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2017-11873

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11768

BID: 101705

Microsoft Rating: Important

Vulnerability Type

Windows Media Player Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows Server 2012 R2 Microsoft Windows RT 8.1 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems

Details

An information vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to test for the presence of files on disk.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11770

BID: 101710

Microsoft Rating: Important

Vulnerability Type

Asp.NET CORE Denial Of Service Vulnerability
Denial of Service

Vulnerability Affects

Microsoft ASP.NET Core 1.0 Microsoft ASP.NET Core 1.1 Microsoft ASP.NET Core 2.0

Details

A denial of service vulnerability exists when . NET Core improperly handles web requests.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11788

BID: 101711

Microsoft Rating: Important

Vulnerability Type

Windows Search Denial of Service Vulnerability
Denial of Service

Vulnerability Affects

Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows Server 2012 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems

Details

A denial of service vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11791

BID: 101715

Microsoft Rating: Important

Vulnerability Type

Scripting Engine Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Edge Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft ChakraCore

Details

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2017-11791

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11803

BID: 101704

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Edge

Details

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11827

BID: 101703

Microsoft Rating: Important

Vulnerability Type

Microsoft Browser Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Internet Explorer 11 Microsoft Edge Microsoft Internet Explorer 10

Details

 A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11830

BID: 101714

Microsoft Rating: Important

Vulnerability Type

Device Guard Security Feature Bypass Vulnerability
Security Feature Bypass

Vulnerability Affects

Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows Server Version 1709

Details

A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11831

BID: 101721

Microsoft Rating: Important

Vulnerability Type

Windows Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows Server 2012 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems

Details

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11832

BID: 101726

Microsoft Rating: Important

Vulnerability Type

Windows EOT Font Engine Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2

Details

An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11833

BID: 101706

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Edge

Details

An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests. An attacker who successfully exploited this vulnerability could determine the origin of all webpages in the affected browser.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11834

BID: 101725

Microsoft Rating: Important

Vulnerability Type

Scripting Engine Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Internet Explorer 9 Microsoft Internet Explorer 11 Microsoft Internet Explorer 10

Details

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11835

BID: 101736

Microsoft Rating: Important

Vulnerability Type

Windows EOT Font Engine Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2

Details

An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11842

BID: 101719

Microsoft Rating: Important

Vulnerability Type

Windows Kernel Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows 10 version 1703 for x64-based Systems

Details

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11844

BID: 101707

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Edge

Details

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11847

BID: 101729

Microsoft Rating: Important

Vulnerability Type

Windows Kernel Elevation of Privilege Vulnerability
Elevation of Privilege

Vulnerability Affects

Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows Server 2012 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2

Details

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11849

BID: 101762

Microsoft Rating: Important

Vulnerability Type

Windows Kernel Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows 10 version 1703 for x64-based Systems

Details

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11850

BID: 101738

Microsoft Rating: Important

Vulnerability Type

Microsoft Graphics Component Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems

Details

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11851

BID: 101763

Microsoft Rating: Important

Vulnerability Type

Windows Kernel Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows 10 version 1703 for x64-based Systems

Details

A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11852

BID: 101739

Microsoft Rating: Important

Vulnerability Type

Windows GDI Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2

Details

A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11853

BID: 101764

Microsoft Rating: Important

Vulnerability Type

Windows Kernel Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows 10 version 1703 for x64-based Systems

Details

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11854

BID: 101746

Microsoft Rating: Important

Vulnerability Type

Microsoft Word Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2007 SP3 Microsoft Office 2010 (32-bit edition) SP2 Microsoft Office 2010 (64-bit edition) SP2 Microsoft Office Compatibility Pack Service Pack 3

Details

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Web Attack: CVE-2017-11854 Memory Corruption Vulnerability

Other Detections

AV: Exp.CVE-2017-11854

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11863

BID: 101748

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Security Feature Bypass Vulnerability
Security Feature Bypass

Vulnerability Affects

Microsoft Edge

Details

A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11872

BID: 101749

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Security Feature Bypass Vulnerability
Security Feature Bypass

Vulnerability Affects

Microsoft Edge

Details

A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests. The vulnerability allows Microsoft Edge to bypass Cross-Origin Resource Sharing (CORS) redirect restrictions, and to follow redirect requests that should otherwise be ignored.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11874

BID: 101750

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Security Feature Bypass Vulnerability
Security Feature Bypass

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

Details

A security feature bypass vulnerability exists in Microsoft Edge as a result of how memory is accessed in code compiled by the Edge Just-In-Time (JIT) compiler that allows Control Flow Guard (CFG) to be bypassed. By itself, this CFG bypass vulnerability does not allow arbitrary code execution.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11877

BID: 101747

Microsoft Rating: Important

Vulnerability Type

Microsoft Excel Security Feature Bypass Vulnerability
Security Feature Bypass

Vulnerability Affects

Microsoft Excel 2007 SP3 Microsoft Excel Viewer 2007 Service Pack 3 Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016 (32-bit editions) Microsoft Excel 2016 (64-bit editions

Details

A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document. The security feature bypass by itself does not allow arbitrary code execution.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11878

BID: 101756

Microsoft Rating: Important

Vulnerability Type

Microsoft Excel Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Office Compatibility Pack SP3 Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 (64-bit editions) Microsoft Excel 2013 (32-bit editions) Microsoft Excel 2010 SP2 (64-bit editions) Microsoft Excel 2010 SP2 (32-bit editions) Microsoft Office 2010 (64-bit edition) SP2 Microsoft Office 2010 (32-bit edition) SP2 Microsoft Excel 2007 SP3 Microsoft Excel Viewer 2007 Service Pack 3 Microsoft Excel 2016 (32-bit editions) Microsoft Excel 2016 (64-bit editions)

Details

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2017-11878

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11879

BID: 101713

Microsoft Rating: Important

Vulnerability Type

ASP.NET Core Elevation Of Privilege Vulnerability
Elevation of Privilege

Vulnerability Affects

Microsoft ASP.NET Core 2.0

Details

An open redirect vulnerability exists in ASP. NET Core that could lead to Elevation of privilege.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11880

BID: 101755

Microsoft Rating: Important

Vulnerability Type

Windows Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows Server 2012 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1

Details

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11882

BID: 101757

Microsoft Rating: Important

Vulnerability Type

Microsoft Office Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Office 2007 SP3 Microsoft Office 2010 (32-bit edition) SP2 Microsoft Office 2010 (64-bit edition) SP2 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition)

Details

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Web Attack: Microsoft Office CVE-2017-11882 2

Other Detections

AV: Exp.CVE-2017-11882

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11884

BID: 101766

Microsoft Rating: Important

Vulnerability Type

Microsoft Office Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Office 2007 SP3 Microsoft Office 2010 (32-bit edition) SP2 Microsoft Office 2010 (64-bit edition) SP2 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition)

Details

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-11848

BID: 101709

Microsoft Rating: Moderate

Vulnerability Type

Internet Explorer Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9

Details

An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which could allow an attacker to detect the navigation of the user leaving a maliciously crafted page. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a specially crafted website.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: CVE-2017-11876

BID: 101754

Microsoft Rating: Moderate

Vulnerability Type

Microsoft Project Server Elevation of Privilege Vulnerability
Elevation of Privilege

Vulnerability Affects

Microsoft Project Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016

Details

An elevation of privilege vulnerability exists in Microsoft Project when Microsoft Project Server does not properly manage user sessions. For this Cross-site Request Forgery(CSRF/XSRF) vulnerability to be exploited, the victim must be authenticated to (logged on) the target site.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: [SCSPBP1] Generic Windows Interactive Protection

 

ID and Rating

CAN/CVE ID: CVE-2017-8700

BID: 101712

Microsoft Rating: Moderate

Vulnerability Type

ASP.NET Core Information Disclosure Vulnerability
Information Disclosure

Vulnerability Affects

Microsoft ASP.NET Core 1.0 Microsoft ASP.NET Core 1.1

Details

An Information Disclosure vulnerability exists in ASP. net Core that allows bypassing Cross-origin Resource Sharing (CORS) configurations.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A

 

ID and Rating

CAN/CVE ID: ADV170020

BID: N/A

Microsoft Rating: None

Vulnerability Type

Microsoft Office Defense in Depth Update

Vulnerability Affects

Microsoft Office

Details

Defense in Depth Update

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

Data Center Security: N/A