Symantec product detections for Microsoft monthly Security Bulletins - July 2018
Article ID: 172049
Updated On:
Products
Issue/Introduction
This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.
Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.
Note: These have been referred to previously as Security Advisories. The language has been updated to Security Bulletins to maintain cadence with Microsoft's terminology
Note: The fields for KB and Bulletin are no longer populated or used by Microsoft, and they no longer appear here as of April 2017
Resolution
|
ID and Rating |
CAN/CVE ID: ADV180017 BID: N/A Microsoft Rating: Critical |
|
Vulnerability Type |
July 2018 Adobe Flash Security Update |
|
Vulnerability Affects |
See Adobe.com for details |
|
Details |
See Adobe.com for details |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: Under Review |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8242 BID: 104620 Microsoft Rating: Critical |
|
Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 Microsoft Internet Explorer 11 |
|
Details |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Web Attack: MS IE CVE-2018-8242 |
|
Other Detections |
AV: Exp.CVE-2018-8242 |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8262 BID: 104630 Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft Edge Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Edge |
|
Details |
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. |
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: Exp.CVE-2018-8262 |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8274 BID: 104653 Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft Edge Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Edge |
|
Details |
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. |
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: Exp.CVE-2018-8274 |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8275 BID: 104632 Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft Edge Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore |
|
Details |
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Web Attack: MSEDGE CVE-2018-8275 |
|
Other Detections |
AV: Exp.CVE-2018-8275 |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8279 BID: 104641 Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft Edge Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore |
|
Details |
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Web Attack: MSEDGE CVE-2018-8279 |
|
Other Detections |
AV: Exp.CVE-2018-8279 |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8280 BID: 104642 Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore |
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8283 BID: 104633 Microsoft Rating: Critical |
|
Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft ChakraCore |
|
Details |
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: Exp.CVE-2018-8283 |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8286 BID: 104643 Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft ChakraCore |
|
Details |
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8288 BID: 104636 Microsoft Rating: Critical |
|
Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11 Microsoft Edge Microsoft ChakraCore |
|
Details |
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: Exp.CVE-2018-8288 |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8290 BID: 104644 Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore |
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8291 BID: 104637 Microsoft Rating: Critical |
|
Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11 Microsoft Edge Microsoft ChakraCore |
|
Details |
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. |
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: Exp.CVE-2018-8291 |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8294 BID: 104646 Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore |
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8296 BID: 104638 Microsoft Rating: Critical |
|
Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11 |
|
Details |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Web Attack: MSEDGE CVE-2018-8296 |
|
Other Detections |
AV: Exp.CVE-2018-8296 |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8298 BID: 104639 Microsoft Rating: Critical |
|
Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft ChakraCore |
|
Details |
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8301 BID: 104654 Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft Edge Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Edge |
|
Details |
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8324 BID: 104650 Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft Edge Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Edge |
|
Details |
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. |
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: Exp.CVE-2018-8324 |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8327 BID: 104649 Microsoft Rating: Critical |
|
Vulnerability Type |
PowerShell Editor Services Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft PowerShell Editor Services Microsoft PowerShell Extension for Visual Studio Code |
|
Details |
A remote code execution vulnerability exists in PowerShell Editor Services. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system. In an attack scenario, an attacker could execute malicious code in a PowerShell Editor Services process. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-0949 BID: 104622 Microsoft Rating: Important |
|
Vulnerability Type |
Internet Explorer Security Feature Bypass Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 |
|
Details |
A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources. An attacker who successfully exploited the vulnerability could force the browser to load data that would otherwise be restricted. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8125 BID: 104623 Microsoft Rating: Important |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Edge |
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. |
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: Exp.CVE-2018-8125 |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8171 BID: 104659 Microsoft Rating: Important |
|
Vulnerability Type |
ASP.NET Core Security Feature Bypass Vulnerability |
|
Vulnerability Affects |
Microsoft ASP.NET Core 1.0 Microsoft ASP.NET Core 1.1 Microsoft ASP.NET Core 2.0 Microsoft ASP.NET MVC 5.2 Microsoft ASP.NET Web Pages 3.2.3 |
|
Details |
A Security Feature Bypass vulnerability exists in ASP.NET Core when the number of incorrect login attempts is not validated. An attacker who successfully exploited this vulnerability could try an infinite number of authentication attempts. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8172 BID: 104616 Microsoft Rating: Important |
|
Vulnerability Type |
Visual Studio Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Visual Studio 2010 SP1 Microsoft Visual Studio 2012 Update 5 Microsoft Visual Studio 2013 Update 5 Microsoft Visual Studio 2015 Update 3 Microsoft Visual Studio 2017 Microsoft Visual Studio 2017 15.7.5 Microsoft Visual Studio 2017 15.8 Preview |
|
Details |
A remote code execution vulnerability exists in Visual Studio software when the software fails to check the source markup of a file for an unbuilt project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Visual Studio. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted project, or resource file, to the user and convince the user to open the file. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8202 BID: 104665 Microsoft Rating: Important |
|
Vulnerability Type |
.NET Framework Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft .NET Framework 2.0 SP2 Microsoft .NET Framework 3.0 SP2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.6.1 |
|
Details |
A Elevation of Privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8206 BID: 104629 Microsoft Rating: Important |
|
Vulnerability Type |
Windows FTP Server Denial of Service Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 1709 Microsoft Windows Server 1803 |
|
Details |
A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit the vulnerability, an unauthenticated attacker could send specially crafted packets to a Windows computer with the FTP Server role enabled that is accepting connections on TCP port 21. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8222 BID: 104635 Microsoft Rating: Important |
|
Vulnerability Type |
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 1709 Microsoft Windows Server 1803 |
|
Details |
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then inject malicious code into a script that is trusted by the Code Integrity policy. The injected code would then run with the same trust level as the script and bypass the Code Integrity policy. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8238 BID: 104619 Microsoft Rating: Important |
|
Vulnerability Type |
Skype for Business and Lync Security Feature Bypass Vulnerability |
|
Vulnerability Affects |
Microsoft Skype for Business 2016 (32-bit) Microsoft Skype for Business 2016 (64-bit) Microsoft Lync 2013 (64-bit) SP1 Microsoft Lync 2013 (32-bit) SP1 |
|
Details |
A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages. An attacker who successfully exploited the vulnerability could execute arbitrary commands in the context of the logged-in user. The security feature bypass by itself does not allow arbitrary code execution. Instead, an attacker would have to convince users to click a link to a file. In a file-sharing attack scenario, an attacker could provide a specially-crafted file designed to exploit the vulnerability, and then convince a user to click the link to the file. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8260 BID: 104666 Microsoft Rating: Important |
|
Vulnerability Type |
.NET Framework Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 |
|
Details |
A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8276 BID: 104626 Microsoft Rating: Important |
|
Vulnerability Type |
Scripting Engine Security Feature Bypass Vulnerability |
|
Vulnerability Affects |
Microsoft ChakraCore Microsoft Edge |
|
Details |
A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed. By itself, the CFG bypass vulnerability does not allow arbitrary code execution. However, an attacker could use the CFG bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code on a target system. To exploit the CFG bypass vulnerability, a user must be logged on to the Microsoft Chakra scripting engine and running it. The user would then need to browse to a malicious website. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8278 BID: 104627 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Edge Spoofing Vulnerability |
|
Vulnerability Affects |
Microsoft Edge |
|
Details |
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to click a link to a malicious site. In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message. |
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8281 BID: 104609 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Office Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Excel Viewer Microsoft Office 2016 Click-to-Run (C2R) for 32-bit edition Microsoft Office 2016 Click-to-Run (C2R) for 64-bit edition Microsoft Office 2016 for Mac Microsoft Office Compatibility Pack SP3 Microsoft Office Word Viewer Microsoft PowerPoint Viewer |
|
Details |
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8282 BID: 104668 Microsoft Rating: Important |
|
Vulnerability Type |
Win32k Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows Server 2012 Microsoft Windows RT 8.1 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows Server 1709 Microsoft Windows Server 1803 |
|
Details |
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. |
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8284 BID: 104667 Microsoft Rating: Important |
|
Vulnerability Type |
.NET Framework Remote Code Injection Vulnerability |
|
Vulnerability Affects |
Microsoft .NET Framework 2.0 SP2 Microsoft .NET Framework 3.0 SP2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 |
|
Details |
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would need to pass specific input to an application utilizing susceptible .Net methods. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8287 BID: 104634 Microsoft Rating: Important |
|
Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 Microsoft Edge Microsoft ChakraCore |
|
Details |
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8289 BID: 104628 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Edge Information Disclosure Vulnerability |
|
Vulnerability Affects |
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. |
|
Details |
Microsoft Edge |
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: Exp.CVE-2018-8289 |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8297 BID: 104647 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Edge Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Edge |
|
Details |
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. |
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: Exp.CVE-2018-8297 |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8299 BID: 104610 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft SharePoint Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Foundation 2013 SP1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 |
|
Details |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8300 BID: 104614 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft SharePoint Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 SP1 |
|
Details |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected versions of SharePoint. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8304 BID: 104617 Microsoft Rating: Important |
|
Vulnerability Type |
Windows DNSAPI Denial of Service Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 |
|
Details |
A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could cause a system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. To exploit the vulnerability, the attacker would use a malicious DNS server to send corrupted DNS responses to the target. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8305 BID: 104618 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Mail Client Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 |
|
Details |
An information disclosure vulnerability exists in Windows Mail Client when a message is opened. This vulnerability could potentially result in the disclosure of sensitive information to a malicious site. To exploit the vulnerability, an attacker would have to send a malicious email to a user and convince the user to open the email. A connection to a remote server could then be automatically initiated, depending on the URL contained in the malicious email, Windows Mail Client could fall back to initiating a web request to a remote server, disclosing the external IP of the user's system. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8306 BID: 104621 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Wireless Display Adapter Command Injection Vulnerability |
|
Vulnerability Affects |
A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input. For this vulnerability to be exploited, the attacker must be authenticated (logged on) to the target display. To exploit the vulnerability, an attacker who is connected to the MWDA could send administrative commands to the MWDA, including commands with illegal characters which could cause the MWDA to stop functioning correctly. |
|
Details |
Microsoft Wireless Display Adapter 2.0.8350 Microsoft Wireless Display Adapter 2.0.8365 Microsoft Wireless Display Adapter 2.0.8372 |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8307 BID: 104631 Microsoft Rating: Important |
|
Vulnerability Type |
WordPad Security Feature Bypass Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 |
|
Details |
A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects. An attacker who successfully exploited the vulnerability could bypass content blocking. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince a user to open the document file. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8308 BID: 104669 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Kernel Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows Server 2012 Microsoft Windows RT 8.1 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows Server 1709 Microsoft Windows Server 1803 |
|
Details |
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8309 BID: 104648 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Denial of Service Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 |
|
Details |
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8311 BID: 104624 Microsoft Rating: Important |
|
Vulnerability Type |
Remote Code Execution Vulnerability in Skype For Business and Lync |
|
Vulnerability Affects |
Microsoft Lync 2013 (32-bit) SP1 Microsoft Lync 2013 (64-bit) SP1 Microsoft Skype for Business 2016 (32-bit) Microsoft Skype for Business 2016 (64-bit) |
|
Details |
A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8312 BID: 104645 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Access Remote Code Execution Use After Free Vulnerability |
|
Vulnerability Affects |
Microsoft Access 2013 Service Pack 1 (32-bit editions) Microsoft Access 2013 Service Pack 1 (64-bit editions) Microsoft Access 2016 (32-bit edition) Microsoft Access 2016 (64-bit edition) Microsoft Office 2016 Click-to-Run (C2R) for 32-bit edition Microsoft Office 2016 Click-to-Run (C2R) for 64-bit edition |
|
Details |
A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince a user to open the document file. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8313 BID: 104670 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows Server 2012 Microsoft Windows RT 8.1 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows Server 1709 Microsoft Windows Server 1803 |
|
Details |
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8314 BID: 104652 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 |
|
Details |
An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution. However, the vulnerability could allow arbitrary code to run if an attacker uses it in combination with another vulnerability, such as a remote code execution vulnerability or another elevation of privilege vulnerability, that can leverage the elevated privileges when code execution is attempted. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8319 BID: 104655 Microsoft Rating: Important |
|
Vulnerability Type |
MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability |
|
Vulnerability Affects |
Microsoft MSR JavaScript Cryptography Library |
|
Details |
A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations. An attacker could craft a signature, without the need of the corresponding key, and mimic the entity associated with the public/private key pair. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8323 BID: 104611 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft SharePoint Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 |
|
Details |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8325 BID: 104651 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Edge Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Edge |
|
Details |
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8326 BID: 104656 Microsoft Rating: Important |
|
Vulnerability Type |
Open Source Customization for Active Directory Federation Services XSS Vulnerability |
|
Vulnerability Affects |
Microsoft Web Customization for ADFS Spoofing |
|
Details |
A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected AD FS server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run scripts in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the AD FS site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8356 BID: 104664 Microsoft Rating: Important |
|
Vulnerability Type |
.NET Framework Security Feature Bypass Vulnerability |
|
Vulnerability Affects |
Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.0 SP2 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 |
|
Details |
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates. An attacker could present expired certificates when challenged. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8310 BID: 104615 Microsoft Rating: Low |
|
Vulnerability Type |
Microsoft Office Tampering Vulnerability |
|
Vulnerability Affects |
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit edition Microsoft Office 2016 Click-to-Run (C2R) for 64-bit edition Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Office 2010 (32-bit edition) SP2 Microsoft Office 2010 (64-bit edition) SP2 |
|
Details |
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails. An attacker could exploit the vulnerability by sending a specially crafted email and attachment to a victim, or by hosting a malicious .eml file on a web server. The attacker who successfully exploited the vulnerability could then embed untrusted TrueType fonts in the body of an email. This behavior could be combined with other exploits to further compromise a user's system. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8232 BID: 104640 Microsoft Rating: Moderate |
|
Vulnerability Type |
Microsoft Macro Assembler Tampering Vulnerability |
|
Vulnerability Affects |
Microsoft Visual Studio 2017 Microsoft Visual Studio 2017 15.7.5 Microsoft Visual Studio 2017 15.8 Preview |
|
Details |
A remote code execution vulnerability exists in Visual Studio software when the software fails to check the source markup of a file for an unbuilt project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Visual Studio. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted project, or resource file, to the user and convince the user to open the file. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
Feedback
