ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Symantec product detections for Microsoft monthly Security Bulletins - July 2018

book

Article ID: 172049

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.
Note: These have been referred to previously as Security Advisories. The language has been updated to Security Bulletins to maintain cadence with Microsoft's terminology
Note: The fields for KB and Bulletin are no longer populated or used by Microsoft, and they no longer appear here as of April 2017 

Resolution

 

ID and Rating

CAN/CVE ID: ADV180017

BID: N/A

Microsoft Rating: Critical

Vulnerability Type

July 2018 Adobe Flash Security Update

Vulnerability Affects

See Adobe.com for details

Details

See Adobe.com for details

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under Review

 

ID and Rating

CAN/CVE ID: CVE-2018-8242

BID: 104620

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 Microsoft Internet Explorer 11

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Intrusion Protection System (IPS) Response

Sig ID: Web Attack: MS IE CVE-2018-8242

Other Detections

AV: Exp.CVE-2018-8242

 

ID and Rating

CAN/CVE ID: CVE-2018-8262

BID: 104630

Microsoft Rating: Critical

Vulnerability Type

Microsoft Edge Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2018-8262

 

ID and Rating

CAN/CVE ID: CVE-2018-8274

BID: 104653

Microsoft Rating: Critical

Vulnerability Type

Microsoft Edge Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2018-8274

 

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8275

BID: 104632

Microsoft Rating: Critical

Vulnerability Type

Microsoft Edge Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Web Attack: MSEDGE CVE-2018-8275

Other Detections

AV: Exp.CVE-2018-8275

 

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8279

BID: 104641

Microsoft Rating: Critical

Vulnerability Type

Microsoft Edge Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Web Attack: MSEDGE CVE-2018-8279

Other Detections

AV: Exp.CVE-2018-8279

 

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8280

BID: 104642

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8283

BID: 104633

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2018-8283

 

ID and Rating

CAN/CVE ID: CVE-2018-8286

BID: 104643

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8288

BID: 104636

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Internet Explorer 11 Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Exp.CVE-2018-8288

 

ID and Rating

CAN/CVE ID: CVE-2018-8290

BID: 104644

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8291

BID: 104637

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Internet Explorer 11 Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2018-8291

 

ID and Rating

CAN/CVE ID: CVE-2018-8294

BID: 104646

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8296

BID: 104638

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Internet Explorer 11

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Intrusion Protection System (IPS) Response

Sig ID: Web Attack: MSEDGE CVE-2018-8296

Other Detections

AV: Exp.CVE-2018-8296

 

ID and Rating

CAN/CVE ID: CVE-2018-8298

BID: 104639

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8301

BID: 104654

Microsoft Rating: Critical

Vulnerability Type

Microsoft Edge Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8324

BID: 104650

Microsoft Rating: Critical

Vulnerability Type

Microsoft Edge Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Edge

Details

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2018-8324

 

ID and Rating

CAN/CVE ID: CVE-2018-8327

BID: 104649

Microsoft Rating: Critical

Vulnerability Type

PowerShell Editor Services Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft PowerShell Editor Services Microsoft PowerShell Extension for Visual Studio Code

Details

A remote code execution vulnerability exists in PowerShell Editor Services. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system. In an attack scenario, an attacker could execute malicious code in a PowerShell Editor Services process.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-0949

BID: 104622

Microsoft Rating: Important

Vulnerability Type

Internet Explorer Security Feature Bypass Vulnerability

Vulnerability Affects

Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 Microsoft Internet Explorer 9

Details

A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources. An attacker who successfully exploited the vulnerability could force the browser to load data that would otherwise be restricted. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8125

BID: 104623

Microsoft Rating: Important

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV:  Exp.CVE-2018-8125

 

ID and Rating

CAN/CVE ID: CVE-2018-8171

BID: 104659

Microsoft Rating: Important

Vulnerability Type

ASP.NET Core Security Feature Bypass Vulnerability

Vulnerability Affects

Microsoft ASP.NET Core 1.0 Microsoft ASP.NET Core 1.1 Microsoft ASP.NET Core 2.0 Microsoft ASP.NET MVC 5.2 Microsoft ASP.NET Web Pages 3.2.3

Details

A Security Feature Bypass vulnerability exists in ASP.NET Core when the number of incorrect login attempts is not validated. An attacker who successfully exploited this vulnerability could try an infinite number of authentication attempts.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8172

BID: 104616

Microsoft Rating: Important

Vulnerability Type

Visual Studio Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Visual Studio 2010 SP1 Microsoft Visual Studio 2012 Update 5 Microsoft Visual Studio 2013 Update 5 Microsoft Visual Studio 2015 Update 3 Microsoft Visual Studio 2017 Microsoft Visual Studio 2017 15.7.5 Microsoft Visual Studio 2017 15.8 Preview

Details

A remote code execution vulnerability exists in Visual Studio software when the software fails to check the source markup of a file for an unbuilt project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Visual Studio. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted project, or resource file, to the user and convince the user to open the file.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8202

BID: 104665

Microsoft Rating: Important

Vulnerability Type

.NET Framework Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft .NET Framework 2.0 SP2 Microsoft .NET Framework 3.0 SP2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.6.1

Details

A Elevation of Privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8206

BID: 104629

Microsoft Rating: Important

Vulnerability Type

Windows FTP Server Denial of Service Vulnerability

Vulnerability Affects

Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 1709 Microsoft Windows Server 1803

Details

A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit the vulnerability, an unauthenticated attacker could send specially crafted packets to a Windows computer with the FTP Server role enabled that is accepting connections on TCP port 21. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8222

BID: 104635

Microsoft Rating: Important

Vulnerability Type

Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 1709 Microsoft Windows Server 1803

Details

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then inject malicious code into a script that is trusted by the Code Integrity policy. The injected code would then run with the same trust level as the script and bypass the Code Integrity policy.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8238

BID: 104619

Microsoft Rating: Important

Vulnerability Type

Skype for Business and Lync Security Feature Bypass Vulnerability

Vulnerability Affects

Microsoft Skype for Business 2016 (32-bit) Microsoft Skype for Business 2016 (64-bit) Microsoft Lync 2013 (64-bit) SP1 Microsoft Lync 2013 (32-bit) SP1

Details

A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages. An attacker who successfully exploited the vulnerability could execute arbitrary commands in the context of the logged-in user. The security feature bypass by itself does not allow arbitrary code execution. Instead, an attacker would have to convince users to click a link to a file. In a file-sharing attack scenario, an attacker could provide a specially-crafted file designed to exploit the vulnerability, and then convince a user to click the link to the file.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8260

BID: 104666

Microsoft Rating: Important

Vulnerability Type

.NET Framework Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2

Details

A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8276

BID: 104626

Microsoft Rating: Important

Vulnerability Type

Scripting Engine Security Feature Bypass Vulnerability

Vulnerability Affects

Microsoft ChakraCore Microsoft Edge

Details

A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed. By itself, the CFG bypass vulnerability does not allow arbitrary code execution. However, an attacker could use the CFG bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code on a target system. To exploit the CFG bypass vulnerability, a user must be logged on to the Microsoft Chakra scripting engine and running it. The user would then need to browse to a malicious website.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8278

BID: 104627

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Spoofing Vulnerability

Vulnerability Affects

Microsoft Edge

Details

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to click a link to a malicious site. In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8281

BID: 104609

Microsoft Rating: Important

Vulnerability Type

Microsoft Office Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Excel Viewer Microsoft Office 2016 Click-to-Run (C2R) for 32-bit edition Microsoft Office 2016 Click-to-Run (C2R) for 64-bit edition Microsoft Office 2016 for Mac Microsoft Office Compatibility Pack SP3 Microsoft Office Word Viewer Microsoft PowerPoint Viewer

Details

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8282

BID: 104668

Microsoft Rating: Important

Vulnerability Type

Win32k Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows Server 2012 Microsoft Windows RT 8.1 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows Server 1709 Microsoft Windows Server 1803

Details

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8284

BID: 104667

Microsoft Rating: Important

Vulnerability Type

.NET Framework Remote Code Injection Vulnerability

Vulnerability Affects

Microsoft .NET Framework 2.0 SP2 Microsoft .NET Framework 3.0 SP2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2

Details

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would need to pass specific input to an application utilizing susceptible .Net methods.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8287

BID: 104634

Microsoft Rating: Important

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability

Vulnerability Affects

Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8289

BID: 104628

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Information Disclosure Vulnerability

Vulnerability Affects

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.

Details

Microsoft Edge

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2018-8289

 

ID and Rating

CAN/CVE ID: CVE-2018-8297

BID: 104647

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Edge

Details

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2018-8297

 

ID and Rating

CAN/CVE ID: CVE-2018-8299

BID: 104610

Microsoft Rating: Important

Vulnerability Type

Microsoft SharePoint Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft SharePoint Foundation 2013 SP1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 Service Pack 1

Details

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8300

BID: 104614

Microsoft Rating: Important

Vulnerability Type

Microsoft SharePoint Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 SP1

Details

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected versions of SharePoint.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8304

BID: 104617

Microsoft Rating: Important

Vulnerability Type

Windows DNSAPI Denial of Service Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2

Details

A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could cause a system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. To exploit the vulnerability, the attacker would use a malicious DNS server to send corrupted DNS responses to the target.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8305

BID: 104618

Microsoft Rating: Important

Vulnerability Type

Windows Mail Client Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2

Details

An information disclosure vulnerability exists in Windows Mail Client when a message is opened. This vulnerability could potentially result in the disclosure of sensitive information to a malicious site. To exploit the vulnerability, an attacker would have to send a malicious email to a user and convince the user to open the email. A connection to a remote server could then be automatically initiated, depending on the URL contained in the malicious email, Windows Mail Client could fall back to initiating a web request to a remote server, disclosing the external IP of the user's system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8306

BID: 104621

Microsoft Rating: Important

Vulnerability Type

Microsoft Wireless Display Adapter Command Injection Vulnerability

Vulnerability Affects

A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input. For this vulnerability to be exploited, the attacker must be authenticated (logged on) to the target display. To exploit the vulnerability, an attacker who is connected to the MWDA could send administrative commands to the MWDA, including commands with illegal characters which could cause the MWDA to stop functioning correctly.

Details

Microsoft Wireless Display Adapter 2.0.8350 Microsoft Wireless Display Adapter 2.0.8365 Microsoft Wireless Display Adapter 2.0.8372

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8307

BID: 104631

Microsoft Rating: Important

Vulnerability Type

WordPad Security Feature Bypass Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016

Details

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects. An attacker who successfully exploited the vulnerability could bypass content blocking. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince a user to open the document file.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8308

BID: 104669

Microsoft Rating: Important

Vulnerability Type

Windows Kernel Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows Server 2012 Microsoft Windows RT 8.1 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows Server 1709 Microsoft Windows Server 1803

Details

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8309

BID: 104648

Microsoft Rating: Important

Vulnerability Type

Windows Denial of Service Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016

Details

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8311

BID: 104624

Microsoft Rating: Important

Vulnerability Type

Remote Code Execution Vulnerability in Skype For Business and Lync

Vulnerability Affects

Microsoft Lync 2013 (32-bit) SP1 Microsoft Lync 2013 (64-bit) SP1 Microsoft Skype for Business 2016 (32-bit) Microsoft Skype for Business 2016 (64-bit)

Details

A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8312

BID: 104645

Microsoft Rating: Important

Vulnerability Type

Microsoft Access Remote Code Execution Use After Free Vulnerability

Vulnerability Affects

Microsoft Access 2013 Service Pack 1 (32-bit editions) Microsoft Access 2013 Service Pack 1 (64-bit editions) Microsoft Access 2016 (32-bit edition) Microsoft Access 2016 (64-bit edition) Microsoft Office 2016 Click-to-Run (C2R) for 32-bit edition Microsoft Office 2016 Click-to-Run (C2R) for 64-bit edition

Details

A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince a user to open the document file.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8313

BID: 104670

Microsoft Rating: Important

Vulnerability Type

Windows Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows Server 2012 Microsoft Windows RT 8.1 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows Server 1709 Microsoft Windows Server 1803

Details

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8314

BID: 104652

Microsoft Rating: Important

Vulnerability Type

Windows Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2

Details

An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution. However, the vulnerability could allow arbitrary code to run if an attacker uses it in combination with another vulnerability, such as a remote code execution vulnerability or another elevation of privilege vulnerability, that can leverage the elevated privileges when code execution is attempted.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8319

BID: 104655

Microsoft Rating: Important

Vulnerability Type

MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability

Vulnerability Affects

Microsoft MSR JavaScript Cryptography Library

Details

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations. An attacker could craft a signature, without the need of the corresponding key, and mimic the entity associated with the public/private key pair.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8323

BID: 104611

Microsoft Rating: Important

Vulnerability Type

Microsoft SharePoint Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 Service Pack 1

Details

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8325

BID: 104651

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Edge

Details

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8326

BID: 104656

Microsoft Rating: Important

Vulnerability Type

Open Source Customization for Active Directory Federation Services XSS Vulnerability

Vulnerability Affects

Microsoft Web Customization for ADFS

Spoofing

Details

A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected AD FS server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run scripts in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the AD FS site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8356

BID: 104664

Microsoft Rating: Important

Vulnerability Type

.NET Framework Security Feature Bypass Vulnerability

Vulnerability Affects

Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.0 SP2 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2

Details

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates. An attacker could present expired certificates when challenged.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8310

BID: 104615

Microsoft Rating: Low

Vulnerability Type

Microsoft Office Tampering Vulnerability

Vulnerability Affects

Microsoft Office 2016 Click-to-Run (C2R) for 32-bit edition Microsoft Office 2016 Click-to-Run (C2R) for 64-bit edition Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Office 2010 (32-bit edition) SP2 Microsoft Office 2010 (64-bit edition) SP2

Details

A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails. An attacker could exploit the vulnerability by sending a specially crafted email and attachment to a victim, or by hosting a malicious .eml file on a web server. The attacker who successfully exploited the vulnerability could then embed untrusted TrueType fonts in the body of an email. This behavior could be combined with other exploits to further compromise a user's system.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8232

BID: 104640

Microsoft Rating: Moderate

Vulnerability Type

Microsoft Macro Assembler Tampering Vulnerability

Vulnerability Affects

Microsoft Visual Studio 2017 Microsoft Visual Studio 2017 15.7.5 Microsoft Visual Studio 2017 15.8 Preview

Details

A remote code execution vulnerability exists in Visual Studio software when the software fails to check the source markup of a file for an unbuilt project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Visual Studio. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted project, or resource file, to the user and convince the user to open the file.

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A