ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Symantec product detections for Microsoft monthly Security Bulletins - August 2018

book

Article ID: 172265

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.
Note: These have been referred to previously as Security Advisories. The language has been updated to Security Bulletins to maintain cadence with Microsoft's terminology
Note: The fields for KB and Bulletin are no longer populated or used by Microsoft, and they no longer appear here as of April 2017 

Resolution

 

ID and Rating

CAN/CVE ID: ADV180020

BID:  N/A

Microsoft Rating: Critical

Vulnerability Type

August 2018 Adobe Flash Security Update

Vulnerability Affects

See Adobe.com for details

Details

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180020

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8266

BID: 104977

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8273

BID: 104967

Microsoft Rating: Critical

Vulnerability Type

Microsoft SQL Server Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 Microsoft SQL Server 2017 for x64-based Systems

Details

A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could execute code in the context of the SQL Server Database Engine service account.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8302

BID: 104973

Microsoft Rating: Critical

Vulnerability Type

Microsoft Exchange Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Exchange Server 2010 SP3 Update Rollup 23 Microsoft Exchange Server 2013 Cumulative Update 20 Microsoft Exchange Server 2013 Cumulative Update 21 Microsoft Exchange Server 2016 Cumulative Update 10 Microsoft Exchange Server 2016 Cumulative Update 9

 

Details

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8338

BID: TBD

Microsoft Rating: Critical

Vulnerability Type

Windows DHCP Server Remote Code Execution Vulnerability

Vulnerability Affects

TBD

Details

TBD

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8344

BID: 104983

Microsoft Rating: Critical

Vulnerability Type

Microsoft Graphics Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016

 

Details

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8345

BID: 105027

Microsoft Rating: Critical

Vulnerability Type

LNK Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows Server 2012 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows Server 1803 Microsoft Windows Server 1709

 

Details

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a '.LNK' file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8350

BID: 104985

Microsoft Rating: Critical

Vulnerability Type

Windows PDF Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8355

BID: 104978

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

 

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Analysis

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8359

BID: 104990

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft ChakraCore

 

Details

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8371

BID: 105035

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 Microsoft Internet Explorer 9

 

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8372

BID: 105038

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 Microsoft ChakraCore

 

Details

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: Under Analysis

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8373

BID: 105037

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 Microsoft Internet Explorer 9

 

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2018-8373 

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8377

BID: 105020

Microsoft Rating: Critical

Vulnerability Type

Microsoft Edge Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

 

Details

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8380

BID: 104979

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

 

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8381

BID: 104980

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

 

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8384

BID: 104981

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft ChakraCore

 

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8385

BID: 105039

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 Microsoft ChakraCore

 

Details

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8387

BID: 105021

Microsoft Rating: Critical

Vulnerability Type

Microsoft Edge Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge

Details

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8390

BID: 105041

Microsoft Rating: Critical

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge Microsoft ChakraCore

 

Details

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8397

BID: 104994

Microsoft Rating: Critical

Vulnerability Type

GDI+ Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1

 

Details

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8403

BID: 105033

Microsoft Rating: Critical

Vulnerability Type

Microsoft Browser Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Edge Microsoft Internet Explorer 11 Microsoft Internet Explorer 10

 

Details

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: ADV180018

BID: 105080

Microsoft Rating: Important

Vulnerability Type

Guidance to mitigate L1TF variant
Information Disclosure

Vulnerability Affects

Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for 64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 1709 Windows Server 1803 Intel Software Guard Extensions (SGX) Intel Operating System (OS) Intel System Management Mode (SMM) Intel Virtual Machine Manager (VMM) Intel Core i3 processor Intel Core i5 processor Intel Core i7 processor Intel Core M processor family Intel 2nd generation Core processors Intel 3rd generation Core processors Intel 4th generation Core processors Intel 5th generation Core processors Intel 6th generation Core processors Intel 7th generation Core processors Intel 8th generation Core processors Intel Core X-series Processor Family for Intel X99 platforms Intel Core X-series Processor Family for Intel X299 platforms Intel Xeon processor 3400 series Intel Xeon processor 3600 series Intel Xeon processor 5500 series Intel Xeon processor 5600 series Intel Xeon processor 6500 series Intel Xeon processor 7500 series Intel Xeon Processor E3 Family Intel Xeon Processor E3 v2 Family Intel Xeon Processor E3 v3 Family Intel Xeon Processor E3 v4 Family Intel Xeon Processor E3 v5 Family Intel Xeon Processor E3 v6 Family Intel Xeon Processor E5 Family Intel Xeon Processor E5 v2 Family Intel Xeon Processor E5 v3 Family Intel Xeon Processor E5 v4 Family Intel Xeon Processor E7 Family Intel Xeon Processor E7 v2 Family Intel Xeon Processor E7 v3 Family Intel Xeon Processor E7 v4 Family Intel Xeon Processor Scalable Family Intel Xeon Processor D-1500 Intel Xeon Processor D-2100
 
 

Details

Speculative execution side-channel vulnerabilities such as L1 Terminal Fault (L1TF) can be used to read the content of memory across a trusted boundary and if exploited, can lead to information disclosure.
 
 

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: ADV180022

BID:  N/A

Microsoft Rating: Important

Vulnerability Type

Windows Denial of Service Vulnerability

Vulnerability Affects

Microsoft Windows

Details

See https://portal.msrc.microsoft.com/en-us/security-guidance

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 


 

ID and Rating

CAN/CVE ID: CVE-2018-0952

BID: 105048

Microsoft Rating: Important

Vulnerability Type

DiagN/Astic Hub Standard Collector Elevation Of Privilege Vulnerability

Vulnerability Affects

Microsoft Visual Studio 2017 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A privilege escalation vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8200

BID: 105007

Microsoft Rating: Important

Vulnerability Type

Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8204

BID: 105008

Microsoft Rating: Important

Vulnerability Type

Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8253

BID: 105009

Microsoft Rating: Important

Vulnerability Type

Cortana Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows Server 2016

 

Details

A privilege escalation vulnerability exists when Cortana allows arbitrary website browsing on the lockscreen. An attacker who successfully exploited the vulnerability could steal browser stored passwords or log on to websites as another user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8316

BID: 105013

Microsoft Rating: Important

Vulnerability Type

Internet Explorer Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9

 

Details

A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8339

BID: 105030

Microsoft Rating: Important

Vulnerability Type

Windows Installer Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows Server 2016 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows RT 8.1 Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A privilege escalation vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8340

BID: 105029

Microsoft Rating: Important

Vulnerability Type

AD FS Security Feature Bypass Vulnerability

Vulnerability Affects

Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A security bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests. To exploit this vulnerability, an attacker could send a specially crafted authentication request.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8341

BID: 104987

Microsoft Rating: Important

Vulnerability Type

Windows Kernel Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016

 

Details

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8342

BID: 104975

Microsoft Rating: Important

Vulnerability Type

Windows NDIS Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1

 

Details

A privilege escalation vulnerability exists in the Network Driver Interface Specification (NDIS) when 'ndis.sys' fails to check the length of a buffer prior to copying memory to it.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8343

BID: 104982

Microsoft Rating: Important

Vulnerability Type

Windows NDIS Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016

 

Details

A privilege escalation vulnerability exists in the Network Driver Interface Specification (NDIS) when 'ndis.sys' fails to check the length of a buffer prior to copying memory to it.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8346

BID: 105028

Microsoft Rating: Important

Vulnerability Type

LNK Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1

 

Details

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a '.LNK' file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8347

BID: 104988

Microsoft Rating: Important

Vulnerability Type

Windows Kernel Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows Server 2016

 

Details

A privilege escalation vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links. An attacker who successfully exploited this vulnerability could potentially access privileged registry keys and thereby elevate permissions.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8348

BID: 104992

Microsoft Rating: Important

Vulnerability Type

Windows Kernel Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016

 

Details

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8349

BID: 104984

Microsoft Rating: Important

Vulnerability Type

Microsoft COM for Windows Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8351

BID: 105015

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11

 

Details

An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type. An attacker could use the vulnerability to read the URL of a cross-origin request. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8353

BID: 105034

Microsoft Rating: Important

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability

Vulnerability Affects

Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 Microsoft Internet Explorer 9

 

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8357

BID: 105022

Microsoft Rating: Important

Vulnerability Type

Microsoft Browser Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Edge Microsoft Internet Explorer 11

 

Details

A privilege escalation vulnerability exists in Microsoft browsers allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8358

BID: 105017

Microsoft Rating: Important

Vulnerability Type

Microsoft Browser Security Feature Bypass Vulnerability

Vulnerability Affects

Microsoft Edge

 

Details

A security bypass vulnerability exists when Microsoft browsers improperly handle redirect requests. The vulnerability allows Microsoft browsers to bypass CORS redirect restrictions, and to follow redirect requests that should otherwise be ignored. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8360

BID: 104986

Microsoft Rating: Important

Vulnerability Type

.NET Framework Information Disclosure Vulnerability

Vulnerability Affects

Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7.2

 

Details

An information disclosure vulnerability exists in Microsoft . NET Framework that could allow an attacker to access information in multi-tenant environments.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8370

BID: 105019

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Edge

 

Details

A information disclosure vulnerability exists when WebAudio Library improperly handles audio requests. An attacker who has successfully exploited this vulnerability might be able to read privileged data across trust boundaries. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8375

BID: 104989

Microsoft Rating: Important

Vulnerability Type

Microsoft Excel Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Office 2016 Click-to-Run (C2R) for 64-bit edition Microsoft Office 2016 Click-to-Run (C2R) for 32-bit edition Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2016 for Mac Microsoft Excel Viewer 2007 Service Pack 3 Microsoft Office Compatibility Pack Service Pack 3

 

Details

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8376

BID: 104991

Microsoft Rating: Important

Vulnerability Type

Microsoft PowerPoint Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions) Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions)

 

Details

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8378

BID: 104996

Microsoft Rating: Important

Vulnerability Type

Microsoft Office Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Excel Viewer 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 Click-to-Run (C2R) for 32-bit edition Microsoft Office 2016 Click-to-Run (C2R) for 64-bit edition Microsoft Office Compatibility Pack Service Pack 3 Microsoft Office Web Apps 2013 SP1 Microsoft Office Word Viewer Microsoft PowerPoint Viewer 2007 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2013 SP1

 

Details

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8379

BID: 104997

Microsoft Rating: Important

Vulnerability Type

Microsoft Excel Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Excel 2016 Click-to-Run (C2R) for 32-bit edition Microsoft Excel 2016 Click-to-Run (C2R) for 64-bit edition Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit editions) Microsoft Excel 2016 (64-bit editions)

 

Details

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8382

BID: 105000

Microsoft Rating: Important

Vulnerability Type

Microsoft Excel Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Excel 2016 Click-to-Run (C2R) for 32-bit edition Microsoft Excel 2016 Click-to-Run (C2R) for 64-bit edition Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit editions) Microsoft Excel 2016 (64-bit editions) Microsoft Excel 2016 for Mac Microsoft Excel Viewer 2007 Service Pack 3 Microsoft Office Compatibility Pack Service Pack 3

 

Details

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8383

BID: 105024

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Spoofing Vulnerability

Vulnerability Affects

Microsoft Edge

 

Details

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8389

BID: 105036

Microsoft Rating: Important

Vulnerability Type

Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 Microsoft Internet Explorer 9

 

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8394

BID: 105001

Microsoft Rating: Important

Vulnerability Type

Windows GDI Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016

 

Details

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8396

BID: 105002

Microsoft Rating: Important

Vulnerability Type

Windows GDI Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP

 

Details

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8398

BID: 104995

Microsoft Rating: Important

Vulnerability Type

Windows GDI Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016

 

Details

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8399

BID: 104998

Microsoft Rating: Important

Vulnerability Type

Win32k Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems

 

Details

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8400

BID: 105005

Microsoft Rating: Important

Vulnerability Type

DirectX Graphics Kernel Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems

 

Details

A privilege escalation vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8401

BID: 105006

Microsoft Rating: Important

Vulnerability Type

DirectX Graphics Kernel Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A privilege escalation vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8404

BID: 104999

Microsoft Rating: Important

Vulnerability Type

Win32k Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016

 

Details

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8405

BID: 105011

Microsoft Rating: Important

Vulnerability Type

DirectX Graphics Kernel Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016

 

Details

A privilege escalation vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8406

BID: 105012

Microsoft Rating: Important

Vulnerability Type

DirectX Graphics Kernel Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows Server 2016

 

Details

A privilege escalation vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8412

BID: 105014

Microsoft Rating: Important

Vulnerability Type

Microsoft (MAU) Office Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Office 2016 for Mac

 

Details

A privilege escalation vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them. An attacker who successfully exploited the vulnerability who already has the ability to execute code on a system could elevate privileges.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8414

BID: 105016

Microsoft Rating: Important

Vulnerability Type

Windows Shell Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems

 

Details

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: Web Attack: Microsoft Windows RCE CVE-2018-8414

Other Detections

AV: Exp.CVE-2018-8414

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8388

BID: 105025

Microsoft Rating: Low

Vulnerability Type

Microsoft Edge Spoofing Vulnerability

Vulnerability Affects

Microsoft Edge

 

Details

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8374

BID: 104993

Microsoft Rating: Moderate

Vulnerability Type

Microsoft Exchange Server Tampering Vulnerability

Vulnerability Affects

Microsoft Exchange Server 2016 Cumulative Update 10 Microsoft Exchange Server 2016 Cumulative Update 9

 

Details

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: ADV180021

BID: N/A

Microsoft Rating: None

Vulnerability Type

Microsoft Office Defense in Depth Update

Vulnerability Affects

Office Update

Details


Microsoft Office Defense in Depth Update

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A