Symantec product detections for Microsoft monthly Security Bulletins - November 2018
Article ID: 173008
Updated On:
Products
Issue/Introduction
This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.
Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.
Note: These have been referred to previously as Security Advisories. The language has been updated to Security Bulletins to maintain cadence with Microsoft's terminology
Note: The fields for KB and Bulletin are no longer populated or used by Microsoft, and they no longer appear here as of April 2017
Resolution
|
ID and Rating |
CAN/CVE ID: ADV180025 BID: N/A Microsoft Rating: Critical |
|
Vulnerability Type |
November 2018 Adobe Flash Security Update |
|
Vulnerability Affects |
See Adobe.com |
|
Details |
See Adobe.com |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8476 BID: 105774 Microsoft Rating: Critical |
|
Vulnerability Type |
Windows Deployment Services TFTP Server Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 |
|
Details |
A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker can exploit this issue to execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions. |
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8541 BID: 105771 Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft ChakraCore Microsoft Edge |
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user. |
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8542 BID: 105772 Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft ChakraCore Microsoft Edge
|
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user. |
|
Intrusion Protection System (IPS) Response |
Sig ID: Web Attack: Microsoft Edge CVE-2018-8456 |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8543 BID: 105846 Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft ChakraCore Microsoft Edge
|
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user. |
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8544 BID: 105787 Microsoft Rating: Critical |
|
Vulnerability Type |
Windows VBScript Engine Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11
|
|
Details |
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Web Attack: Windows VBScript Engine RCE CVE-2018-8544 |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8551 BID: 105773 Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft ChakraCore Microsoft Edge
|
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8553 BID: 105777 Microsoft Rating: Critical |
|
Vulnerability Type |
Microsoft Graphics Components Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2016 Microsoft Windows Server 2012 R2
|
|
Details |
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker can exploit this issue to execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8555 BID: 105775 Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft ChakraCore Microsoft Edge
|
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Web Attack: MSEDGE CVE-2018-8296 |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8556 BID: 105779 Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft ChakraCore Microsoft Edge
|
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8557 BID: 105780 Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft ChakraCore Microsoft Edge
|
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Web Attack: Microsoft Edge CVE-2018-8456 |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8588 BID: 105782 Microsoft Rating: Critical |
|
Vulnerability Type |
Chakra Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft ChakraCore Microsoft Edge
|
|
Details |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Web Attack: Microsoft Edge CVE-2018-8456 |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: ADV180027 BID: Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Surface Devices Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
See Microsoft.com |
|
Details |
See Microsoft.com |
|
Intrusion Protection System (IPS) Response |
Sig ID: Advisory only |
|
Other Detections |
AV: Advisory only
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8256 BID: 105781 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft PowerShell Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft PowerShell Core 6.0.0 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files. An attacker can exploit this issue to execute malicious code on a vulnerable system. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8407 BID: 105794 Microsoft Rating: Important |
|
Vulnerability Type |
MSRPC Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019
|
|
Details |
An information disclosure vulnerability exists when 'Kernel Remote Procedure Call Provider' driver improperly initializes objects in memory. An attacker can exploit this issue by running a specially crafted application. Successful exploitation of this vulnerability would allow an attacker to obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8408 BID: 105789 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Kernel Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows Server 2019
|
|
Details |
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An authenticated attacker can exploit the issue to run a specially crafted application. Successful exploitation of the vulnerability could allow an attacker to obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8415 BID: 105792 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Powershell Tampering Vulnerability |
|
Vulnerability Affects |
Microsoft PowerShell Core 6.1.0 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code. To exploit this vulnerability, an attacker would need to log on to the affected system and run a specially crafted application.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8417 BID: 105795 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft JScript Security Feature Bypass Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
A security bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard. To exploit the vulnerability, an attacker would first have to access the local machine, and run a specially crafted application to create arbitrary COM objects.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8450 BID: 105797 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Search Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1709
|
|
Details |
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker can exploit this issue by sending specially crafted messages to the Windows Search service to take control of the affected system. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8454 BID: 105799 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Audio Service Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory. An attacker can exploit this issue by running a specially crafted application in user mode to potentially disclose memory contents of a elevated process.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8471 BID: 105800 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory. A locally authenticated attacker can exploit this issue by running a specially crafted application to execute code with elevated permissions.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8485 BID: 105770 Microsoft Rating: Important |
|
Vulnerability Type |
DirectX Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
|
|
Details |
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8522 BID: 105820 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Outlook Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8524 BID: 105823 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Outlook Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Outlook 2010 (32-bit editions) Service Pack 2 Microsoft Outlook 2010 (64-bit editions) Service Pack 2 Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Microsoft Outlook 2016 (32-bit editions) Microsoft Outlook 2016 (64-bit editions) Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems
|
|
Details |
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker can exploit this issue to use a specially crafted file to perform actions in the security context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8539 BID: 105835 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Word Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Office 2010 (32-bit edition) SP2 Microsoft Office 2010 (64-bit edition) SP2 Microsoft Office Web Apps 2010 SP2 Microsoft SharePoint Server 2010 SP2
|
|
Details |
A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory. An attacker can exploit the issue to run arbitrary code in the context of the current user. Successful exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Word software.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8545 BID: 105788 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Edge Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Edge
|
|
Details |
An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests. An attacker can exploit this issue to determine the origin of all webpages in the affected browser.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8547 BID: 105801 Microsoft Rating: Important |
|
Vulnerability Type |
Active Directory Federation Services XSS Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected AD FS server. Successful exploitation of this vulnerability would allow an attacker to then perform cross-site scripting attacks on affected systems and run scripts in the security context of the current user. This would allow an attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the AD FS site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8549 BID: 105803 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Security Feature Bypass Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
A security bypass exists when Windows incorrectly validates kernel driver signatures. An attacker can exploit this issue to bypass security features and load improperly signed drivers into the kernel.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8550 BID: 105805 Microsoft Rating: Important |
|
Vulnerability Type |
Windows COM Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker can exploit this issue by running a specially crafted application to run arbitrary code with elevated privileges.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8552 BID: 105786 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Scripting Engine Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10
|
|
Details |
An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory. An attacker can exploit this issue to further compromise the user’s computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object was created.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8554 BID: 105811 Microsoft Rating: Important |
|
Vulnerability Type |
DirectX Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1803
|
|
Details |
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8558 BID: 105826 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Outlook Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems
|
|
Details |
An information disclosure vulnerability exists when Microsoft Outlook fails to respect 'Default link type' settings configured through the SharePoint Online Admin Center. An attacker can exploit this issue to share anonymously-accessible links to other users via email where these links are intended to be accessed only by specific users.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8561 BID: 105813 Microsoft Rating: Important |
|
Vulnerability Type |
DirectX Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8562 BID: 105790 Microsoft Rating: Important |
|
Vulnerability Type |
Win32k Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems
|
|
Details |
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8563 BID: 105778 Microsoft Rating: Important |
|
Vulnerability Type |
DirectX Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2
|
|
Details |
An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An authenticated attacker can exploit this issue by running a specially crafted application to obtain information to further compromise the user's system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8564 BID: 105785 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Edge Spoofing Vulnerability |
|
Vulnerability Affects |
Microsoft Edge
|
|
Details |
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content. An attacker can exploit this issue to trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8565 BID: 105791 Microsoft Rating: Important |
|
Vulnerability Type |
Win32k Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Windows Server 2016 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows RT 8.1 Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows Server 1709
|
|
Details |
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker can exploit this issue to obtain information to further compromise the user's system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8566 BID: 105806 Microsoft Rating: Important |
|
Vulnerability Type |
BitLocker Security Feature Bypass Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
A security bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption. An attacker with physical access to a powered off system ccan exploit this issue to gain access to encrypted data. To exploit the vulnerability, an attacker must gain physical access to the target system prior to the next system reboot.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8567 BID: 105784 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Edge Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Edge
|
|
Details |
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies. An attacker can exploit this issue to access information from one domain and inject it into another domain.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8568 BID: 105829 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft SharePoint Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019
|
|
Details |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker can exploit the issue by sending a specially crafted request to an affected SharePoint server. Successful exploitation of this vulnerability would allow an attacker to perform cross-site scripting attacks on affected systems and run script in the security context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8570 BID: 105783 Microsoft Rating: Important |
|
Vulnerability Type |
Internet Explorer Memory Corruption Vulnerability |
|
Vulnerability Affects |
Microsoft Internet Explorer 11
|
|
Details |
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8572 BID: 105831 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft SharePoint Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019
|
|
Details |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker can exploit the issue by sending a specially crafted request to an affected SharePoint server. Successful exploitation of this vulnerability would allow an attacker to perform cross-site scripting attacks on affected systems and run script in the security context of the current user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8573 BID: 105836 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Word Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Office 2010 (32-bit edition) SP2 Microsoft Office 2010 (64-bit edition) SP2 Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems
|
|
Details |
A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory. An attacker can exploit the issue to run arbitrary code in the context of the current user. Successful exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Word software.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8574 BID: 105833 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Excel Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Excel 2016 (32-bit editions) Microsoft Excel 2016 (64-bit editions) Microsoft Office 2016 for Mac Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems
|
|
Details |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker can exploit the issue to run arbitrary code in the context of the current user. Successful exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8575 BID: 105807 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Project Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Project 2010 Service Pack 2 (32-bit editions) Microsoft Project 2010 Service Pack 2 (64-bit editions) Microsoft Project 2016 (32-bit edition) Microsoft Project 2016 (64-bit edition) Microsoft Project Server 2013 Service Pack 1 Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems
|
|
Details |
A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory. An attacker can exploit this issue using a specially crafted file to perform actions in the security context of the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Project software.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8576 BID: 105822 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Outlook Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Outlook 2010 (32-bit editions) Service Pack 2 Microsoft Outlook 2010 (64-bit editions) Service Pack 2 Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Microsoft Outlook 2016 (32-bit editions) Microsoft Outlook 2016 (64-bit editions) Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems
|
|
Details |
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker can exploit this issue to use a specially crafted file to perform actions in the security context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: Under review
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8577 BID: 105834 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Excel Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Excel Services 2007 Service Pack 3 Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit editions) Microsoft Excel 2016 (64-bit editions) Microsoft Excel 2016 for Mac Microsoft Excel Viewer 2007 Service Pack 3 Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft Office Compatibility Pack Service Pack 3 Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems
|
|
Details |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker can exploit the issue to run arbitrary code in the context of the current user. Successful exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8578 BID: 105832 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft SharePoint Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft SharePoint Foundation 2013 SP1
|
|
Details |
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker can exploit this issue to view the folder path of scripts loaded on the page. To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8579 BID: 105828 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Outlook Information Disclosure Vulnerability |
|
Vulnerability Affects |
Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems
|
|
Details |
An information disclosure vulnerability exists when attaching files to Outlook messages. An attacker can exploit this issue to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8581 BID: 105837 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Exchange Server Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Exchange Server 2010 SP3 Microsoft Exchange Server 2013 SP1 Microsoft Exchange Server 2016
|
|
Details |
An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker can exploit this issue to perform script/content injection attacks and attempt to impersonate any other user of the Exchange server. To exploit the vulnerability, an attacker would need to execute a man-in-the-middle attack to forward an authentication request to a Microsoft Exchange Server, thereby allowing impersonation of another Exchange user.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8582 BID: 105825 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Outlook Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Outlook 2010 (32-bit editions) Service Pack 2 Microsoft Outlook 2010 (64-bit editions) Service Pack 2 Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Microsoft Outlook 2016 (32-bit editions) Microsoft Outlook 2016 (64-bit editions) Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems
|
|
Details |
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files. An attacker can exploit this issue to take control of an affected system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8584 BID: 105808 Microsoft Rating: Important |
|
Vulnerability Type |
Windows ALPC Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803
|
|
Details |
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker can exploit this issue by running a specially crafted application to execute arbitrary code in the security context of the local system and take control over an affected system. To exploit this vulnerability, an attacker would first have to log on to the system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: Exp.CVE-2018-8584
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8589 BID: 105796 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Win32k Elevation of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1
|
|
Details |
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: Exp.CVE-2018-8589
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8592 BID: 105809 Microsoft Rating: Important |
|
Vulnerability Type |
Windows Elevation Of Privilege Vulnerability |
|
Vulnerability Affects |
Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2019
|
|
Details |
An elevation of privilege vulnerability exists in the setup path and you could be affected if a user installed certain builds of the OS from media for Windows 10, version 1809 and an attacker had physical (console) access to the machine.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8600 BID: 105893 Microsoft Rating: Important |
|
Vulnerability Type |
Azure App Service Cross-site Scripting Vulnerability |
|
Vulnerability Affects |
Microsoft Azure App Service on Azure Stack
|
|
Details |
A cross-site scripting vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input. An authenticated attacker can exploit this issue by sending a specially crafted payload to the App Service, which will get executed in the context of the user every time a user visits the compromised page.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: Under review
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8602 BID: 105895 Microsoft Rating: Important |
|
Vulnerability Type |
Team Foundation Server Cross-site Scripting Vulnerability |
|
Vulnerability Affects |
Microsoft Team Foundation Server 2017 Update 3.1 Microsoft Team Foundation Server 2018 Update 1.1 Microsoft Team Foundation Server 2018 Update 3 Microsoft Team Foundation Server 2018 Update 3.1
|
|
Details |
A cross-site Scripting vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker can exploit this issue by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: Under review
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8605 BID: 105889 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
|
Vulnerability Affects |
Microsoft Dynamics 365 (on-premises) 8
|
|
Details |
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected Dynamics server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: Under review
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8606 BID: 105890 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
|
Vulnerability Affects |
Microsoft Dynamics 365 (on-premises) 8
|
|
Details |
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected Dynamics server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: Under review
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8607 BID: 105891 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
|
Vulnerability Affects |
Microsoft Dynamics 365 (on-premises) 8
|
|
Details |
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected Dynamics server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: Under review
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8608 BID: 105892 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
|
Vulnerability Affects |
Microsoft Dynamics 365 (on-premises) 8
|
|
Details |
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected Dynamics server.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: Under review
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8609 BID: 105894 Microsoft Rating: Important |
|
Vulnerability Type |
Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability |
|
Vulnerability Affects |
Microsoft Dynamics 365 (on-premises) 8
|
|
Details |
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker can exploit this issue to execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: Under review
|
|
ID and Rating |
CAN/CVE ID: CVE-2018-8416 BID: 105798 Microsoft Rating: Moderate |
|
Vulnerability Type |
.NET Core Tampering Vulnerability |
|
Vulnerability Affects |
Microsoft .NET Core 1.0 Microsoft .NET Core 1.1 Microsoft .NET Core 2.1 Microsoft .NET Core 2.0
|
|
Details |
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker can exploit this issue by sending a specially crafted file to a vulnerable system to write arbitrary files and directories to certain locations on a vulnerable system.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A |
|
ID and Rating |
CAN/CVE ID: CVE-2018-8546 BID: 105802 Microsoft Rating: Low |
|
Vulnerability Type |
Microsoft Skype for Business Denial of Service Vulnerability |
|
Vulnerability Affects |
Microsoft Lync 2013 (32-bit) SP1 Microsoft Lync 2013 (64-bit) SP1 Microsoft Lync Basic 2013 (32-bit) SP1 Microsoft Lync Basic 2013 (64-bit) SP1 Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Skype for Business 2016 (32-bit) Microsoft Skype for Business 2016 (64-bit) Microsoft Skype for Business Basic 2016 (32-bit) Microsoft Skype for Business Basic 2016 (64-bit)
|
|
Details |
A denial of service vulnerability exists in Skype for Business. An attacker can exploit this issue to cause Skype for Business to stop responding. Successful exploitation of this vulnerability requires that a user sends a number of emojis in the affected version of Skype for Business.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: N/A |
|
Other Detections |
AV: N/A
|
|
ID and Rating |
CAN/CVE ID: ADV990001 BID: Advisory only Microsoft Rating: N/A |
|
Vulnerability Type |
Latest Servicing Stack Updates |
|
Vulnerability Affects |
See Microsoft.com |
|
Details |
See Microsoft.com |
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: Under review
|
|
ID and Rating |
CAN/CVE ID: ADV180028 BID: 105840, 105841 Microsoft Rating: N/A |
|
Vulnerability Type |
Guidance for configuring BitLocker to enforce software encryption |
|
Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Micron MX100 Drive Micron MX200 Drive Micron MX300 Drive Samsung T3 Portable Drives Samsung T5 Portable Drives Samsung 850 EVO drive Samsung 840 EVO drives
|
|
Details |
Self-Encrypting Drives are prone to a local security-bypass vulnerability. Specifically, this issue occurs because the absence of cryptographic binding between the password provided by the end user and the cryptographic key used for the encryption of user data. An attacker can exploit this issue to access the key without knowing the password provided by the end user and allowing the attacker to decrypt information encrypted with that key.
|
|
Intrusion Protection System (IPS) Response |
Sig ID: Under review |
|
Other Detections |
AV: Under review
|
Feedback
