search cancel

Symantec product detections for Microsoft monthly Security Bulletins - November 2018

book

Article ID: 173008

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.
Note: These have been referred to previously as Security Advisories. The language has been updated to Security Bulletins to maintain cadence with Microsoft's terminology
Note: The fields for KB and Bulletin are no longer populated or used by Microsoft, and they no longer appear here as of April 2017 

Resolution

 

ID and Rating

CAN/CVE ID: ADV180025

BID: N/A

Microsoft Rating: Critical

Vulnerability Type

November 2018 Adobe Flash Security Update

Vulnerability Affects

See Adobe.com

Details

See Adobe.com

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8476

BID: 105774

Microsoft Rating: Critical

Vulnerability Type

Windows Deployment Services TFTP Server Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803

Details

A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker can exploit this issue to execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8541

BID: 105771

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability

Vulnerability Affects

Microsoft ChakraCore Microsoft Edge

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8542

BID: 105772

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability

Vulnerability Affects

Microsoft ChakraCore Microsoft Edge

 

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

Intrusion Protection System (IPS) Response

Sig ID: Web Attack: Microsoft Edge CVE-2018-8456

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8543

BID: 105846

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability

Vulnerability Affects

Microsoft ChakraCore Microsoft Edge

 

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8544

BID: 105787

Microsoft Rating: Critical

Vulnerability Type

Windows VBScript Engine Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11

 

Details

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: Web Attack: Windows VBScript Engine RCE CVE-2018-8544

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8551

BID: 105773

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability

Vulnerability Affects

Microsoft ChakraCore Microsoft Edge

 

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8553

BID: 105777

Microsoft Rating: Critical

Vulnerability Type

Microsoft Graphics Components Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2016 Microsoft Windows Server 2012 R2

 

Details

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker can exploit this issue to execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8555

BID: 105775

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft ChakraCore Microsoft Edge

 

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: Web Attack: MSEDGE CVE-2018-8296

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8556

BID: 105779

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft ChakraCore Microsoft Edge

 

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8557

BID: 105780

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft ChakraCore Microsoft Edge

 

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: Web Attack: Microsoft Edge CVE-2018-8456

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8588

BID: 105782

Microsoft Rating: Critical

Vulnerability Type

Chakra Scripting Engine Memory Corruption Vulnerability
Remote Code Execution (RCE)

Vulnerability Affects

Microsoft ChakraCore Microsoft Edge

 

Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: Web Attack: Microsoft Edge CVE-2018-8456

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: ADV180027

BID:

Microsoft Rating: Important

Vulnerability Type

Microsoft Surface Devices Elevation of Privilege Vulnerability

Vulnerability Affects

See Microsoft.com

Details

See Microsoft.com

Intrusion Protection System (IPS) Response

Sig ID: Advisory only

Other Detections

AV: Advisory only

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8256

BID: 105781

Microsoft Rating: Important

Vulnerability Type

Microsoft PowerShell Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft PowerShell Core 6.0.0 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files. An attacker can exploit this issue to execute malicious code on a vulnerable system. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8407

BID: 105794

Microsoft Rating: Important

Vulnerability Type

MSRPC Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019

 

Details

An information disclosure vulnerability exists when 'Kernel Remote Procedure Call Provider' driver improperly initializes objects in memory. An attacker can exploit this issue by running a specially crafted application. Successful exploitation of this vulnerability would allow an attacker to obtain information to further compromise the user's system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8408

BID: 105789

Microsoft Rating: Important

Vulnerability Type

Windows Kernel Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for 64-bit Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows Server 2019

 

Details

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An authenticated attacker can exploit the issue to run a specially crafted application. Successful exploitation of the vulnerability could allow an attacker to obtain information to further compromise the user's system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8415

BID: 105792

Microsoft Rating: Important

Vulnerability Type

Microsoft Powershell Tampering Vulnerability

Vulnerability Affects

Microsoft PowerShell Core 6.1.0 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code. To exploit this vulnerability, an attacker would need to log on to the affected system and run a specially crafted application.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8417

BID: 105795

Microsoft Rating: Important

Vulnerability Type

Microsoft JScript Security Feature Bypass Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A security bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard. To exploit the vulnerability, an attacker would first have to access the local machine, and run a specially crafted application to create arbitrary COM objects.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8450

BID: 105797

Microsoft Rating: Important

Vulnerability Type

Windows Search Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1803 Microsoft Windows Server 1709

 

Details

A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker can exploit this issue by sending specially crafted messages to the Windows Search service to take control of the affected system. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8454

BID: 105799

Microsoft Rating: Important

Vulnerability Type

Windows Audio Service Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory. An attacker can exploit this issue by running a specially crafted application in user mode to potentially disclose memory contents of a elevated process.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8471

BID: 105800

Microsoft Rating: Important

Vulnerability Type

Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory. A locally authenticated attacker can exploit this issue by running a specially crafted application to execute code with elevated permissions.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8485

BID: 105770

Microsoft Rating: Important

Vulnerability Type

DirectX Elevation of Privilege Vulnerability

Vulnerability Affects

 

Details

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8522

BID: 105820

Microsoft Rating: Important

Vulnerability Type

Microsoft Outlook Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8524

BID: 105823

Microsoft Rating: Important

Vulnerability Type

Microsoft Outlook Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Outlook 2010 (32-bit editions) Service Pack 2 Microsoft Outlook 2010 (64-bit editions) Service Pack 2 Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Microsoft Outlook 2016 (32-bit editions) Microsoft Outlook 2016 (64-bit editions) Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems

 

Details

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker can exploit this issue to use a specially crafted file to perform actions in the security context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8539

BID: 105835

Microsoft Rating: Important

Vulnerability Type

Microsoft Word Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Office 2010 (32-bit edition) SP2 Microsoft Office 2010 (64-bit edition) SP2 Microsoft Office Web Apps 2010 SP2 Microsoft SharePoint Server 2010 SP2

 

Details

A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory. An attacker can exploit the issue to run arbitrary code in the context of the current user. Successful exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Word software.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8545

BID: 105788

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Edge

 

Details

An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests. An attacker can exploit this issue to determine the origin of all webpages in the affected browser.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8547

BID: 105801

Microsoft Rating: Important

Vulnerability Type

Active Directory Federation Services XSS Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected AD FS server. Successful exploitation of this vulnerability would allow an attacker to then perform cross-site scripting attacks on affected systems and run scripts in the security context of the current user. This would allow an attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the AD FS site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8549

BID: 105803

Microsoft Rating: Important

Vulnerability Type

Windows Security Feature Bypass Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A security bypass exists when Windows incorrectly validates kernel driver signatures. An attacker can exploit this issue to bypass security features and load improperly signed drivers into the kernel.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8550

BID: 105805

Microsoft Rating: Important

Vulnerability Type

Windows COM Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker can exploit this issue by running a specially crafted application to run arbitrary code with elevated privileges.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8552

BID: 105786

Microsoft Rating: Important

Vulnerability Type

Windows Scripting Engine Memory Corruption Vulnerability

Vulnerability Affects

Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10

 

Details

An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory. An attacker can exploit this issue to further compromise the user’s computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object was created.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8554

BID: 105811

Microsoft Rating: Important

Vulnerability Type

DirectX Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows Server 2019 Microsoft Windows Server 1803

 

Details

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8558

BID: 105826

Microsoft Rating: Important

Vulnerability Type

Microsoft Outlook Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems

 

Details

An information disclosure vulnerability exists when Microsoft Outlook fails to respect 'Default link type' settings configured through the SharePoint Online Admin Center. An attacker can exploit this issue to share anonymously-accessible links to other users via email where these links are intended to be accessed only by specific users.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8561

BID: 105813

Microsoft Rating: Important

Vulnerability Type

DirectX Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8562

BID: 105790

Microsoft Rating: Important

Vulnerability Type

Win32k Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems

 

Details

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8563

BID: 105778

Microsoft Rating: Important

Vulnerability Type

DirectX Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2

 

Details

An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An authenticated attacker can exploit this issue by running a specially crafted application to obtain information to further compromise the user's system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8564

BID: 105785

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Spoofing Vulnerability

Vulnerability Affects

Microsoft Edge

 

Details

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content. An attacker can exploit this issue to trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8565

BID: 105791

Microsoft Rating: Important

Vulnerability Type

Win32k Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Windows Server 2016 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows RT 8.1 Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows Server 1709

 

Details

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker can exploit this issue to obtain information to further compromise the user's system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8566

BID: 105806

Microsoft Rating: Important

Vulnerability Type

BitLocker Security Feature Bypass Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

A security bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption. An attacker with physical access to a powered off system ccan exploit this issue to gain access to encrypted data. To exploit the vulnerability, an attacker must gain physical access to the target system prior to the next system reboot.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8567

BID: 105784

Microsoft Rating: Important

Vulnerability Type

Microsoft Edge Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Edge

 

Details

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies. An attacker can exploit this issue to access information from one domain and inject it into another domain.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8568

BID: 105829

Microsoft Rating: Important

Vulnerability Type

Microsoft SharePoint Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019

 

Details

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker can exploit the issue by sending a specially crafted request to an affected SharePoint server. Successful exploitation of this vulnerability would allow an attacker to perform cross-site scripting attacks on affected systems and run script in the security context of the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8570

BID: 105783

Microsoft Rating: Important

Vulnerability Type

Internet Explorer Memory Corruption Vulnerability

Vulnerability Affects

Microsoft Internet Explorer 11

 

Details

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8572

BID: 105831

Microsoft Rating: Important

Vulnerability Type

Microsoft SharePoint Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019

 

Details

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker can exploit the issue by sending a specially crafted request to an affected SharePoint server. Successful exploitation of this vulnerability would allow an attacker to perform cross-site scripting attacks on affected systems and run script in the security context of the current user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8573

BID: 105836

Microsoft Rating: Important

Vulnerability Type

Microsoft Word Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Office 2010 (32-bit edition) SP2 Microsoft Office 2010 (64-bit edition) SP2 Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems

 

Details

A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory. An attacker can exploit the issue to run arbitrary code in the context of the current user. Successful exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Word software.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8574

BID: 105833

Microsoft Rating: Important

Vulnerability Type

Microsoft Excel Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Excel 2016 (32-bit editions) Microsoft Excel 2016 (64-bit editions) Microsoft Office 2016 for Mac Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems

 

Details

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker can exploit the issue to run arbitrary code in the context of the current user. Successful exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8575

BID: 105807

Microsoft Rating: Important

Vulnerability Type

Microsoft Project Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Project 2010 Service Pack 2 (32-bit editions) Microsoft Project 2010 Service Pack 2 (64-bit editions) Microsoft Project 2016 (32-bit edition) Microsoft Project 2016 (64-bit edition) Microsoft Project Server 2013 Service Pack 1 Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems

 

Details

A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory. An attacker can exploit this issue using a specially crafted file to perform actions in the security context of the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Project software.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8576

BID: 105822

Microsoft Rating: Important

Vulnerability Type

Microsoft Outlook Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Outlook 2010 (32-bit editions) Service Pack 2 Microsoft Outlook 2010 (64-bit editions) Service Pack 2 Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Microsoft Outlook 2016 (32-bit editions) Microsoft Outlook 2016 (64-bit editions) Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems

 

Details

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker can exploit this issue to use a specially crafted file to perform actions in the security context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software.

 

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8577

BID: 105834

Microsoft Rating: Important

Vulnerability Type

Microsoft Excel Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Excel Services 2007 Service Pack 3 Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit editions) Microsoft Excel 2016 (64-bit editions) Microsoft Excel 2016 for Mac Microsoft Excel Viewer 2007 Service Pack 3 Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft Office Compatibility Pack Service Pack 3 Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems

 

Details

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker can exploit the issue to run arbitrary code in the context of the current user. Successful exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8578

BID: 105832

Microsoft Rating: Important

Vulnerability Type

Microsoft SharePoint Information Disclosure Vulnerability

Vulnerability Affects

Microsoft SharePoint Foundation 2013 SP1

 

Details

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker can exploit this issue to view the folder path of scripts loaded on the page. To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8579

BID: 105828

Microsoft Rating: Important

Vulnerability Type

Microsoft Outlook Information Disclosure Vulnerability

Vulnerability Affects

Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems

 

Details

An information disclosure vulnerability exists when attaching files to Outlook messages. An attacker can exploit this issue to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8581

BID: 105837

Microsoft Rating: Important

Vulnerability Type

Microsoft Exchange Server Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Exchange Server 2010 SP3 Microsoft Exchange Server 2013 SP1 Microsoft Exchange Server 2016

 

Details

An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker can exploit this issue to perform script/content injection attacks and attempt to impersonate any other user of the Exchange server. To exploit the vulnerability, an attacker would need to execute a man-in-the-middle attack to forward an authentication request to a Microsoft Exchange Server, thereby allowing impersonation of another Exchange user.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8582

BID: 105825

Microsoft Rating: Important

Vulnerability Type

Microsoft Outlook Remote Code Execution Vulnerability

Vulnerability Affects

Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Outlook 2010 (32-bit editions) Service Pack 2 Microsoft Outlook 2010 (64-bit editions) Service Pack 2 Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Microsoft Outlook 2016 (32-bit editions) Microsoft Outlook 2016 (64-bit editions) Microsoft Office 365 ProPlus for 32-bit Systems Microsoft Office 365 ProPlus for 64-bit Systems

 

Details

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files. An attacker can exploit this issue to take control of an affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8584

BID: 105808

Microsoft Rating: Important

Vulnerability Type

Windows ALPC Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803

 

Details

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker can exploit this issue by running a specially crafted application to execute arbitrary code in the security context of the local system and take control over an affected system. To exploit this vulnerability, an attacker would first have to log on to the system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2018-8584

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8589

BID: 105796

Microsoft Rating: Important

Vulnerability Type

Windows Win32k Elevation of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1

 

Details

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: Exp.CVE-2018-8589

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8592

BID: 105809

Microsoft Rating: Important

Vulnerability Type

Windows Elevation Of Privilege Vulnerability

Vulnerability Affects

Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows Server 2019

 

Details

An elevation of privilege vulnerability exists in the setup path and you could be affected if a user installed certain builds of the OS from media for Windows 10, version 1809 and an attacker had physical (console) access to the machine.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8600

BID: 105893

Microsoft Rating: Important

Vulnerability Type

Azure App Service Cross-site Scripting Vulnerability
Spoofing

Vulnerability Affects

Microsoft Azure App Service on Azure Stack

 

Details

A cross-site scripting vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input. An authenticated attacker can exploit this issue by sending a specially crafted payload to the App Service, which will get executed in the context of the user every time a user visits the compromised page.

 

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8602

BID: 105895

Microsoft Rating: Important

Vulnerability Type

Team Foundation Server Cross-site Scripting Vulnerability
Spoofing

Vulnerability Affects

Microsoft Team Foundation Server 2017 Update 3.1 Microsoft Team Foundation Server 2018 Update 1.1 Microsoft Team Foundation Server 2018 Update 3 Microsoft Team Foundation Server 2018 Update 3.1

 

Details

A cross-site Scripting vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker can exploit this issue by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

 

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8605

BID: 105889

Microsoft Rating: Important

Vulnerability Type

Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Spoofing

Vulnerability Affects

Microsoft Dynamics 365 (on-premises) 8

 

Details

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected Dynamics server.

 

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8606

BID: 105890

Microsoft Rating: Important

Vulnerability Type

Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Spoofing

Vulnerability Affects

Microsoft Dynamics 365 (on-premises) 8

 

Details

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected Dynamics server.

 

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8607

BID: 105891

Microsoft Rating: Important

Vulnerability Type

Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Spoofing

Vulnerability Affects

Microsoft Dynamics 365 (on-premises) 8

 

Details

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected Dynamics server.

 

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8608

BID: 105892

Microsoft Rating: Important

Vulnerability Type

Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Spoofing

Vulnerability Affects

Microsoft Dynamics 365 (on-premises) 8

 

Details

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected Dynamics server.

 

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8609

BID: 105894

Microsoft Rating: Important

Vulnerability Type

Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability
Spoofing

Vulnerability Affects

Microsoft Dynamics 365 (on-premises) 8

 

Details

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker can exploit this issue to execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file.

 

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

 

 

 

ID and Rating

CAN/CVE ID: CVE-2018-8416

BID: 105798

Microsoft Rating: Moderate

Vulnerability Type

.NET Core Tampering Vulnerability

Vulnerability Affects

Microsoft .NET Core 1.0 Microsoft .NET Core 1.1 Microsoft .NET Core 2.1 Microsoft .NET Core 2.0

 

Details

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker can exploit this issue by sending a specially crafted file to a vulnerable system to write arbitrary files and directories to certain locations on a vulnerable system.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

ID and Rating

CAN/CVE ID: CVE-2018-8546

BID: 105802

Microsoft Rating: Low

Vulnerability Type

Microsoft Skype for Business Denial of Service Vulnerability

Vulnerability Affects

Microsoft Lync 2013 (32-bit) SP1 Microsoft Lync 2013 (64-bit) SP1 Microsoft Lync Basic 2013 (32-bit) SP1 Microsoft Lync Basic 2013 (64-bit) SP1 Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Skype for Business 2016 (32-bit) Microsoft Skype for Business 2016 (64-bit) Microsoft Skype for Business Basic 2016 (32-bit) Microsoft Skype for Business Basic 2016 (64-bit)

 

Details

A denial of service vulnerability exists in Skype for Business. An attacker can exploit this issue to cause Skype for Business to stop responding. Successful exploitation of this vulnerability requires that a user sends a number of emojis in the affected version of Skype for Business.

 

Intrusion Protection System (IPS) Response

Sig ID: N/A

Other Detections

AV: N/A

 

 

ID and Rating

CAN/CVE ID: ADV990001

BID: Advisory only

Microsoft Rating: N/A

Vulnerability Type

Latest Servicing Stack Updates

Vulnerability Affects

See Microsoft.com

Details

See Microsoft.com

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review

 

 

ID and Rating

CAN/CVE ID: ADV180028

BID: 105840, 105841

Microsoft Rating: N/A

Vulnerability Type

Guidance for configuring BitLocker to enforce software encryption

Vulnerability Affects

Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 Version 1709 for ARM64-based Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based Systems Microsoft Windows 10 Version 1803 for x64-based Systems Microsoft Windows 10 Version 1809 for 32-bit Systems Microsoft Windows 10 Version 1809 for ARM64-based Systems Microsoft Windows 10 Version 1809 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows RT 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 1709 Microsoft Windows Server 1803 Micron MX100 Drive Micron MX200 Drive Micron MX300 Drive Samsung T3 Portable Drives Samsung T5 Portable Drives Samsung 850 EVO drive Samsung 840 EVO drives

 

Details

Self-Encrypting Drives are prone to a local security-bypass vulnerability. Specifically, this issue occurs because the absence of cryptographic binding between the password provided by the end user and the cryptographic key used for the encryption of user data. An attacker can exploit this issue to access the key without knowing the password provided by the end user and allowing the attacker to decrypt information encrypted with that key.

 

Intrusion Protection System (IPS) Response

Sig ID: Under review

Other Detections

AV: Under review