This document describes current Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.
Note: This article will update monthly according to the bulletin release schedule.
Symantec has introduced the following protections based on available information.
CVE-2021-34527
AV: Exp.CVE-2021-34527
IPS:
Audit: MSRPC Windows Print Spooler RpcAddPrinterDriverEx Attempt
Audit: MSRPC Windows Print Spooler RpcAddPrinterDriverEx Attempt 2
Audit: SMB Windows Print Spooler RpcAddPrinterDriverEx Attempt
Audit: Windows Print Spooler RCE CVE-2021-34527
OS Attack: Windows Print Spooler RCE CVE-2021-34527
CVE-2021-34448:
IPS: Web Attack: Microsoft Internet Explorer CVE-2020-1380 (detects CVE-2021-34448 as well)
Additional coverage feasibility is being investigated. Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where deemed feasible.
Symantec has introduced the following protections based on available information.
CVE-2021-31199
AV: Exp.CVE-2021-31199!g1
CVE-2021-31955
AV: Exp.CVE-2021-31955
CVE-2021-31956
AV: Exp.CVE-2021-31956
CVE-2021-33739
AV: Exp.CVE-2021-33739
For the May release Microsoft addressed 55 vulnerabilities.
Symantec has introduced the following protections based on available information.
CVE-2021-26419
IPS: Web Attack: Microsoft Scripting Engine CVE-2021-26419
CVE-2021-31166
IPS: OS Attack: Windows HTTP Protocol Stack CVE-2021-31166
CVE-2021-31181
IPS: Web Attack: Microsoft SharePoint CVE-2021-31181
AV: Exp.CVE-2021-28310
AV:
Exp.CVE-2021-26411
ISB.CVE2021-26411!g1
IPS: Web Attack: Internet Explorer RCE 2021-26411
CVE-2021-26855
AV: Exp.CVE-2021-26855
IPS: Attack: Microsoft Exchange Server CVE-2021-26855
CVE-2021-26857
IPS: Web Attack: Microsoft Exchange Server CVE-2021-26857
CVE-2021-26877
IPS: Attack: Windows DNS Server CVE-2021-26877
CVE-2021-26897
IPS: Attack: Windows DNS Server CVE-2021-26897
CVE-2021-27076
IPS: Web Attack: Microsoft Sharepoint Server CVE-2021-27076
Symantec has introduced the following protections based on available information.
CVE-2021-1698
AV - Exp.CVE-2021-1698
CVE-2021-24074
AV - Exp.CVE-2021-24074
CVE-2021-24078
AV - Exp.CVE-2021-24078
CVE-2021-24086
AV - Exp.CVE-2021-24086
CVE-2021-24094
AV - Exp.CVE-2021-24094
CVE-2021-24072
IPS: Web Attack: XML External Entity Attack
Additional signatures are currently being investigated and may be toggled at a later date*
Symantec has introduced the following protections based on available information.
CVE-2021-1647
AV - Exp.CVE-2021-1647
CVE-2021-1707
IPS: Web Attack: Microsoft Sharepoint CVE-2021-1707
Additional signatures are currently being investigated and may be toggled at a later date*
IPS - Attack: Microsoft Dynamics 365 CVE-2020-17152
Further updates will be made when they become available.
For the November release Microsoft addressed 112 vulnerabilities.
Symantec has introduced the following product detections based on available information:
CVE-2020-17087
AV - Exp.CVE-2020-17087
CVE-2020-17088
AV - Exp.CVE-2020-17088
CVE-2020-17053
IPS - Web Attack: Microsoft Internet Explorer CVE-2020-17053
Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.
For the October release Microsoft addressed 87 vulnerabilities.
Symantec has introduced the following product detections based on available information:
CVE-2020-16898
AV - Exp.CVE-2020-16898
Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.
For the August release Microsoft addressed 129 vulnerabilities.
Symantec has introduced the following product detections based on available information:
CVE-2020-0664
IPS - Attack: Microsoft Active Directory CVE-2020-0664
Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.
For the August release Microsoft addressed 120 vulnerabilities.
Symantec has introduced the following product detections based on available information:
AV: Exp.CVE-2020-1472
IPS:
OS Attack: Microsoft Netlogon CVE-2020-1472
OS Attack: Microsoft Netlogon CVE-2020-1472 2
OS Attack: Microsoft Netlogon CVE-2020-1472 3
AV - Exp.CVE-2020-1380
IPS - Web Attack: Microsoft Internet Explorer CVE-2020-1380
CVE-2020-1567
IPS - Web Attack: Internet Explorer Remote Code Execution
CVE-2020-1570
IPS - Web Attack: Microsoft Internet Explorer CVE-2020-1570
CVE-2020-1587
AV - Exp.CVE-2020-1587
Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.
For the July release Microsoft addressed 125 vulnerabilities.
Symantec has introduced the following product detections based on available information:
CVE-2020-1147
IPS - Web Attack: Microsoft .NET Framework CVE-2020-1147
CVE-2020-1403
IPS - Web Attack: Microsoft ActiveX Data Objects RCE CVE-2019-0888
CVE-2020-1410
IPS - Web Attack: Microsoft Windows Address Book CVE-2020-1410 Download
CVE-2020-1350
IPS - OS Attack: Microsoft DNS Server CVE-2020-1350
Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.
AV Signatures: https://www.broadcom.com/support/security-center/a-z
IPS Signatures: https://www.broadcom.com/support/security-center/attacksignatures
Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.
Please inquire with your Support agent for more information.