Symantec Endpoint Response to Microsoft Monthly Security Bulletins

book

Article ID: 197237

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This document describes current Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.

Note: This article will update monthly according to the bulletin release schedule.

Resolution

  • October 2021

    For the October release Microsoft addressed 77 vulnerabilities.

    Symantec Security Response is currently investigating coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 

 

  • September 2021

    For the September release Microsoft addressed 66 vulnerabilities.

    Symantec has introduced the following protections based on available information: 


    CVE-2021-40444:
    IPS: Web Attack: Microsoft MSHTML RCE CVE-2021-40444

    Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 
  • August 2021

    For the August release Microsoft addressed 44 vulnerabilities.

    Symantec has introduced the following protections based on available information: 


    CVE-2021-26432:
    IPS: OS Attack: Windows Services for NFS ONCRPC XDR Driver CVE-2021-26432

    CVE-2021-34480:
    IPS: Web Attack: Microsoft Scripting Engine CVE-2021-34480 

    CVE-2021-36948:
    AV: Exp.CVE-2021-36948

    Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 


  • July 2021

    For the July release Microsoft addressed 117 vulnerabilities.

Symantec has introduced the following protections based on available information.

CVE-2021-34527

AV:  Exp.CVE-2021-34527
IPS:
Audit: MSRPC Windows Print Spooler RpcAddPrinterDriverEx Attempt
Audit: MSRPC Windows Print Spooler RpcAddPrinterDriverEx Attempt 2
Audit: SMB Windows Print Spooler RpcAddPrinterDriverEx Attempt
Audit: Windows Print Spooler RCE CVE-2021-34527

OS Attack: Windows Print Spooler RCE CVE-2021-34527


CVE-2021-34448:

IPS: Web Attack: Microsoft Internet Explorer CVE-2020-1380 (detects CVE-2021-34448 as well)

 

Additional coverage feasibility is being investigated. Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where deemed feasible.

  • June 2021

    For the June release Microsoft addressed 50 vulnerabilities.

Symantec has introduced the following protections based on available information.

CVE-2021-31199

AV:  Exp.CVE-2021-31199!g1

CVE-2021-31955

AV:  Exp.CVE-2021-31955

          CVE-2021-31956

AV:  Exp.CVE-2021-31956

CVE-2021-33739

AV:  Exp.CVE-2021-33739

 

Additional coverage feasibility is being investigated. Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where deemed feasible.

 

  • May 2021

    For the May release Microsoft addressed 55 vulnerabilities.
    Symantec has introduced the following protections based on available information.
    CVE-2021-26419

IPS:  Web Attack: Microsoft Scripting Engine CVE-2021-26419

CVE-2021-31166

IPS: OS Attack: Windows HTTP Protocol Stack CVE-2021-31166

CVE-2021-31181

IPS: Web Attack: Microsoft SharePoint CVE-2021-31181

Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required*.

  • April 2021

    For the April 2021 Microsoft addressed 108 vulnerabilities.

    Symantec has introduced the following protections based on available information. 

    CVE-2021-28310

AV:  Exp.CVE-2021-28310

Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required*.

  • March 2021

    For the March 2021 Microsoft addressed 89 vulnerabilities.

    Symantec has introduced the following protections based on available information. 

    CVE-2021-26411

AV: 
Exp.CVE-2021-26411
ISB.CVE2021-26411!g1

IPS: Web Attack: Internet Explorer RCE 2021-26411

         CVE-2021-26855

AV: Exp.CVE-2021-26855

IPS: Attack: Microsoft Exchange Server CVE-2021-26855

CVE-2021-26857

IPS: Web Attack: Microsoft Exchange Server CVE-2021-26857

CVE-2021-26877

IPS: Attack: Windows DNS Server CVE-2021-26877

CVE-2021-26897

IPS: Attack: Windows DNS Server CVE-2021-26897

CVE-2021-27076

IPS: Web Attack: Microsoft Sharepoint Server CVE-2021-27076

Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required*.

  • February 2021

    For the February 2021 release Microsoft addressed 56 vulnerabilities.

Symantec has introduced the following protections based on available information.

CVE-2021-1698

              AV - Exp.CVE-2021-1698

CVE-2021-24074

              AV - Exp.CVE-2021-24074

CVE-2021-24078

              AV - Exp.CVE-2021-24078

CVE-2021-24086

              AV - Exp.CVE-2021-24086

CVE-2021-24094

              AV - Exp.CVE-2021-24094

CVE-2021-24072

IPS: Web Attack: XML External Entity Attack

Additional signatures are currently being investigated and may be toggled at a later date*

  • January 2021

    For the January 2021 release Microsoft addressed 83  vulnerabilities.

Symantec has introduced the following protections based on available information.

CVE-2021-1647

AV - Exp.CVE-2021-1647

         CVE-2021-1707

IPS: Web Attack: Microsoft Sharepoint CVE-2021-1707

             Additional signatures are currently being investigated and may be toggled at a later date*

  • December 2020


    For the
    December release Microsoft addressed 58 vulnerabilities.

    CVE-2020-17152

IPS - Attack: Microsoft Dynamics 365 CVE-2020-17152


Further updates will be made when they become available.


  • November 2020

For the November release Microsoft addressed 112 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-17087

AV - Exp.CVE-2020-17087

CVE-2020-17088

AV - Exp.CVE-2020-17088

CVE-2020-17053

IPS - Web Attack: Microsoft Internet Explorer CVE-2020-17053

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

  • October 2020 

For the October release Microsoft addressed 87 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-16898

AV - Exp.CVE-2020-16898

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

  • September 2020 

For the August release Microsoft addressed 129 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-0664

IPS - Attack: Microsoft Active Directory CVE-2020-0664

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

 

  • August 2020 

For the August release Microsoft addressed 120 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-1472

AV:  Exp.CVE-2020-1472
IPS: 
OS Attack: Microsoft Netlogon CVE-2020-1472
OS Attack: Microsoft Netlogon CVE-2020-1472 2
OS Attack: Microsoft Netlogon CVE-2020-1472 3

CVE-2020-1380

AV - Exp.CVE-2020-1380

IPS - Web Attack: Microsoft Internet Explorer CVE-2020-1380 

CVE-2020-1567

IPS - Web Attack: Internet Explorer Remote Code Execution

CVE-2020-1570 

IPS - Web Attack: Microsoft Internet Explorer CVE-2020-1570

CVE-2020-1587

AV - Exp.CVE-2020-1587

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

 

  • July 2020

 For the July release Microsoft addressed 125 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-1147

IPS - Web Attack: Microsoft .NET Framework CVE-2020-1147

CVE-2020-1403

IPS - Web Attack: Microsoft ActiveX Data Objects RCE CVE-2019-0888

CVE-2020-1410

IPS - Web Attack: Microsoft Windows Address Book CVE-2020-1410 Download

CVE-2020-1350

IPS - OS Attack: Microsoft DNS Server CVE-2020-1350

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

 

  • Reference: 

AV Signatures:  https://www.broadcom.com/support/security-center/a-z

IPS Signatures: https://www.broadcom.com/support/security-center/attacksignatures

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

 

Additional Information

This document describes current Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins. Vulnerabilities that are not listed here were not covered at the time of Microsoft release. 

Please inquire with your Support agent for more information.