Symantec Endpoint Response to Microsoft Monthly Security Bulletins
search cancel

Symantec Endpoint Response to Microsoft Monthly Security Bulletins

book

Article ID: 197237

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This document describes current Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.

Note: This article will update monthly according to the bulletin release schedule.

Year: 2024

 

Year: 2023



Year: 2022


Year: 2021

Resolution

  • April 2024

    For the April 2024 release Microsoft addressed 149 vulnerabilities.

    Following protections are available against: 

    CVE-2024-26234
    AV:      Trojan.Certbypass

    Security Response team will continue to monitor for the in-wild usage of other reported vulnerabilities and investigate for the coverage feasibility and will include coverage as deemed feasible.


  • March 2024

    For the March 2024 release Microsoft addressed 60 vulnerabilities.

    Following protections are available against: 

    CVE-2024-21433
    AV:     Exp.CVE-2024-21433

    Security Response team will continue to monitor for the in-wild usage of other reported vulnerabilities and investigate for the coverage feasibility and will include coverage as deemed feasible.


  • February 2024

    For the February 2024 release Microsoft addressed 73 vulnerabilities.

    Following protections are available against: 

    CVE-2024-21338
    AV:      Exp.CVE-2024-21338

    CVE-2024-21371
    AV:      Exp.CVE-2024-21371

    CVE-2024-21412
    AV:      Exp.CVE-2024-21412

     


    Security Response team will continue to monitor for the in-wild usage of other reported vulnerabilities and investigate for the coverage feasibility and will include coverage as deemed feasible.


  • January 2024

    For the January 2024 release Microsoft addressed 48 vulnerabilities.

    Symantec Security Response is actively investigating the coverage feasibility for the announced vulnerabilities and continues to monitor in the wild usage. Coverage will be included as deemed feasible.



  • December 2023

    For the December 2023 release Microsoft addressed 37 vulnerabilities.

    Symantec Security Response is actively investigating the coverage feasibility for the announced vulnerabilities and continues to monitor in the wild usage. Coverage will be included as deemed feasible.


  • November 2023

    For the November 2023 release Microsoft addressed  57 vulnerabilities.

    Following protections are available against: 

CVE-2023-36033
AV:  Exp.CVE-2023-36033

CVE-2023-36036
AV:  Exp.CVE-2023-36036


Security Response team will continue to monitor for the in-wild usage and investigate for the coverage feasibility and will include coverage as deemed feasible.

  • October 2023

    For the October 2023 release Microsoft addressed 104 vulnerabilities.

    Symantec Security Response is actively investigating the coverage feasibility for the announced vulnerabilities and continues to monitor in the wild usage. Coverage will be included as deemed feasible.


  • September 2023

    For the September 2023 release Microsoft addressed 59 vulnerabilities.

    Following Protection are available against: 

    CVE-2023-36745
    IPS:      Web Attack: Microsoft Exchange Server RCE CVE-2023-36745


    Security Response team will continue to monitor for the in-wild usage and investigate for the coverage feasibility and will include coverage as deemed feasible.


  • August 2023

    For the August 2023 release Microsoft addressed 76 vulnerabilities.

    Symantec Security Response is actively investigating the coverage feasibility for the announced vulnerabilities and continues to monitor in the wild usage. Coverage will be included as deemed feasible.

 

  • July 2023

    For the July 2023 release Microsoft addressed 133 vulnerabilities.

    Following protections are available against: 

  • CVE-2023-35311
    IPS:      Web Attack: Microsoft Outlook CVE-2023-35311

    Security Response team will continue to monitor for the in-wild usage and investigate for the coverage feasibility and will include coverage as deemed feasible.


  • June 2023

    For the June 2023 release Microsoft addressed 69 vulnerabilities.

    Security Response team will continue to monitor for the in-wild usage and investigate for the coverage feasibility and will include coverage as deemed feasible.


  • May 2023

    For the April 2023 re    lease Microsoft addressed 40 vulnerabilities.

    Following protections are available against: 

    CVE-2023-24950
    IPS:      Web Attack: Microsoft Sharepoint Server CVE-2023-24950

    CVE-2023-29336
    AV:      Exp.CVE-2023-29336


    Security Response team will continue to monitor for the in-wild usage and investigate for the coverage feasibility and will include coverage as deemed feasible.

 

  • April 2023

    For the April 2023 release Microsoft addressed 97 vulnerabilities.

    Following protections are available against: 

    CVE-2023-28274
    AV:      Exp.CVE-2023-28274


    Security Response team will continue to monitor for the in-wild usage and investigate for the coverage feasibility and will include coverage as deemed feasible.


  • March 2023

    For the March 2023 release Microsoft addressed 75 vulnerabilities. 

    Following protections are available against: 

    CVE-2023-23397
    AV:
    Exp.CVE-2023-23397
    Exp.CVE-2023-23397!g1
    IPS:
    Audit: SMBv1 NTLM Authentication Attempt
    Audit: SMBv2 NTLM Authentication Attempt.

    CVE-2023-24880
    AV:     Exp.CVE-2023-24880


    Security Response team will continue to monitor for the in-wild usage and investigate for the coverage feasibility and will include coverage as deemed feasible.


  • February 2023

    For the February 2023 release Microsoft addressed 78 vulnerabilities. 

    Following protections are available against: 

    CVE-2023-21819
    IPS:     OS Attack: Windows Secure Channel CVE-2023-21819

    CVE-2023-21823
    AV:     Exp.CVE-2023-21823

    CVE-2023-23376
    AV: Exp.CVE-2023-23376


    Security Response team will continue to monitor for the in-wild usage and investigate for the coverage feasibility and will include coverage as deemed feasible.


  • January 2023

    For the January 2023 release Microsoft addressed 98 vulnerabilities. 

    Security Response investigated the coverage feasibility and determined coverage is not feasible again the reported vulnerabilities. 

    Security Response team will continue to monitor for the in-wild usage and investigate for the coverage feasibility and will include coverage as deemed feasible.


  • December 2022

    For the December 2022 release Microsoft addressed 49 vulnerabilities. 

    CVE-2022-44698: 
    AV: Trojan.Malsig!g1

    Symantec Security Response continues to monitor in the wild usage and investigate for the coverage feasibility for the announced vulnerabilities and will include coverage as deemed feasible.

  • November 2022

    For the November 2022 release Microsoft addressed 68 vulnerabilities. 

    CVE-2022-41118:
    IPS: Web Attack: Windows Scripting Languages CVE-2022-41118

    Symantec Security Response continues to monitor in the wild usage and investigate for the coverage feasibility for the announced vulnerabilities and will include coverage as deemed feasible.


  • October 2022

For the October 2022 release Microsoft addressed 84  vulnerabilities. 

Following protections are available against: 

CVE-2022-38053:
IPS: Web Attack: Microsoft Sharepoint Server CVE-2022-38053

Symantec Security Response continues to monitor in the wild usage and may add coverage where deemed feasible for the reported vulnerabilities.

  • September 2022

    For the September 2022 release Microsoft addressed 63 vulnerabilities. 

    Symantec Security Response is actively investigating the coverage feasibility for the announced vulnerabilities and continues to monitor in the wild usage. Coverage will be included as deemed feasible.

  • August 2022

    For the August 2022 release Microsoft addressed 122 vulnerabilities. 

    Following protections are available against: 

    CVE-2022-34713:

    AV: Exp.CVE-2022-34713
    IPS: Web Attack: Microsoft Windows Support Diagnostic Tool CVE-2022-34713

    Symantec Security Response continues to monitor in the wild usage and may add coverage where deemed feasible for the reported vulnerabilities.

  • July 2022

    For the July release Microsoft addressed 85 vulnerabilities. 

    Following protections are available against: 

    CVE-2022-22047:
    AV: Exp.CVE-2022-22047

    CVE-2022-30216
    IPS: Attack: Windows Server Service CVE-2022-30216

    Symantec Security Response continues to monitor in the wild usage and may add coverage where deemed feasible for the reported vulnerabilities.


  • June 2022

    For the June release Microsoft addressed 55 vulnerabilities including three marked as critical and 52 as important. 

    CVE-2022-30190:
    IPS
    Web Attack: MSDT Remote Code Execution CVE-2022-30190

    Symantec Security Response continues to monitor in the wild usage and actively investigating coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible.


  • May 2022

    For the May release Microsoft addressed 75 vulnerabilities. 

    CVE-2022-26925:
    IPS
    Audit: EFSRpcOpenFileRaw Method Call Attempt

    Symantec Security Response continues to monitor in the wild usage and actively investigating coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible.


  • April 2022

    For the April release Microsoft addressed 128 vulnerabilities.  

    CVE-2022-26809:
    AV:     Exp.CVE-2022-26809
    IPS
    Audit: EFSRPC Bind Attempt
    Audit: Suspicious SMB Client Request 2
    Attack: Fake SMB Server Response

    CVE-2022-24491:
    IPS:
    OS Attack: Windows Network File System CVE-2022-24491 

    CVE-2022-24497:
    IPS:
    OS Attack: Windows Network File System CVE-2022-24497 


    Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 


  • March 2022

    For the March release Microsoft addressed 71 vulnerabilities.  

    Symantec has introduced the following protections based on available information: 

    CVE-2022-21990:
    AV:     Exp.CVE-2022-21990

    Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 


  • February 2022

    For the February release Microsoft addressed 53 vulnerabilities.  

    CVE-2022-21999:
    AV:     Exp.CVE-2022-21999

    Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 

  • January 2022

    For the January release Microsoft addressed 102 vulnerabilities.  

    Symantec has introduced the following protections based on available information: 

    CVE-2022-21882:
    AV:     Exp.CVE-2022-21882

    CVE-2022-21907:
    IPS:     OS Attack: HTTP Protocol Stack CVE-2022-21907

    Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 


  • December 2021

    For the December release Microsoft addressed 67 vulnerabilities. An additional 16 vulnerabilities related to Chromium were previously addressed in December. 

    Symantec has introduced the following protections based on available information: 

    CVE-2021-43883:
    AV:     Exp.CVE-2021-43883

    Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 

 

  • November 2021

    For the November release Microsoft addressed 55 vulnerabilities.

    CVE-2021-42298:
    IPS: Web Attack: Microsoft Defender CVE-2021-42298

    Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 

 

  • October 2021

    For the October release Microsoft addressed 77 vulnerabilities.

    CVE-2021-40487:
    IPS: Web Attack: Microsoft Sharepoint Server CVE-2021-40487

    Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 


  • September 2021

    For the September release Microsoft addressed 66 vulnerabilities.

    Symantec has introduced the following protections based on available information: 

    CVE-2021-40444:
    IPS: Web Attack: Microsoft MSHTML RCE CVE-2021-40444

    Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 


  • August 2021

    For the August release Microsoft addressed 44 vulnerabilities.

    Symantec has introduced the following protections based on available information: 

    CVE-2021-26432:
    IPS: OS Attack: Windows Services for NFS ONCRPC XDR Driver CVE-2021-26432

    CVE-2021-34480:
    IPS: Web Attack: Microsoft Scripting Engine CVE-2021-34480 

    CVE-2021-36948:
    AV: Exp.CVE-2021-36948

    Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 


  • July 2021

    For the July release Microsoft addressed 117 vulnerabilities.

Symantec has introduced the following protections based on available information.

CVE-2021-34527

AV:  Exp.CVE-2021-34527
IPS:
Audit: MSRPC Windows Print Spooler RpcAddPrinterDriverEx Attempt
Audit: MSRPC Windows Print Spooler RpcAddPrinterDriverEx Attempt 2
Audit: SMB Windows Print Spooler RpcAddPrinterDriverEx Attempt
Audit: Windows Print Spooler RCE CVE-2021-34527

OS Attack: Windows Print Spooler RCE CVE-2021-34527


CVE-2021-34448:
IPS: Web Attack: Microsoft Internet Explorer CVE-2020-1380 (detects CVE-2021-34448 as well)

 

Additional coverage feasibility is being investigated. Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where deemed feasible.

  • June 2021

    For the June release Microsoft addressed 50 vulnerabilities.

Symantec has introduced the following protections based on available information.

CVE-2021-31199

AV:  Exp.CVE-2021-31199!g1

CVE-2021-31955

AV:  Exp.CVE-2021-31955

          CVE-2021-31956

AV:  Exp.CVE-2021-31956

CVE-2021-33739

AV:  Exp.CVE-2021-33739

 

Additional coverage feasibility is being investigated. Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where deemed feasible.

 

  • May 2021

    For the May release Microsoft addressed 55 vulnerabilities.
    Symantec has introduced the following protections based on available information.
    CVE-2021-26419

IPS:  Web Attack: Microsoft Scripting Engine CVE-2021-26419

CVE-2021-31166

IPS: OS Attack: Windows HTTP Protocol Stack CVE-2021-31166

CVE-2021-31181

IPS: Web Attack: Microsoft SharePoint CVE-2021-31181

Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required*.

  • April 2021

    For the April 2021 Microsoft addressed 108 vulnerabilities.

    Symantec has introduced the following protections based on available information. 

    CVE-2021-28310

AV:  Exp.CVE-2021-28310

Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required*.

  • March 2021

    For the March 2021 Microsoft addressed 89 vulnerabilities.

    Symantec has introduced the following protections based on available information. 

    CVE-2021-26411

AV: 
Exp.CVE-2021-26411
ISB.CVE2021-26411!g1

IPS: Web Attack: Internet Explorer RCE 2021-26411

         CVE-2021-26855

AV: Exp.CVE-2021-26855

IPS: Attack: Microsoft Exchange Server CVE-2021-26855

CVE-2021-26857

IPS: Web Attack: Microsoft Exchange Server CVE-2021-26857

CVE-2021-26877

IPS: Attack: Windows DNS Server CVE-2021-26877

CVE-2021-26897

IPS: Attack: Windows DNS Server CVE-2021-26897

CVE-2021-27076

IPS: Web Attack: Microsoft Sharepoint Server CVE-2021-27076

Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required*.

  • February 2021

    For the February 2021 release Microsoft addressed 56 vulnerabilities.

Symantec has introduced the following protections based on available information.

CVE-2021-1698

              AV - Exp.CVE-2021-1698

CVE-2021-24074

              AV - Exp.CVE-2021-24074

CVE-2021-24078

              AV - Exp.CVE-2021-24078

CVE-2021-24086

              AV - Exp.CVE-2021-24086

CVE-2021-24094

              AV - Exp.CVE-2021-24094

CVE-2021-24072

IPS: Web Attack: XML External Entity Attack

Additional signatures are currently being investigated and may be toggled at a later date*

  • January 2021

    For the January 2021 release Microsoft addressed 83  vulnerabilities.

Symantec has introduced the following protections based on available information.

CVE-2021-1647

AV - Exp.CVE-2021-1647

         CVE-2021-1707

IPS: Web Attack: Microsoft Sharepoint CVE-2021-1707

             Additional signatures are currently being investigated and may be toggled at a later date*

  • December 2020


    For the     December release Microsoft addressed 58 vulnerabilities.

    CVE-2020-17152

IPS - Attack: Microsoft Dynamics 365 CVE-2020-17152


Further updates will be made when they become available.

  • November 2020

For the November release Microsoft addressed 112 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-17087

AV - Exp.CVE-2020-17087

CVE-2020-17088

AV - Exp.CVE-2020-17088

CVE-2020-17053

IPS - Web Attack: Microsoft Internet Explorer CVE-2020-17053

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

  • October 2020 

For the October release Microsoft addressed 87 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-16898

AV - Exp.CVE-2020-16898

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

  • September 2020 

For the August release Microsoft addressed 129 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-0664

IPS - Attack: Microsoft Active Directory CVE-2020-0664

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

 

  • August 2020 

For the August release Microsoft addressed 120 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-1472

AV:  Exp.CVE-2020-1472
IPS: 
OS Attack: Microsoft Netlogon CVE-2020-1472
OS Attack: Microsoft Netlogon CVE-2020-1472 2
OS Attack: Microsoft Netlogon CVE-2020-1472 3

CVE-2020-1380

AV - Exp.CVE-2020-1380

IPS - Web Attack: Microsoft Internet Explorer CVE-2020-1380 

CVE-2020-1567

IPS - Web Attack: Internet Explorer Remote Code Execution

CVE-2020-1570 

IPS - Web Attack: Microsoft Internet Explorer CVE-2020-1570

CVE-2020-1587

AV - Exp.CVE-2020-1587

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

 

  • July 2020

 For the July release Microsoft addressed 125 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-1147

IPS - Web Attack: Microsoft .NET Framework CVE-2020-1147

CVE-2020-1403

IPS - Web Attack: Microsoft ActiveX Data Objects RCE CVE-2019-0888

CVE-2020-1410

IPS - Web Attack: Microsoft Windows Address Book CVE-2020-1410 Download

CVE-2020-1350

IPS - OS Attack: Microsoft DNS Server CVE-2020-1350

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

 

  • Reference: 

AV Signatures:  https://www.broadcom.com/support/security-center/a-z

IPS Signatures: https://www.broadcom.com/support/security-center/attacksignatures

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

 

Additional Information

This document describes current Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins. Vulnerabilities that are not listed here were not covered at the time of Microsoft release. 

Please inquire with your Support agent for more information.

Powered by Wolken Software