This document describes current Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.

Note: This article will update monthly according to the bulletin release schedule.

• July 2020
• August 2020
• September 2020
• October 2020
• November 2020
• December 2020
• January 2021
• February_2021
• March_2021
• April_2021
• May_2021
• June_2021
• July_2021
• August_2021
• September_2021
• October_2021
• November_2021
• December_2021
• January_2022

• January 2022
  
  For the January release Microsoft addressed 102 vulnerabilities.  
  
  
• Symantec has introduced the following protections based on available information: 
  
  CVE-2022-21907:
  IPS: OS Attack: HTTP Protocol Stack CVE-2022-21907
  
  Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 
  
  
  
• December 2021
  
  For the December release Microsoft addressed 67 vulnerabilities. An additional 16 vulnerabilities related to Chromium were previously addressed in December. 
  
  Symantec has introduced the following protections based on available information: 
  
  CVE-2021-43883:
  AV: Exp.CVE-2021-43883
  
  Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 

• November 2021
  
  For the November release Microsoft addressed 55 vulnerabilities.
  
  CVE-2021-42298:
  IPS: Web Attack: Microsoft Defender CVE-2021-42298
  
  Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 

• October 2021
  
  For the October release Microsoft addressed 77 vulnerabilities.
  
  CVE-2021-40487:
  IPS: Web Attack: Microsoft Sharepoint Server CVE-2021-40487
  
  Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 
  
  
  
• September 2021
  
  For the September release Microsoft addressed 66 vulnerabilities.
  
  Symantec has introduced the following protections based on available information: 
  
  CVE-2021-40444:
  IPS: Web Attack: Microsoft MSHTML RCE CVE-2021-40444
  
  Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 
  
  
  
• August 2021
  
  For the August release Microsoft addressed 44 vulnerabilities.
  
  Symantec has introduced the following protections based on available information: 
  
  CVE-2021-26432:
  IPS: OS Attack: Windows Services for NFS ONCRPC XDR Driver CVE-2021-26432
  
  CVE-2021-34480:
  IPS: Web Attack: Microsoft Scripting Engine CVE-2021-34480 
  
  CVE-2021-36948:
  AV: Exp.CVE-2021-36948
  
  Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 
  
  
  
• July 2021
  
  For the July release Microsoft addressed 117 vulnerabilities.

Symantec has introduced the following protections based on available information.

CVE-2021-34527

AV:  Exp.CVE-2021-34527
IPS:
Audit: MSRPC Windows Print Spooler RpcAddPrinterDriverEx Attempt
Audit: MSRPC Windows Print Spooler RpcAddPrinterDriverEx Attempt 2
Audit: SMB Windows Print Spooler RpcAddPrinterDriverEx Attempt
Audit: Windows Print Spooler RCE CVE-2021-34527

OS Attack: Windows Print Spooler RCE CVE-2021-34527

CVE-2021-34448:
IPS: Web Attack: Microsoft Internet Explorer CVE-2020-1380 (detects CVE-2021-34448 as well)

Additional coverage feasibility is being investigated. Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where deemed feasible.

• June 2021
  
  For the June release Microsoft addressed 50 vulnerabilities.

Symantec has introduced the following protections based on available information.

CVE-2021-31199

AV:  Exp.CVE-2021-31199!g1

CVE-2021-31955

AV:  Exp.CVE-2021-31955

          CVE-2021-31956

AV:  Exp.CVE-2021-31956

CVE-2021-33739

AV:  Exp.CVE-2021-33739

Additional coverage feasibility is being investigated. Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where deemed feasible.

• May 2021
  
  

  For the May release Microsoft addressed 55 vulnerabilities.
  Symantec has introduced the following protections based on available information.
  CVE-2021-26419

IPS:  Web Attack: Microsoft Scripting Engine CVE-2021-26419

CVE-2021-31166

IPS: OS Attack: Windows HTTP Protocol Stack CVE-2021-31166

CVE-2021-31181

IPS: Web Attack: Microsoft SharePoint CVE-2021-31181

Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required*.

• April 2021
  
  For the April 2021 Microsoft addressed 108 vulnerabilities.
  
  Symantec has introduced the following protections based on available information. 
  
  CVE-2021-28310

AV:  Exp.CVE-2021-28310

Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required*.

• March 2021
  
  For the March 2021 Microsoft addressed 89 vulnerabilities.
  
  Symantec has introduced the following protections based on available information. 
  
  CVE-2021-26411

AV: 
Exp.CVE-2021-26411
ISB.CVE2021-26411!g1

IPS: Web Attack: Internet Explorer RCE 2021-26411

         CVE-2021-26855

AV: Exp.CVE-2021-26855

IPS: Attack: Microsoft Exchange Server CVE-2021-26855

CVE-2021-26857

IPS: Web Attack: Microsoft Exchange Server CVE-2021-26857

CVE-2021-26877

IPS: Attack: Windows DNS Server CVE-2021-26877

CVE-2021-26897

IPS: Attack: Windows DNS Server CVE-2021-26897

CVE-2021-27076

IPS: Web Attack: Microsoft Sharepoint Server CVE-2021-27076

Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required*.

• February 2021
  
  For the February 2021 release Microsoft addressed 56 vulnerabilities.
  

Symantec has introduced the following protections based on available information.

CVE-2021-1698

              AV - Exp.CVE-2021-1698

CVE-2021-24074

              AV - Exp.CVE-2021-24074

CVE-2021-24078

              AV - Exp.CVE-2021-24078

CVE-2021-24086

              AV - Exp.CVE-2021-24086

CVE-2021-24094

              AV - Exp.CVE-2021-24094

CVE-2021-24072

IPS: Web Attack: XML External Entity Attack

Additional signatures are currently being investigated and may be toggled at a later date*

• January 2021
  
  For the January 2021 release Microsoft addressed 83  vulnerabilities.
  

Symantec has introduced the following protections based on available information.

CVE-2021-1647

AV - Exp.CVE-2021-1647

         CVE-2021-1707

IPS: Web Attack: Microsoft Sharepoint CVE-2021-1707

             Additional signatures are currently being investigated and may be toggled at a later date*

• December 2020
  

  
  For the December release Microsoft addressed 58 vulnerabilities.
  
  CVE-2020-17152

IPS - Attack: Microsoft Dynamics 365 CVE-2020-17152

Further updates will be made when they become available.

• November 2020

For the November release Microsoft addressed 112 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-17087

AV - Exp.CVE-2020-17087

CVE-2020-17088

AV - Exp.CVE-2020-17088

CVE-2020-17053

IPS - Web Attack: Microsoft Internet Explorer CVE-2020-17053

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

• October 2020 

For the October release Microsoft addressed 87 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-16898

AV - Exp.CVE-2020-16898

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

• September 2020 

For the August release Microsoft addressed 129 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-0664

IPS - Attack: Microsoft Active Directory CVE-2020-0664

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

• August 2020 

For the August release Microsoft addressed 120 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-1472

AV:  Exp.CVE-2020-1472
IPS: 
OS Attack: Microsoft Netlogon CVE-2020-1472
OS Attack: Microsoft Netlogon CVE-2020-1472 2
OS Attack: Microsoft Netlogon CVE-2020-1472 3

CVE-2020-1380

AV - Exp.CVE-2020-1380

IPS - Web Attack: Microsoft Internet Explorer CVE-2020-1380 

CVE-2020-1567

IPS - Web Attack: Internet Explorer Remote Code Execution

CVE-2020-1570 

IPS - Web Attack: Microsoft Internet Explorer CVE-2020-1570

CVE-2020-1587

AV - Exp.CVE-2020-1587

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

• July 2020

 For the July release Microsoft addressed 125 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-1147

IPS - Web Attack: Microsoft .NET Framework CVE-2020-1147

CVE-2020-1403

IPS - Web Attack: Microsoft ActiveX Data Objects RCE CVE-2019-0888

CVE-2020-1410

IPS - Web Attack: Microsoft Windows Address Book CVE-2020-1410 Download

CVE-2020-1350

IPS - OS Attack: Microsoft DNS Server CVE-2020-1350

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

• Reference: 

AV Signatures:  https://www.broadcom.com/support/security-center/a-z

IPS Signatures: https://www.broadcom.com/support/security-center/attacksignatures

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.