This document describes current Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.

Note: This article will update monthly according to the bulletin release schedule.

• July 2020
• August 2020
• September 2020
• October 2020
• November 2020
• December 2020
• January 2021
• February_2021
• March_2021
• April_2021
• May_2021
• June_2021
• July_2021
• August_2021
• September_2021

• September 2021
  
  For the September release Microsoft addressed 66 vulnerabilities.
  
  Symantec has introduced the following protections based on available information: 
  
  CVE-2021-40444:
  IPS: Web Attack: Microsoft MSHTML RCE CVE-2021-40444
  
  Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 
  
• August 2021
  
  For the August release Microsoft addressed 44 vulnerabilities.
  
  Symantec has introduced the following protections based on available information: 
  
  CVE-2021-26432:
  IPS: OS Attack: Windows Services for NFS ONCRPC XDR Driver CVE-2021-26432
  
  CVE-2021-34480:
  IPS: Web Attack: Microsoft Scripting Engine CVE-2021-34480 
  
  CVE-2021-36948:
  AV: Exp.CVE-2021-36948
  
  Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. 
  
  
  
• July 2021
  
  For the July release Microsoft addressed 117 vulnerabilities.

Symantec has introduced the following protections based on available information.

CVE-2021-34527

AV:  Exp.CVE-2021-34527
IPS:
Audit: MSRPC Windows Print Spooler RpcAddPrinterDriverEx Attempt
Audit: MSRPC Windows Print Spooler RpcAddPrinterDriverEx Attempt 2
Audit: SMB Windows Print Spooler RpcAddPrinterDriverEx Attempt
Audit: Windows Print Spooler RCE CVE-2021-34527

OS Attack: Windows Print Spooler RCE CVE-2021-34527

CVE-2021-34448:
IPS: Web Attack: Microsoft Internet Explorer CVE-2020-1380 (detects CVE-2021-34448 as well)

Additional coverage feasibility is being investigated. Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where deemed feasible.

• June 2021
  
  For the June release Microsoft addressed 50 vulnerabilities.

Symantec has introduced the following protections based on available information.

CVE-2021-31199

AV:  Exp.CVE-2021-31199!g1

CVE-2021-31955

AV:  Exp.CVE-2021-31955

          CVE-2021-31956

AV:  Exp.CVE-2021-31956

CVE-2021-33739

AV:  Exp.CVE-2021-33739

Additional coverage feasibility is being investigated. Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where deemed feasible.

• May 2021
  
  

  For the May release Microsoft addressed 55 vulnerabilities.
  Symantec has introduced the following protections based on available information.
  CVE-2021-26419

IPS:  Web Attack: Microsoft Scripting Engine CVE-2021-26419

CVE-2021-31166

IPS: OS Attack: Windows HTTP Protocol Stack CVE-2021-31166

CVE-2021-31181

IPS: Web Attack: Microsoft SharePoint CVE-2021-31181

Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required*.

• April 2021
  
  For the April 2021 Microsoft addressed 108 vulnerabilities.
  
  Symantec has introduced the following protections based on available information. 
  
  CVE-2021-28310

AV:  Exp.CVE-2021-28310

Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required*.

• March 2021
  
  For the March 2021 Microsoft addressed 89 vulnerabilities.
  
  Symantec has introduced the following protections based on available information. 
  
  CVE-2021-26411

AV: 
Exp.CVE-2021-26411
ISB.CVE2021-26411!g1

IPS: Web Attack: Internet Explorer RCE 2021-26411

         CVE-2021-26855

AV: Exp.CVE-2021-26855

IPS: Attack: Microsoft Exchange Server CVE-2021-26855

CVE-2021-26857

IPS: Web Attack: Microsoft Exchange Server CVE-2021-26857

CVE-2021-26877

IPS: Attack: Windows DNS Server CVE-2021-26877

CVE-2021-26897

IPS: Attack: Windows DNS Server CVE-2021-26897

CVE-2021-27076

IPS: Web Attack: Microsoft Sharepoint Server CVE-2021-27076

Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required*.

• February 2021
  
  For the February 2021 release Microsoft addressed 56 vulnerabilities.
  

Symantec has introduced the following protections based on available information.

CVE-2021-1698

              AV - Exp.CVE-2021-1698

CVE-2021-24074

              AV - Exp.CVE-2021-24074

CVE-2021-24078

              AV - Exp.CVE-2021-24078

CVE-2021-24086

              AV - Exp.CVE-2021-24086

CVE-2021-24094

              AV - Exp.CVE-2021-24094

CVE-2021-24072

IPS: Web Attack: XML External Entity Attack

Additional signatures are currently being investigated and may be toggled at a later date*

• January 2021
  
  For the January 2021 release Microsoft addressed 83  vulnerabilities.
  

Symantec has introduced the following protections based on available information.

CVE-2021-1647

AV - Exp.CVE-2021-1647

         CVE-2021-1707

IPS: Web Attack: Microsoft Sharepoint CVE-2021-1707

             Additional signatures are currently being investigated and may be toggled at a later date*

• December 2020
  

  
  For the December release Microsoft addressed 58 vulnerabilities.
  
  CVE-2020-17152

IPS - Attack: Microsoft Dynamics 365 CVE-2020-17152

Further updates will be made when they become available.

• November 2020

For the November release Microsoft addressed 112 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-17087

AV - Exp.CVE-2020-17087

CVE-2020-17088

AV - Exp.CVE-2020-17088

CVE-2020-17053

IPS - Web Attack: Microsoft Internet Explorer CVE-2020-17053

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

• October 2020 

For the October release Microsoft addressed 87 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-16898

AV - Exp.CVE-2020-16898

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

• September 2020 

For the August release Microsoft addressed 129 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-0664

IPS - Attack: Microsoft Active Directory CVE-2020-0664

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

• August 2020 

For the August release Microsoft addressed 120 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-1472

AV:  Exp.CVE-2020-1472
IPS: 
OS Attack: Microsoft Netlogon CVE-2020-1472
OS Attack: Microsoft Netlogon CVE-2020-1472 2
OS Attack: Microsoft Netlogon CVE-2020-1472 3

CVE-2020-1380

AV - Exp.CVE-2020-1380

IPS - Web Attack: Microsoft Internet Explorer CVE-2020-1380 

CVE-2020-1567

IPS - Web Attack: Internet Explorer Remote Code Execution

CVE-2020-1570 

IPS - Web Attack: Microsoft Internet Explorer CVE-2020-1570

CVE-2020-1587

AV - Exp.CVE-2020-1587

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

• July 2020

 For the July release Microsoft addressed 125 vulnerabilities.

Symantec has introduced the following product detections based on available information:

CVE-2020-1147

IPS - Web Attack: Microsoft .NET Framework CVE-2020-1147

CVE-2020-1403

IPS - Web Attack: Microsoft ActiveX Data Objects RCE CVE-2019-0888

CVE-2020-1410

IPS - Web Attack: Microsoft Windows Address Book CVE-2020-1410 Download

CVE-2020-1350

IPS - OS Attack: Microsoft DNS Server CVE-2020-1350

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.

• Reference: 

AV Signatures:  https://www.broadcom.com/support/security-center/a-z

IPS Signatures: https://www.broadcom.com/support/security-center/attacksignatures

Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.