Symantec Endpoint Response to Microsoft Monthly Security Bulletins
Article ID: 197237
Updated On:
Products
Issue/Introduction
This document describes current Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.
Note: This article will update monthly according to the bulletin release schedule.
Resolution
- June 2022
For the June release Microsoft addressed 55 vulnerabilities including three marked as critical and 52 as important.
CVE-2022-30190:
IPS:
Web Attack: MSDT Remote Code Execution CVE-2022-30190
Symantec Security Response continues to monitor in the wild usage and actively investigating coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. - May 2022
For the May release Microsoft addressed 75 vulnerabilities.
CVE-2022-26925:
IPS:
Audit: EFSRpcOpenFileRaw Method Call Attempt
Symantec Security Response continues to monitor in the wild usage and actively investigating coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. - April 2022
For the April release Microsoft addressed 128 vulnerabilities.
CVE-2022-26809:
AV: Exp.CVE-2022-26809
IPS:
Audit: EFSRPC Bind Attempt
Audit: Suspicious SMB Client Request 2
Attack: Fake SMB Server Response
CVE-2022-24491:
IPS:
OS Attack: Windows Network File System CVE-2022-24491
CVE-2022-24497:
IPS:
OS Attack: Windows Network File System CVE-2022-24497
Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. - March 2022
For the March release Microsoft addressed 71 vulnerabilities.
Symantec has introduced the following protections based on available information:
CVE-2022-21990:
AV: Exp.CVE-2022-21990
Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. - February 2022
For the February release Microsoft addressed 53 vulnerabilities.
CVE-2022-21999:
AV: Exp.CVE-2022-21999
Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. - January 2022
For the January release Microsoft addressed 102 vulnerabilities.
Symantec has introduced the following protections based on available information:
CVE-2022-21882:
AV: Exp.CVE-2022-21882
CVE-2022-21907:
IPS: OS Attack: HTTP Protocol Stack CVE-2022-21907
Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. - December 2021
For the December release Microsoft addressed 67 vulnerabilities. An additional 16 vulnerabilities related to Chromium were previously addressed in December.
Symantec has introduced the following protections based on available information:
CVE-2021-43883:
AV: Exp.CVE-2021-43883
Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible.
- November 2021
For the November release Microsoft addressed 55 vulnerabilities.
CVE-2021-42298:
IPS: Web Attack: Microsoft Defender CVE-2021-42298
Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible.
- October 2021
For the October release Microsoft addressed 77 vulnerabilities.
CVE-2021-40487:
IPS: Web Attack: Microsoft Sharepoint Server CVE-2021-40487
Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. - September 2021
For the September release Microsoft addressed 66 vulnerabilities.
Symantec has introduced the following protections based on available information:
CVE-2021-40444:
IPS: Web Attack: Microsoft MSHTML RCE CVE-2021-40444
Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. - August 2021
For the August release Microsoft addressed 44 vulnerabilities.
Symantec has introduced the following protections based on available information:
CVE-2021-26432:
IPS: OS Attack: Windows Services for NFS ONCRPC XDR Driver CVE-2021-26432
CVE-2021-34480:
IPS: Web Attack: Microsoft Scripting Engine CVE-2021-34480
CVE-2021-36948:
AV: Exp.CVE-2021-36948
Symantec Security Response continues to monitor in the wild usage and/or investigate coverage feasibility for the announced vulnerabilities and may add coverage where deemed feasible. - July 2021
For the July release Microsoft addressed 117 vulnerabilities.
Symantec has introduced the following protections based on available information.
CVE-2021-34527
AV: Exp.CVE-2021-34527
IPS:
Audit: MSRPC Windows Print Spooler RpcAddPrinterDriverEx Attempt
Audit: MSRPC Windows Print Spooler RpcAddPrinterDriverEx Attempt 2
Audit: SMB Windows Print Spooler RpcAddPrinterDriverEx Attempt
Audit: Windows Print Spooler RCE CVE-2021-34527
OS Attack: Windows Print Spooler RCE CVE-2021-34527
CVE-2021-34448:
IPS: Web Attack: Microsoft Internet Explorer CVE-2020-1380 (detects CVE-2021-34448 as well)
Additional coverage feasibility is being investigated. Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where deemed feasible.
Symantec has introduced the following protections based on available information.
CVE-2021-31199
AV: Exp.CVE-2021-31199!g1
CVE-2021-31955
AV: Exp.CVE-2021-31955
CVE-2021-31956
AV: Exp.CVE-2021-31956
CVE-2021-33739
AV: Exp.CVE-2021-33739
Additional coverage feasibility is being investigated. Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where deemed feasible.
- May 2021
For the May release Microsoft addressed 55 vulnerabilities.
Symantec has introduced the following protections based on available information.
CVE-2021-26419
IPS: Web Attack: Microsoft Scripting Engine CVE-2021-26419
CVE-2021-31166
IPS: OS Attack: Windows HTTP Protocol Stack CVE-2021-31166
CVE-2021-31181
IPS: Web Attack: Microsoft SharePoint CVE-2021-31181
Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required*.
- April 2021
For the April 2021 Microsoft addressed 108 vulnerabilities.
Symantec has introduced the following protections based on available information.
CVE-2021-28310
AV: Exp.CVE-2021-28310
Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required*.
- March 2021
For the March 2021 Microsoft addressed 89 vulnerabilities.
Symantec has introduced the following protections based on available information.
CVE-2021-26411
AV:
Exp.CVE-2021-26411
ISB.CVE2021-26411!g1
IPS: Web Attack: Internet Explorer RCE 2021-26411
CVE-2021-26855
AV: Exp.CVE-2021-26855
IPS: Attack: Microsoft Exchange Server CVE-2021-26855
CVE-2021-26857
IPS: Web Attack: Microsoft Exchange Server CVE-2021-26857
CVE-2021-26877
IPS: Attack: Windows DNS Server CVE-2021-26877
CVE-2021-26897
IPS: Attack: Windows DNS Server CVE-2021-26897
CVE-2021-27076
IPS: Web Attack: Microsoft Sharepoint Server CVE-2021-27076
Symantec Security Response continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required*.
Symantec has introduced the following protections based on available information.
CVE-2021-1698
AV - Exp.CVE-2021-1698
CVE-2021-24074
AV - Exp.CVE-2021-24074
CVE-2021-24078
AV - Exp.CVE-2021-24078
CVE-2021-24086
AV - Exp.CVE-2021-24086
CVE-2021-24094
AV - Exp.CVE-2021-24094
CVE-2021-24072
IPS: Web Attack: XML External Entity Attack
Additional signatures are currently being investigated and may be toggled at a later date*
Symantec has introduced the following protections based on available information.
CVE-2021-1647
AV - Exp.CVE-2021-1647
CVE-2021-1707
IPS: Web Attack: Microsoft Sharepoint CVE-2021-1707
Additional signatures are currently being investigated and may be toggled at a later date*
IPS - Attack: Microsoft Dynamics 365 CVE-2020-17152
Further updates will be made when they become available.
For the November release Microsoft addressed 112 vulnerabilities.
Symantec has introduced the following product detections based on available information:
CVE-2020-17087
AV - Exp.CVE-2020-17087
CVE-2020-17088
AV - Exp.CVE-2020-17088
CVE-2020-17053
IPS - Web Attack: Microsoft Internet Explorer CVE-2020-17053
Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.
For the October release Microsoft addressed 87 vulnerabilities.
Symantec has introduced the following product detections based on available information:
CVE-2020-16898
AV - Exp.CVE-2020-16898
Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.
For the August release Microsoft addressed 129 vulnerabilities.
Symantec has introduced the following product detections based on available information:
CVE-2020-0664
IPS - Attack: Microsoft Active Directory CVE-2020-0664
Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.
For the August release Microsoft addressed 120 vulnerabilities.
Symantec has introduced the following product detections based on available information:
CVE-2020-1472
AV: Exp.CVE-2020-1472
IPS:
OS Attack: Microsoft Netlogon CVE-2020-1472
OS Attack: Microsoft Netlogon CVE-2020-1472 2
OS Attack: Microsoft Netlogon CVE-2020-1472 3
CVE-2020-1380
AV - Exp.CVE-2020-1380
IPS - Web Attack: Microsoft Internet Explorer CVE-2020-1380
CVE-2020-1567
IPS - Web Attack: Internet Explorer Remote Code Execution
CVE-2020-1570
IPS - Web Attack: Microsoft Internet Explorer CVE-2020-1570
CVE-2020-1587
AV - Exp.CVE-2020-1587
Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.
For the July release Microsoft addressed 125 vulnerabilities.
Symantec has introduced the following product detections based on available information:
CVE-2020-1147
IPS - Web Attack: Microsoft .NET Framework CVE-2020-1147
CVE-2020-1403
IPS - Web Attack: Microsoft ActiveX Data Objects RCE CVE-2019-0888
CVE-2020-1410
IPS - Web Attack: Microsoft Windows Address Book CVE-2020-1410 Download
CVE-2020-1350
IPS - OS Attack: Microsoft DNS Server CVE-2020-1350
Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.
- Reference:
AV Signatures: https://www.broadcom.com/support/security-center/a-z
IPS Signatures: https://www.broadcom.com/support/security-center/attacksignatures
Symantec continues to monitor in the wild usage and/or coverage feasibility for the other announced vulnerabilities and may add additional coverage where required.
Additional Information
Please inquire with your Support agent for more information.
Feedback
