Microsoft Security Bulletin Coverage for December 2018

December 11, 2018

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of December 2018. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2018-8477 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8514 Remote Procedure Call runtime Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8517 .NET Framework Denial Of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8540 .NET Framework Remote Code Injection Vulnerability
There are no known exploits in the wild.
CVE-2018-8580 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8583 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13943 Chakra Scripting Engine Memory Corruption Vulnerability (DEC 18) 3
CVE-2018-8587 Microsoft Outlook Remote Code Execution Vulnerability
ASPY 5339 Malformed-File rwz.MP.2
CVE-2018-8595 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8596 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8597 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8598 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8599 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8604 Microsoft Exchange Server Tampering Vulnerability
There are no known exploits in the wild.
CVE-2018-8611 Windows Kernel Elevation of Privilege Vulnerability
ASPY 5341 Malformed-File exe.MP.46
CVE-2018-8612 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8617 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 3756 EXPLOIT HTTP Client Shellcode 19
CVE-2018-8618 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13944 Chakra Scripting Engine Memory Corruption Vulnerability (DEC 18) 4
CVE-2018-8619 Internet Explorer Remote Code Execution Vulnerability
IPS 13939 Internet Explorer Remote Code Execution Vulnerability (DEC 18)
CVE-2018-8621 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8622 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8624 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13936 Chakra Scripting Engine Memory Corruption Vulnerability (DEC 18) 1
CVE-2018-8625 Windows VBScript Engine Remote Code Execution Vulnerability
IPS 13945 VBScript Engine Remote Code Execution Vulnerability (DEC 18) 1
CVE-2018-8626 Windows DNS Server Heap Overflow Vulnerability
There are no known exploits in the wild.
CVE-2018-8627 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8628 Microsoft PowerPoint Remote Code Execution Vulnerability
ASPY 5340 Malformed-File ppt.MP.8
CVE-2018-8629 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13937 Chakra Scripting Engine Memory Corruption Vulnerability (DEC 18) 2
CVE-2018-8631 Internet Explorer Memory Corruption Vulnerability
IPS 13935 Internet Explorer Memory Corruption Vulnerability (DEC 18) 2
CVE-2018-8634 Microsoft Text-To-Speech Remote Code Execution Vulnerability
IPS 13934 Internet Explorer Memory Corruption Vulnerability (DEC 18) 1
CVE-2018-8635 Microsoft SharePoint Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8636 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8637 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8638 DirectX Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8639 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8641 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8643 Scripting Engine Memory Corruption Vulnerability
IPS 13946 Windows Scripting Engine Memory Corruption Vulnerability (DEC 18) 1
CVE-2018-8649 Windows Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8651 Microsoft Dynamics NAV Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2018-8652 Windows Azure Pack Cross Site Scripting Vulnerability
There are no known exploits in the wild.