Microsoft Security Bulletin Coverage for July 2018

July 11, 2018

SonicWall Capture Labs Threats Research Team has analyzed and addressed Microsoft’s security advisories for the month of July 2018. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2018-0949 Internet Explorer Security Feature Bypass Vulnerability
IPS : 13412 Internet Explorer Security Feature Bypass Vulnerability (JUL 18)
CVE-2018-8125 Chakra Scripting Engine Memory Corruption Vulnerability
IPS : 13418 Chakra Scripting Engine Memory Corruption Vulnerability (JUL 18)
CVE-2018-8171 ASP.NET Core Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8172 Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8202 .NET Framework Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8206 Windows FTP Server Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8222 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8232 Microsoft Macro Assembler Tampering Vulnerability
There are no known exploits in the wild.
CVE-2018-8238 Skype for Business and Lync Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8242 Scripting Engine Memory Corruption Vulnerability
13414Scripting Engine Memory Corruption Vulnerability (JUL 18) 4
CVE-2018-8260 .NET Framework Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8262 Microsoft Edge Memory Corruption Vulnerability
IPS : 13415 Microsoft Edge Memory Corruption Vulnerability (JUL 18) 1
CVE-2018-8274 Microsoft Edge Memory Corruption Vulnerability
IPS : 13417 Microsoft Edge Memory Corruption Vulnerability (JUL 18) 2
CVE-2018-8275 Scripting Engine Memory Corruption Vulnerability
IPS : 13416 Scripting Engine Memory Corruption Vulnerability (JUL 18) 5
CVE-2018-8276 Scripting Engine Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8278 Microsoft Edge Spoofing Vulnerability
IPS : 13419Microsoft Edge Spoofing Vulnerability (JUL 18)
CVE-2018-8279 Scripting Engine Memory Corruption Vulnerability
IPS : 13420Microsoft Edge Memory Corruption Vulnerability (JUL 18) 3
CVE-2018-8280 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8281 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8282 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8283 Scripting Engine Memory Corruption Vulnerability
IPS : 13421 Scripting Engine Memory Corruption Vulnerability (JUL 18) 6
CVE-2018-8284 .NET Framework Remote Code Injection Vulnerability
There are no known exploits in the wild.
CVE-2018-8286 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8287 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8288 Scripting Engine Memory Corruption Vulnerability
IPS : 13422 Scripting Engine Memory Corruption Vulnerability (JUL 18) 7
CVE-2018-8289 Microsoft Edge Information Disclosure Vulnerability
IPS : 13423 Microsoft Edge Information Disclosure Vulnerability (JUL 18) 3
CVE-2018-8290 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8291 Scripting Engine Memory Corruption Vulnerability
IPS : 13407 Scripting Engine Memory Corruption Vulnerability (JUL 18) 1
CVE-2018-8294 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8296 Scripting Engine Memory Corruption Vulnerability
IPS : 13410 Scripting Engine Memory Corruption Vulnerability (JUL 18) 3
CVE-2018-8297 Microsoft Edge Information Disclosure Vulnerability
IPS : 13408 Microsoft Edge Information Disclosure Vulnerability (JUL 18) 1
CVE-2018-8298 Scripting Engine Memory Corruption Vulnerability
IPS : 13409 Scripting Engine Memory Corruption Vulnerability (JUL 18) 2
CVE-2018-8299 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8300 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8301 Microsoft Edge Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8304 Windows DNSAPI Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8305 Windows Mail Client Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8306 Microsoft Wireless Display Adapter Command Injection Vulnerability
There are no known exploits in the wild.
CVE-2018-8307 WordPad Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8308 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8309 Windows Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8310 Microsoft Office Tampering Vulnerability
There are no known exploits in the wild.
CVE-2018-8311 Remote Code Execution Vulnerability in Skype For Business and Lync
There are no known exploits in the wild.
CVE-2018-8312 Microsoft Access Remote Code Execution Use After Free Vulnerability
There are no known exploits in the wild.
CVE-2018-8313 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8314 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8319 MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8323 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8324 Microsoft Edge Information Disclosure Vulnerability
IPS : 13411 Microsoft Edge Information Disclosure Vulnerability (JUL 18) 2
CVE-2018-8325 Microsoft Edge Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8326 Open Source Customization for Active Directory Federation Services XSS Vulnerability
There are no known exploits in the wild.
CVE-2018-8327 PowerShell Editor Services Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8356 .NET Framework Security Feature Bypass Vulnerability
There are no known exploits in the wild.

Adobe Flash (APSB18-24 ) and Adobe Reader (APSB18-21) Coverage :

CVE-2018-5007 Arbitrary Code Execution
ASPY: 5192 Malformed-File swf.MP.595
CVE-2018-5008 Information Disclosure
ASPY: 5189 Malformed-File swf.MP.594

CVE-2018-5028 Heap Overflow
ASPY : 5188 Malformed-File xps.MP.5
CVE-2018-5040 Heap Overflow
ASPY : 5184 Malformed-File pdf.MP.317
CVE-2018-5052 Heap Overflow
ASPY : 5185 Malformed-File pdf.MP.318
CVE-2018-5061 Out-of-bounds read
ASPY : 5186 Malformed-File emf.MP.63
CVE-2018-12789 Out-of-bounds read
ASPY : 5187 Malformed-File emf.MP.64