Microsoft Security Bulletin Coverage for June 2018

June 13, 2018

SonicWall Capture Labs Threats Research Team has analyzed and addressed Microsoft’s security advisories for the month of June 2018. A list of issues reported, along with SonicWall coverage information are as follows:

  • CVE-2018-0871 Microsoft Edge Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0978 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0982 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1036 NTFS Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1040 Windows Code Integrity Module Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8110 Microsoft Edge Memory Corruption Vulnerability
    IPS : 13373 Microsoft Edge Memory Corruption Vulnerability (JUN 18) 2
  • CVE-2018-8111 Microsoft Edge Memory Corruption Vulnerability
    IPS : 13374 Microsoft Edge Memory Corruption Vulnerability (JUN 18) 3
  • CVE-2018-8113 Internet Explorer Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8121 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8140 Cortana Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8169 HIDParser Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8175 WEBDAV Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8201 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8205 Windows Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8207 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8208 Windows Desktop Bridge Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8209 Windows Wireless Network Profile Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8210 Windows Remote Code Execution Vulnerability
    ASPY : 5178 Malformed-File wim.MP.1
  • CVE-2018-8211 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8212 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8213 Windows Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8214 Windows Desktop Bridge Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8215 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8216 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8217 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8218 Windows Hyper-V Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8219 Hypervisor Code Integrity Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8221 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8224 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8225 Windows DNSAPI Remote Code Execution Vulnerability
    IPS : 13378 Windows DNSAPI Remote Code Execution (JUN 18)
  • CVE-2018-8226 HTTP.sys Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8227 Chakra Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8229 Chakra Scripting Engine Memory Corruption Vulnerability
    IPS : 13377 Chakra Scripting Engine Memory Corruption Vulnerability (JUN 18) 1
  • CVE-2018-8231 HTTP Protocol Stack Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8233 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8234 Microsoft Edge Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8235 Microsoft Edge Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8236 Microsoft Edge Memory Corruption Vulnerability
    IPS : 13371 Microsoft Edge Memory Corruption Vulnerability (JUN 18)
  • CVE-2018-8239 Windows GDI Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8243 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8244 Microsoft Outlook Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8245 Microsoft Office Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8246 Microsoft Excel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8247 Microsoft Office Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8248 Microsoft Excel Remote Code Execution Vulnerability
    ASPY : 5177 Malformed-File rtf.MP.25
  • CVE-2018-8249 Internet Explorer Memory Corruption Vulnerability
    IPS : 13372 Internet Explorer Memory Corruption Vulnerability (JUN 18) 1
  • CVE-2018-8251 Media Foundation Memory Corruption Vulnerability
    IPS : 13375 Microsoft Edge Memory Corruption Vulnerability (JUN 18) 4
  • CVE-2018-8252 Microsoft SharePoint Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8254 Microsoft SharePoint Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8267 Scripting Engine Memory Corruption Vulnerability
    IPS: 13376 Scripting Engine Memory Corruption Vulnerability (Jun 18) 1

Adobe Flash (APSB18-19 ) Coverage :

  • CVE-2018-4945 Arbitrary Code Execution
    ASPY : 5172 Malformed-File swf.MP.591
  • CVE-2018-5000 Information Disclosure
    ASPY : 5173 Malformed-File swf.MP.592
  • CVE-2018-5001 Information Disclosure
    ASPY : 5174 Malformed-File swf.MP.593
  • CVE-2018-5002 Arbitrary Code Execution
    ASPY : 5171 Malformed-File swf.MP.590

GAV : 16696 CVE-2018-5002
GAV : 16701 CVE-2018-5002_2