Microsoft Security Bulletin Coverage for November 2018

November 14, 2018

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of November 2018. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2018-8256 Microsoft PowerShell Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8407 MSRPC Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8408 Windows Kernel Information Disclosure Vulnerability
ASPY 5317 : Malformed-File exe.MP.44
CVE-2018-8415 Microsoft PowerShell Tampering Vulnerability
There are no known exploits in the wild.
CVE-2018-8416 .NET Core Tampering Vulnerability
There are no known exploits in the wild.
CVE-2018-8417 Microsoft JScript Security Feature Bypass Vulnerability
IPS 13877 : Microsoft JScript Security Feature Bypass Vulnerability (NOV 18)
CVE-2018-8450 Windows Search Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8454 Windows Audio Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8471 Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8476 Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
IPS 13879 :Windows Deployment Services TFTP Server Vulnerability (NOV 18)
CVE-2018-8485 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8522 Microsoft Outlook Remote Code Execution Vulnerability
ASPY 5318 : Malformed-File rwz.MP
CVE-2018-8524 Microsoft Outlook Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8539 Microsoft Word Remote Code Execution Vulnerability
ASY 5319 : Malformed-File doc.MP.46
CVE-2018-8541 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8542 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13884 : Chakra Scripting Engine Memory Corruption Vulnerability (NOV 18) 5
CVE-2018-8543 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8544 Windows VBScript Engine Remote Code Execution Vulnerability
IPS 9436 : Microsoft Scripting Object Use-After-Free (MS13-099)
CVE-2018-8545 Microsoft Edge Information Disclosure Vulnerability
IPS 13883 : Microsoft Edge Information Disclosure Vulnerability (NOV 18)
CVE-2018-8546 Microsoft Skype for Business Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8547 Active Directory Federation Services XSS Vulnerability
There are no known exploits in the wild.
CVE-2018-8549 Windows Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8550 Windows COM Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8551 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8552 Windows Scripting Engine Memory Corruption Vulnerability
IPS 13878 : Windows Scripting Engine Memory Corruption Vulnerability (NOV 18)
CVE-2018-8553 Microsoft Graphics Components Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8554 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8555 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13880 : Chakra Scripting Engine Memory Corruption Vulnerability (NOV 18) 2
CVE-2018-8556 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13881 : Chakra Scripting Engine Memory Corruption Vulnerability (NOV 18) 3
CVE-2018-8557 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13882 : Chakra Scripting Engine Memory Corruption Vulnerability (NOV 18) 4
CVE-2018-8558 Microsoft Outlook Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8561 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8562 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8563 DirectX Information Disclosure Vulnerability
IPS 13885 : DirectX Information Disclosure Vulnerability (NOV 18)
CVE-2018-8564 Microsoft Edge Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2018-8565 Win32k Information Disclosure Vulnerability
ASPY 5316 : Malformed-File exe.MP.43
CVE-2018-8566 BitLocker Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8567 Microsoft Edge Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8568 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8570 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8572 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8573 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8574 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8575 Microsoft Project Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8576 Microsoft Outlook Remote Code Execution Vulnerability
ASPY 5318: Malformed-File rwz.MP
CVE-2018-8577 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8578 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8579 Microsoft Outlook Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8581 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8582 Microsoft Outlook Remote Code Execution Vulnerability
ASPY 5318 : Malformed-File rwz.MP
CVE-2018-8584 Windows ALPC Elevation of Privilege Vulnerability
IPS 5313 : Malformed-File exe.MP.42
CVE-2018-8588 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13876 : Chakra Scripting Engine Memory Corruption Vulnerability (NOV 18) 1
CVE-2018-8589 Windows Win32k Elevation of Privilege Vulnerability
ASPY 5312 : Malformed-File exe.MP.41
CVE-2018-8592 Windows Elevation Of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8600 Azure App Service Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2018-8602 Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2018-8605 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2018-8606 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2018-8607 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2018-8608 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2018-8609 Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability
There are no known exploits in the wild.

Adobe Coverage

APSB18-40
CVE-2018-15979 Acrobat Reader Information Disclosure Vulnerability
ASPY 5314:Malformed-File pdf.MP.323
APSB18-39
CVE-2018-15978  Flash Player Out-of-bounds Read
ASPY 5315 :Malformed-File swf.MP.596