Microsoft Security Bulletin Coverage for September 2018

September 12, 2018

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of September 2018. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2018-0965 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8269 OData Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8271 Windows Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8315 Microsoft Scripting Engine Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8331 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8332 Win32k Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8335 Windows SMB Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8336 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8337 Windows Subsystem for Linux Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8354 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8366 Microsoft Edge Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8367 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13598 : Chakra Scripting Engine Memory Corruption Vulnerability (SEP 18) 3
CVE-2018-8391 Scripting Engine Memory Corruption Vulnerability
IPS 13599 : Chakra Scripting Engine Memory Corruption Vulnerability (SEP 18) 4
CVE-2018-8392 Microsoft JET Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8393 Microsoft JET Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8409 ASP.NET Core Denial of Service
There are no known exploits in the wild.
CVE-2018-8410 Windows Registry Elevation of Privilege Vulnerability
ASPY 5251 : Malformed-File exe.MP.36
CVE-2018-8419 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8420 MS XML Remote Code Execution Vulnerability
IPS  13600 : MS XML Remote Code Execution Vulnerability (SEP 18)
CVE-2018-8421 .NET Framework Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8423 Microsoft JET Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8424 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8425 Microsoft Edge Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2018-8426 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2018-8428 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8429 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8430 Word PDF Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8431 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8433 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8434 Windows Hyper-V Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8435 Windows Hyper-V Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8436 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8437 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8438 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8439 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8440 Windows ALPC Elevation of Privilege Vulnerability
GAV 2809 : Injector.PC
CVE-2018-8441 Windows Subsystem for Linux Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8442 Windows Kernel Information Disclosure Vulnerability
SPY 5252 : Malformed-File exe.MP.37
CVE-2018-8443 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8444 Windows SMB Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8445 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8446
There are no known exploits in the wild.
CVE-2018-8447 Internet Explorer Memory Corruption Vulnerability
IPS 13601 : Internet Explorer Memory Corruption Vulnerability (SEP 18) 1
CVE-2018-8449 Device Guard Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8452 Scripting Engine Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8455 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8456 Scripting Engine Memory Corruption Vulnerability
IPS 13602 : Chakra Scripting Engine Memory Corruption Vulnerability (SEP 18) 5
CVE-2018-8457 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8459 Scripting Engine Memory Corruption Vulnerability
IPS 13603 : Chakra Scripting Engine Memory Corruption Vulnerability (SEP 18) 6
CVE-2018-8461 Internet Explorer Memory Corruption Vulnerability
IPS 13604 : Internet Explorer Memory Corruption Vulnerability (SEP 18) 2
CVE-2018-8462 DirectX Graphics Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8463 Microsoft Edge Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8464 Microsoft Edge PDF Remote Code Execution Vulnerability
ASPY 5244 : Malformed-File pdf.MP.320
CVE-2018-8465 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8466 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13594 : Chakra Scripting Engine Memory Corruption Vulnerability (SEP 18) 1
CVE-2018-8467 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13595 : Chakra Scripting Engine Memory Corruption Vulnerability (SEP 18) 2
CVE-2018-8468 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8469 Microsoft Edge Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8470 Internet Explorer Security Feature Bypass Vulnerability
IPS 13597 : Internet Explorer Security Feature Bypass Vulnerability (SEP 18)
CVE-2018-8474 Lync for Mac 2011 Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8475 Windows Remote Code Execution Vulnerability
ASPY 5253 : Malformed-File tif.MP.23
CVE-2018-8479 Azure IoT SDK Spoofing Vulnerability
There are no known exploits in the wild.