Symantec product detections for Microsoft monthly Security Bulletins - February 2018
TECH249283
Last Updated May 20, 2019
readonly
This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Bulletins.
Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.
Note: These have been referred to previously as Security Advisories. The language has been updated to Security Bulletins to maintain cadence with Microsoft's terminology
Note: The fields for KB and Bulletin are no longer populated or used by Microsoft, and they no longer appear here as of April 2017
| ID and Rating |
CAN/CVE ID: ADV180004 BID: N/A Microsoft Rating: Critical |
| Vulnerability Type |
February 2018 Adobe Flash Security Update |
| Vulnerability Affects |
Adobe Flash Player |
| Details |
See Adobe.com |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0763 BID: 102873 Microsoft Rating: Critical |
| Vulnerability Type |
Microsoft Edge Information Disclosure Vulnerability |
| Vulnerability Affects |
Microsoft Edge |
| Details |
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker can exploit this issue to obtain sensitive information to further compromise the user’s system. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0825 BID: 102920 Microsoft Rating: Critical |
| Vulnerability Type |
StructuredQuery Remote Code Execution Vulnerability |
| Vulnerability Affects |
Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows Server 2012 R2 Microsoft Windows RT 8.1 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems |
| Details |
A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. |
| Intrusion Protection System (IPS) Response |
Sig ID: N/A |
| Other Detections |
AV: Exp.CVE-2018-0825 Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0834 BID: 102859 Microsoft Rating: Critical |
| Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
| Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore |
| Details |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. |
| Intrusion Protection System (IPS) Response |
Sig ID: N/A |
| Other Detections |
AV: Exp.CVE-2018-0834 Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0835 BID: 102874 Microsoft Rating: Critical |
| Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
| Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore |
| Details |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. |
| Intrusion Protection System (IPS) Response |
Sig ID: Web Attack: CVE-2018-0835 Remote Memory Corruption Vulnerability |
| Other Detections |
AV: Exp.CVE-2018-0835 Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0837 BID: 102876 Microsoft Rating: Critical |
| Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
| Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore |
| Details |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. |
| Intrusion Protection System (IPS) Response |
Sig ID: N/A |
| Other Detections |
AV: Exp.CVE-2018-0837 Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0838 BID: 102877 Microsoft Rating: Critical |
| Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
| Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore |
| Details |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Exp.CVE-2018-0838 Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0840 BID: 102886 Microsoft Rating: Critical |
| Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
| Vulnerability Affects |
Microsoft Internet Explorer 11 Microsoft Edge Microsoft Internet Explorer 10 Microsoft ChakraCore |
| Details |
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. |
| Intrusion Protection System (IPS) Response |
Sig ID: N/A |
| Other Detections |
AV: Exp.CVE-2018-0840 Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0852 BID: 102871 Microsoft Rating: Critical |
| Vulnerability Type |
Microsoft Outlook Memory Corruption Vulnerability |
| Vulnerability Affects |
Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2010 (32-bit editions) Service Pack 2 Microsoft Outlook 2010 (64-bit editions) Service Pack 2 Microsoft Outlook 2016 (32-bit editions) Microsoft Outlook 2016 (64-bit editions) Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Microsoft Outlook 2016 Click-to-Run (C2R) for 32-bit edition Microsoft Outlook 2016 Click-to-Run (C2R) for 64-bit edition Microsoft Outlook 2007 Service Pack 3
|
| Details |
A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
|
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0856 BID: 102880 Microsoft Rating: Critical |
| Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
| Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore |
| Details |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0857 BID: 102881 Microsoft Rating: Critical |
| Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
| Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore |
| Details |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0858 BID: 102865 Microsoft Rating: Critical |
| Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
| Vulnerability Affects |
Microsoft ChakraCore |
| Details |
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. |
| Intrusion Protection System (IPS) Response |
Sig ID: Web Attack: CVE-2018-0858 Remote Memory Corruption Vulnerability |
| Other Detections |
AV: Exp.CVE-2018-0858 Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0859 BID: 102882 Microsoft Rating: Critical |
| Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
| Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore |
| Details |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0860 BID: 102883 Microsoft Rating: Critical |
| Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
| Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore |
| Details |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. |
| Intrusion Protection System (IPS) Response |
Sig ID: N/A |
| Other Detections |
AV: Exp.CVE-2018-0860 Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0861 BID: 102884 Microsoft Rating: Critical |
| Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
| Vulnerability Affects |
Microsoft Edge |
| Details |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0863 BID: 102885 Microsoft Rating: Critical |
| Vulnerability Type |
Microsoft Edge Memory Corruption Vulnerability |
| Vulnerability Affects |
Microsoft Edge |
| Details |
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. |
| Intrusion Protection System (IPS) Response |
Sig ID: N/A |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0742 BID: 102937 Microsoft Rating: Important |
| Vulnerability Type |
Windows Kernel Elevation of Privilege Vulnerability |
| Vulnerability Affects |
Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows Server 2012 R2 Microsoft Windows RT 8.1 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 |
| Details |
A privilege escalation vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. |
| Intrusion Protection System (IPS) Response |
Sig ID: N/A |
| Other Detections |
AV: Exp.CVE-2018-0742 Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0755 BID: 102934 Microsoft Rating: Important |
| Vulnerability Type |
Windows EOT Font Information Disclosure Vulnerability |
| Vulnerability Affects |
Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 |
| Details |
An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0756 BID: 102941 Microsoft Rating: Important |
| Vulnerability Type |
Windows Kernel Elevation of Privilege Vulnerability |
| Vulnerability Affects |
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems |
| Details |
A privilege escalation vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. |
| Intrusion Protection System (IPS) Response |
Sig ID: N/A |
| Other Detections |
AV: Exp.CVE-2018-0756 Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0757 BID: 102947 Microsoft Rating: Important |
| Vulnerability Type |
Windows Kernel Information Disclosure Vulnerability |
| Vulnerability Affects |
Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows Server 2012 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems
|
| Details |
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0760 BID: 102953 Microsoft Rating: Important |
| Vulnerability Type |
Windows EOT Font Information Disclosure Vulnerability |
| Vulnerability Affects |
Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 |
| Details |
An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0761 BID: 102952 Microsoft Rating: Important |
| Vulnerability Type |
Windows EOT Font Information Disclosure Vulnerability |
| Vulnerability Affects |
Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 |
| Details |
An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0808 BID: 102956 Microsoft Rating: Important |
| Vulnerability Type |
ASP.NET Core Denial Of Service Vulnerability |
| Vulnerability Affects |
Microsoft ASP.NET |
| Details |
A denial of service vulnerability exists when ASP. NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0809 BID: 102933 Microsoft Rating: Important |
| Vulnerability Type |
Windows Elevation of Privilege Vulnerability |
| Vulnerability Affects |
Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems |
| Details |
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0810 BID: 102938 Microsoft Rating: Important |
| Vulnerability Type |
Windows Kernel Information Disclosure Vulnerability |
| Vulnerability Affects |
Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows Server 2012 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems SP2 |
| Details |
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0820 BID: 102945 Microsoft Rating: Important |
| Vulnerability Type |
Windows Kernel Elevation Of Privilege Vulnerability |
| Vulnerability Affects |
Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows Server 2012 R2 Microsoft Windows RT 8.1 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2
|
| Details |
A privilege escalation vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0821 BID: 102939 Microsoft Rating: Important |
| Vulnerability Type |
Windows AppContainer Elevation Of Privilege Vulnerability |
| Vulnerability Affects |
Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows 10 version 1703 for x64-based Systems |
| Details |
A privilege escalation vulnerability exists when AppContainer improperly implements constrained impersonation. An attacker who successfully exploited this vulnerability could run processes in an elevated context. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0822 BID: 102942 Microsoft Rating: Important |
| Vulnerability Type |
Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability |
| Vulnerability Affects |
Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows 10 version 1703 for x64-based Systems |
| Details |
A privilege escalation vulnerability exists when NTFS improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0823 BID: 102919 Microsoft Rating: Important |
| Vulnerability Type |
Named Pipe File System Elevation of Privilege Vulnerability |
| Vulnerability Affects |
Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems |
| Details |
A privilege escalation vulnerability exists when Named Pipe File System improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0826 BID: 102944 Microsoft Rating: Important |
| Vulnerability Type |
Windows Storage Services Elevation of Privilege Vulnerability |
| Vulnerability Affects |
Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows 10 version 1703 for x64-based Systems
|
| Details |
A privilege escalation vulnerability exists when Storage Services improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0827 BID: 102927 Microsoft Rating: Important |
| Vulnerability Type |
Windows Security Feature Bypass Vulnerability |
| Vulnerability Affects |
Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 version 1703 for x64-based Systems
|
| Details |
A security bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0828 BID: 102935 Microsoft Rating: Important |
| Vulnerability Type |
Windows Elevation of Privilege Vulnerability |
| Vulnerability Affects |
Microsoft Windows Server 2016 Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems |
| Details |
A privilege escalation vulnerability exists in Microsoft Windows when the MultiPoint management account password is improperly secured. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated privileges. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0829 BID: 102948 Microsoft Rating: Important |
| Vulnerability Type |
Windows Kernel Information Disclosure Vulnerability |
| Vulnerability Affects |
Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows Server 2012 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems
|
| Details |
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0830 BID: 102949 Microsoft Rating: Important |
| Vulnerability Type |
Windows Kernel Information Disclosure Vulnerability |
| Vulnerability Affects |
Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows Server 2016 Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows Server 2012 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems
|
| Details |
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0831 BID: 102943 Microsoft Rating: Important |
| Vulnerability Type |
Windows Kernel Elevation of Privilege Vulnerability |
| Vulnerability Affects |
Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows Server 2016 |
| Details |
A privilege escalation vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0832 BID: 102923 Microsoft Rating: Important |
| Vulnerability Type |
Windows Information Disclosure Vulnerability |
| Vulnerability Affects |
Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows Server 2012 R2 Microsoft Windows RT 8.1 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems
|
| Details |
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0836 BID: 102875 Microsoft Rating: Important |
| Vulnerability Type |
Scripting Engine Memory Corruption Vulnerability |
| Vulnerability Affects |
Microsoft Edge Microsoft ChakraCore |
| Details |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0839 BID: 102860 Microsoft Rating: Important |
| Vulnerability Type |
Microsoft Edge Information Disclosure Vulnerability |
| Vulnerability Affects |
Microsoft Edge |
| Details |
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker can exploit this issue to obtain sensitive information to further compromise the user’s system. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0841 BID: 102957 Microsoft Rating: Important |
| Vulnerability Type |
Microsoft Office Remote Code Execution Vulnerability |
| Vulnerability Affects |
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit edition Microsoft Office 2016 Click-to-Run (C2R) for 64-bit edition
|
| Details |
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. |
| Intrusion Protection System (IPS) Response |
Sig ID: N/A |
| Other Detections |
AV: Exp.CVE-2018-0841 Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0842 BID: 102946 Microsoft Rating: Important |
| Vulnerability Type |
Windows Remote Code Execution Vulnerability |
| Vulnerability Affects |
Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows Server 2016
|
| Details |
A remote code execution vulnerability exist when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. |
| Intrusion Protection System (IPS) Response |
Sig ID: N/A |
| Other Detections |
AV: Exp.CVE-2018-0842 Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0843 BID: 102951 Microsoft Rating: Important |
| Vulnerability Type |
Windows Kernel Information Disclosure Vulnerability |
| Vulnerability Affects |
Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems |
| Details |
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0844 BID: 102929 Microsoft Rating: Important |
| Vulnerability Type |
Windows Common Log File System Driver Elevation Of Privilege Vulnerability |
| Vulnerability Affects |
Microsoft Windows Server 2008 for x64-based Systems R2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows Server 2012 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows Server 2012 R2 Microsoft Windows RT 8.1 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems
|
| Details |
A privilege escalation vulnerability exist when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. |
| Intrusion Protection System (IPS) Response |
Sig ID: N/A |
| Other Detections |
AV: N/A Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0846 BID: 102931 Microsoft Rating: Important |
| Vulnerability Type |
Windows Common Log File System Driver Elevation Of Privilege Vulnerability |
| Vulnerability Affects |
Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows Server 2012 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows Server 2012 R2 Microsoft Windows RT 8.1 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems R2
|
| Details |
A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. |
| Intrusion Protection System (IPS) Response |
Sig ID: N/A |
| Other Detections |
AV: N/A Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0847 BID: 102861 Microsoft Rating: Important |
| Vulnerability Type |
Internet Explorer Information Disclosure Vulnerability |
| Vulnerability Affects |
Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
| Details |
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker can exploit this issue to obtain sensitive information to further compromise the user’s system. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0850 BID: 102866 Microsoft Rating: Important |
| Vulnerability Type |
Microsoft Outlook Elevation of Privilege Vulnerability |
| Vulnerability Affects |
Microsoft Outlook 2007 Service Pack 3 Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2010 (32-bit editions) Service Pack 2 Microsoft Outlook 2010 (64-bit editions) Service Pack 2 Microsoft Outlook 2016 (32-bit editions) Microsoft Outlook 2016 (64-bit editions) Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 Click-to-Run (C2R) for 32-bit edition Microsoft Office 2016 Click-to-Run (C2R) for 64-bit edition
|
| Details |
A privilege escalation vulnerability exists when Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB). |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0851 BID: 102870 Microsoft Rating: Important |
| Vulnerability Type |
Microsoft Office Memory Corruption Vulnerability |
| Vulnerability Affects |
Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 Click-to-Run (C2R) for 32-bit edition Microsoft Office 2016 Click-to-Run (C2R) for 64-bit edition Microsoft Office Word Viewer Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2013 RT Service Pack 1
|
| Details |
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0853 BID: 102868 Microsoft Rating: Important |
| Vulnerability Type |
Microsoft Office Information Disclosure Vulnerability |
| Vulnerability Affects |
Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 Click-to-Run (C2R) for 32-bit edition Microsoft Office 2016 Click-to-Run (C2R) for 64-bit edition Microsoft Office 2013 Service Pack 1 (32-bit editions)
|
| Details |
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0854 BID: 102928 Microsoft Rating: Important |
| Vulnerability Type |
Windows Security Feature Bypass Vulnerability |
| Vulnerability Affects |
Microsoft Windows 10 version 1703 for x64-based Systems Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows Server 2016 Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems
|
| Details |
A security bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0855 BID: 102936 Microsoft Rating: Important |
| Vulnerability Type |
Windows EOT Font Information Disclosure Vulnerability |
| Vulnerability Affects |
Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows 7 for 32-bit Systems SP1 |
| Details |
An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0864 BID: 102962 Microsoft Rating: Important |
| Vulnerability Type |
Microsoft SharePoint Elevation of Privilege Vulnerability |
| Vulnerability Affects |
Microsoft Project Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 |
| Details |
A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0869 BID: 102963 Microsoft Rating: Important |
| Vulnerability Type |
Clone of Microsoft SharePoint Elevation of Privilege Vulnerability |
| Vulnerability Affects |
Microsoft SharePoint Enterprise Server 2016
|
| Details |
A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0771 BID: 102857 Microsoft Rating: Moderate |
| Vulnerability Type |
Microsoft Edge Security Feature Bypass |
| Vulnerability Affects |
Microsoft Edge |
| Details |
A security bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
| ID and Rating |
CAN/CVE ID: CVE-2018-0833 BID: 102924 Microsoft Rating: Moderate |
| Vulnerability Type |
SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability |
| Vulnerability Affects |
Microsoft Windows RT 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems |
| Details |
A denial of service vulnerability exists in implementations of the Microsoft Server Message Block. The vulnerability is due to improper handling of certain requests sent by a malicious SMB server to the client. |
| Intrusion Protection System (IPS) Response |
Sig ID: Under review |
| Other Detections |
AV: Under review Data Center Security: |
Imported Document ID: TECH226911
Subscribing will provide email updates when this Article is updated. Login is required.
-
Endpoint Protection
12.1 RU4, 12.1 RU3, 12.1 RU2 MP1, 12.1 RU2, 12.1 RU1 MP1, 12.1 RU1, 11.0 RU7, 11.0 RU6a, 11.0 RU6 MP3, 11.0 RU6 MP2, 11.0 RU6 MP1, 11.0 RU6, 11.0 RU5, 11.0 RTM, 11.0 MR4 MP2, 11.0 MR4 MP1a, 11.0 MR4 (11.0.4), 11.0 MR3 (11.0.3001), 11.0 MR2 (11.0.2) MP2, 11.0 MR2 (11.0.2) MP1, 11.0 MR1 (11.0.1) MP1
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.
Start Over
This will clear the history and restart the chat.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)