https://community.extremenetworks.com/t5/end-of-service-products/new-dragon-ips-signature-release-december-2018/m-p/24112#M472 The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:<BR /> <BR /> EDGE:CHAKRA-SCRIPT11<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8624" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8624</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8624<BR /> <BR /> <BR /> EDGE:SCRIPT-ENG-MEM-CORRUPT-93<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8629" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8629</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8629<BR /> <BR /> <BR /> EDGE:SCRIPT-ENG-MEM-CORRUPT-94<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8583" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8583</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8583<BR /> <BR /> <BR /> EDGE:SCRIPT-ENG-MEM-CORRUPT-95<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8618" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8618</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8618<BR /> <BR /> <BR /> IE:MEMORY-CORRUPTION-RCE-343<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists when a Microsoft browser improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8631" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8631</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8631<BR /> <BR /> <BR /> IE:SCRIPTING-ENGINE-RCE-59<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8643" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8643</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8643<BR /> <BR /> <BR /> IE:SCRIPTING-ENGINE-RCE-60<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in Internet Explorer when the VBScript execution policy does not properly restrict VBScript under specific conditions. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8619" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8619</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8619<BR /> <BR /> <BR /> MS:TEXT-TO-SPEECH-RCE<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8634" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8634</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8634<BR /> <BR /> <BR /> MS:VBSCRIPT-ENGINE-RCE-4<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8625" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8625</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8625 Wed, 12 Dec 2018 20:18:00 GMT Dudley__Jeff 2018-12-12T20:18:00Z https://community.extremenetworks.com/t5/end-of-service-products/new-dragon-ips-signature-release-december-2018/m-p/24112#M472 The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:<BR /> <BR /> EDGE:CHAKRA-SCRIPT11<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8624" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8624</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8624<BR /> <BR /> <BR /> EDGE:SCRIPT-ENG-MEM-CORRUPT-93<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8629" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8629</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8629<BR /> <BR /> <BR /> EDGE:SCRIPT-ENG-MEM-CORRUPT-94<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8583" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8583</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8583<BR /> <BR /> <BR /> EDGE:SCRIPT-ENG-MEM-CORRUPT-95<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8618" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8618</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8618<BR /> <BR /> <BR /> IE:MEMORY-CORRUPTION-RCE-343<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists when a Microsoft browser improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8631" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8631</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8631<BR /> <BR /> <BR /> IE:SCRIPTING-ENGINE-RCE-59<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8643" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8643</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8643<BR /> <BR /> <BR /> IE:SCRIPTING-ENGINE-RCE-60<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in Internet Explorer when the VBScript execution policy does not properly restrict VBScript under specific conditions. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8619" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8619</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8619<BR /> <BR /> <BR /> MS:TEXT-TO-SPEECH-RCE<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8634" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8634</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8634<BR /> <BR /> <BR /> MS:VBSCRIPT-ENGINE-RCE-4<BR /> UPDATE-TYPE: New Signature<BR /> CLASSIFICATION: BETA<BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> REFERENCE: URLREF<BR /> <A href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8625" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8625</A><BR /> REFERENCE: CVE<BR /> CVE-2018-8625 Wed, 12 Dec 2018 20:18:00 GMT https://community.extremenetworks.com/t5/end-of-service-products/new-dragon-ips-signature-release-december-2018/m-p/24112#M472 Dudley__Jeff 2018-12-12T20:18:00Z https://community.extremenetworks.com/t5/end-of-service-products/new-dragon-ips-signature-release-december-2018/m-p/24113#M473 thank you for info Wed, 17 Jul 2019 18:58:00 GMT https://community.extremenetworks.com/t5/end-of-service-products/new-dragon-ips-signature-release-december-2018/m-p/24113#M473 strom_tr00per 2019-07-17T18:58:00Z