https://community.extremenetworks.com/t5/end-of-service-products/new-dragon-ips-signatures-released/m-p/25193#M633 The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:<BR /> <BR /> <BR /> <BR /> EDGE:MEMORY-CORRUPTION-RCE-41<BR /> <BR /> UPDATE-TYPE: New Signature<BR /> <BR /> CLASSIFICATION: BETA<BR /> <BR /> DESCRIPTION: A remote code injection vulnerability exists when Microsoft Edge incorrectly accesses certain objects in memory. Microsoft has released a patch for this vulnerability.<BR /> <BR /> REFERENCE: URLREF<BR /> <BR /> <A href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8617" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8617</A><BR /> <BR /> REFERENCE: CVE<BR /> <BR /> CVE-2017-8617<BR /> <BR /> <BR /> <BR /> <BR /> <BR /> EDGE:SCRIPT-ENG-MEM-CORRUPT-36<BR /> <BR /> UPDATE-TYPE: New Signature<BR /> <BR /> CLASSIFICATION: BETA<BR /> <BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> <BR /> REFERENCE: URLREF<BR /> <BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8598" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8598</A><BR /> <BR /> REFERENCE: CVE<BR /> <BR /> CVE-2017-8598<BR /> <BR /> <BR /> <BR /> <BR /> <BR /> EDGE:SCRIPT-ENG-MEM-CORRUPT-37<BR /> <BR /> UPDATE-TYPE: New Signature<BR /> <BR /> CLASSIFICATION: BETA<BR /> <BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> <BR /> REFERENCE: URLREF<BR /> <BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8601" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8601</A><BR /> <BR /> REFERENCE: CVE<BR /> <BR /> CVE-2017-8601<BR /> <BR /> <BR /> <BR /> <BR /> <BR /> EDGE:SCRIPT-ENG-MEM-CORRUPT-38<BR /> <BR /> UPDATE-TYPE: New Signature<BR /> <BR /> CLASSIFICATION: BETA<BR /> <BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> <BR /> REFERENCE: URLREF<BR /> <BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8605" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8605</A><BR /> <BR /> REFERENCE: CVE<BR /> <BR /> CVE-2017-8605<BR /> <BR /> <BR /> <BR /> <BR /> <BR /> EDGE:SCRIPT-ENG-MEM-CORRUPT-39<BR /> <BR /> UPDATE-TYPE: New Signature<BR /> <BR /> CLASSIFICATION: BETA<BR /> <BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> <BR /> REFERENCE: URLREF<BR /> <BR /> <A href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8619" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8619</A><BR /> <BR /> REFERENCE: CVE<BR /> <BR /> CVE-2017-8619<BR /> <BR /> <BR /> <BR /> <BR /> <BR /> HTTP:MS-BROWSER-CORS-BYPASS<BR /> <BR /> UPDATE-TYPE: New Signature<BR /> <BR /> CLASSIFICATION: BETA<BR /> <BR /> DESCRIPTION: A vulnerability in Microsoft Internet Explorer and Microsoft Edge browsers allows for cross-origin resource sharing (CORS) restrictions to be bypassed, potentially exposing sensitive data to a third-party or attacker. Microsoft has released a patch for this vulnerability.<BR /> <BR /> REFERENCE: URLREF<BR /> <BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8592" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8592</A><BR /> <BR /> REFERENCE: CVE<BR /> <BR /> CVE-2017-8592<BR /> <BR /> <BR /> <BR /> <BR /> <BR /> IE:MEMORY-CORRUPTION-RCE-329<BR /> <BR /> UPDATE-TYPE: New Signature<BR /> <BR /> CLASSIFICATION: BETA<BR /> <BR /> DESCRIPTION: A remote code vulnerability exists when Microsoft Internet Explorer renders certain HTML parameters. Microsoft has released a patch for this vulnerability.<BR /> <BR /> REFERENCE: URLREF<BR /> <BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8594" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8594</A><BR /> <BR /> REFERENCE: CVE<BR /> <BR /> CVE-2017-8594<BR /> <BR /> <BR /> <BR /> <BR /> <BR /> IE:SCRIPTING-ENGINE-RCE-14<BR /> <BR /> UPDATE-TYPE: New Signature<BR /> <BR /> CLASSIFICATION: BETA<BR /> <BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> <BR /> REFERENCE: URLREF<BR /> <BR /> <A href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8618" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8618</A><BR /> <BR /> REFERENCE: CVE<BR /> <BR /> CVE-2017-8618<BR /> <BR /> <BR /> <BR /> <BR /> <BR /> Wed, 12 Jul 2017 17:19:00 GMT Dudley__Jeff 2017-07-12T17:19:00Z https://community.extremenetworks.com/t5/end-of-service-products/new-dragon-ips-signatures-released/m-p/25193#M633 The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:<BR /> <BR /> <BR /> <BR /> EDGE:MEMORY-CORRUPTION-RCE-41<BR /> <BR /> UPDATE-TYPE: New Signature<BR /> <BR /> CLASSIFICATION: BETA<BR /> <BR /> DESCRIPTION: A remote code injection vulnerability exists when Microsoft Edge incorrectly accesses certain objects in memory. Microsoft has released a patch for this vulnerability.<BR /> <BR /> REFERENCE: URLREF<BR /> <BR /> <A href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8617" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8617</A><BR /> <BR /> REFERENCE: CVE<BR /> <BR /> CVE-2017-8617<BR /> <BR /> <BR /> <BR /> <BR /> <BR /> EDGE:SCRIPT-ENG-MEM-CORRUPT-36<BR /> <BR /> UPDATE-TYPE: New Signature<BR /> <BR /> CLASSIFICATION: BETA<BR /> <BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> <BR /> REFERENCE: URLREF<BR /> <BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8598" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8598</A><BR /> <BR /> REFERENCE: CVE<BR /> <BR /> CVE-2017-8598<BR /> <BR /> <BR /> <BR /> <BR /> <BR /> EDGE:SCRIPT-ENG-MEM-CORRUPT-37<BR /> <BR /> UPDATE-TYPE: New Signature<BR /> <BR /> CLASSIFICATION: BETA<BR /> <BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> <BR /> REFERENCE: URLREF<BR /> <BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8601" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8601</A><BR /> <BR /> REFERENCE: CVE<BR /> <BR /> CVE-2017-8601<BR /> <BR /> <BR /> <BR /> <BR /> <BR /> EDGE:SCRIPT-ENG-MEM-CORRUPT-38<BR /> <BR /> UPDATE-TYPE: New Signature<BR /> <BR /> CLASSIFICATION: BETA<BR /> <BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> <BR /> REFERENCE: URLREF<BR /> <BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8605" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8605</A><BR /> <BR /> REFERENCE: CVE<BR /> <BR /> CVE-2017-8605<BR /> <BR /> <BR /> <BR /> <BR /> <BR /> EDGE:SCRIPT-ENG-MEM-CORRUPT-39<BR /> <BR /> UPDATE-TYPE: New Signature<BR /> <BR /> CLASSIFICATION: BETA<BR /> <BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> <BR /> REFERENCE: URLREF<BR /> <BR /> <A href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8619" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8619</A><BR /> <BR /> REFERENCE: CVE<BR /> <BR /> CVE-2017-8619<BR /> <BR /> <BR /> <BR /> <BR /> <BR /> HTTP:MS-BROWSER-CORS-BYPASS<BR /> <BR /> UPDATE-TYPE: New Signature<BR /> <BR /> CLASSIFICATION: BETA<BR /> <BR /> DESCRIPTION: A vulnerability in Microsoft Internet Explorer and Microsoft Edge browsers allows for cross-origin resource sharing (CORS) restrictions to be bypassed, potentially exposing sensitive data to a third-party or attacker. Microsoft has released a patch for this vulnerability.<BR /> <BR /> REFERENCE: URLREF<BR /> <BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8592" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8592</A><BR /> <BR /> REFERENCE: CVE<BR /> <BR /> CVE-2017-8592<BR /> <BR /> <BR /> <BR /> <BR /> <BR /> IE:MEMORY-CORRUPTION-RCE-329<BR /> <BR /> UPDATE-TYPE: New Signature<BR /> <BR /> CLASSIFICATION: BETA<BR /> <BR /> DESCRIPTION: A remote code vulnerability exists when Microsoft Internet Explorer renders certain HTML parameters. Microsoft has released a patch for this vulnerability.<BR /> <BR /> REFERENCE: URLREF<BR /> <BR /> <A href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8594" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8594</A><BR /> <BR /> REFERENCE: CVE<BR /> <BR /> CVE-2017-8594<BR /> <BR /> <BR /> <BR /> <BR /> <BR /> IE:SCRIPTING-ENGINE-RCE-14<BR /> <BR /> UPDATE-TYPE: New Signature<BR /> <BR /> CLASSIFICATION: BETA<BR /> <BR /> DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.<BR /> <BR /> REFERENCE: URLREF<BR /> <BR /> <A href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8618" target="_blank" rel="nofollow noreferrer noopener">https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8618</A><BR /> <BR /> REFERENCE: CVE<BR /> <BR /> CVE-2017-8618<BR /> <BR /> <BR /> <BR /> <BR /> <BR /> Wed, 12 Jul 2017 17:19:00 GMT https://community.extremenetworks.com/t5/end-of-service-products/new-dragon-ips-signatures-released/m-p/25193#M633 Dudley__Jeff 2017-07-12T17:19:00Z