| Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following eight web based, client-side vulnerabilities included in the August 2010 Microsoft security bulletins. Zscaler clients are protected from the following vulnerabilities simply by leveraging the Zscaler platform, without the need to take any further action. |
| MS10-060 – Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight
Could Allow Remote Code Execution |
Severity: Critical
Affected Software
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
|
| CVE-2010-0019 Microsoft Silverlight Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Microsoft Silverlight handles pointers. The vulnerability could allow remote code execution when a user visits a specially crafted web site that contains Silverlight content. |
| MS10-053 – Cumulative Security Update for Internet Explorer |
Severity: Critical
Affected Software
- Internet Explorer 6
- Internet explorer 7
- Internet Explorer 8
|
| CVE-2010-1258 Event Handler Cross-Domain Vulnerability |
| Description: An information disclosure vulnerability exists in Internet Explorer that could allow script to gain access to a browser
window in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted
web page that could allow information disclosure if a user viewed the Web page and then interacts with the browser window using
the mouse. |
| CVE-2010-2556 Uninitialized Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been
correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted web page.
When a user views the Web page, the vulnerability could allow remote code execution. |
| CVE-2010-2557 Uninitialized Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been
correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted web page.
When a user views the web page, the vulnerability could allow remote code execution. |
| CVE-2010-2558 Race Condition Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that may have been
corrupted due to a race condition. An attacker could exploit the vulnerability by constructing a specially crafted web page. When a
user views the web page, the vulnerability could allow remote code execution. |
| CVE-2010-2559 Uninitialized Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been
correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted web page.
When a user views the Web page, the vulnerability could allow remote code execution. |
| CVE-2010-2560 HTML Layout Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been
correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted web page.
When a user views the web page, the vulnerability could allow remote code execution. |
| MS10-049 – Vulnerabilities in SChannel could allow Remote Code Execution |
Severity: Critical
Affected Software
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
|
| CVE-2009-3555 TLS/SSL Renegotiation Vulnerability |
| Description: A spoofing vulnerability exists in the TLS/SSL protocol, implemented in the Microsoft Windows SChannel authentication
component. An attacker who successfully exploited this vulnerability would be able to introduce information on a TLS/SSL protected
connection, effectively sending traffic spoofing the authenticated client. |
| Note: Note: This vulnerability stems from an issue previously discussed in Microsoft Security Advisory 977377, first released on February 9, 2010. This vulnerability affected multiple vendors, however Zscaler was not affected, therefore, customers leveraging Zscaler’s SSL inspection capabilities, have not been impacted by this issue. |
About Zscaler
Through a multi-tenant, globally-deployed infrastructure, Zscaler enforces business policy, mitigates risk and provides twice the functionality at a fraction of the cost of current solutions. It enables organizations to provide the right access to the right users, from any place and on any device, while empowering the end-user with a rich Internet experience. For more information, visit us at www.zscaler.com. |
Press Contacts:
Paula Dunne
Office: +1-408-776-1400, Mobile: +1-408-893-8750
Paula.Dunne@zscaler.com |
| Zscaler®, and the Zscaler Logo are trademarks of Zscaler, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners. |
| Related Links: |
|
| |
