| Zscaler Provides Immediate Vulnerability Protection for latest Microsoft Patch Cycle |
| Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for eleven web-based vulnerabilities included in the August 2011 Microsoft patch cycle. Zscaler customers with the Advanced Threat Protection Services license are protected from these vulnerabilities simply be leveraging the Zscaler platform, without the need to take any further action. |
| Zscaler will continue to monitor exploits associated with this release and deploy additional protections as necessary. |
| MS11-057 – Cumulative Security Update for Internet Explorer (KB2559049) |
Severity: Critical
Affected Software
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
|
| CVE-2011-1257 – Window Open Race Condition Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an
object that may have been corrupted due to a race condition. |
| CVE-2011-1960 – Event Handlers Information Disclosure Vulnerability |
| Description: An information disclosure vulnerability exists in Internet Explorer. |
| CVE-2011-1961 – Telnet Handler Remote Code Execution Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer uses the telnet URI handler. |
| CVE-2011-1963 – XSLT Memory Corruption Vulnerability |
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an
object that has not been correctly initialized or has been deleted. |
| CVE-2011-1964 – Style Object Memory Corruption Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. |
| CVE-2011-2383 – Drag and Drop Information Disclosure Vulnerability |
| Description: An information disclosure vulnerability exists in Internet Explorer. |
| MS11-060 – Vulnerabilities in Microsoft Visio Could Cause Remote Code Execution (KB2560978) |
Severity: Important
Affected Software
- Microsoft Office 2003
- Microsoft Office 2007
- Microsoft Office 2010
|
| CVE-2011-1972 – pStream Release RCE Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Microsoft Visio validates objects in memory when parsing specially crafted Visio files. |
| CVE-2011-1979 – Move Around the Block RCE Vulnerability |
| Description: A remote code execution vulnerability exists in the way that Microsoft Visio validates objects in memory when parsing specially crafted Visio files. |
| MS11-066 – Vulnerability in Microsoft Chart Control Could Allow Information Disclosure
(KB2567943) |
Severity: Important
Affected Software
- Microsoft .NET Framework 3.5
|
| CVE-2011-1977 – Microsoft Chart Control - Directory Traversal/Arbitrary File Read, Delete |
| Description: An information disclosure vulnerability exists in the way that Microsoft Chart controls incorrectly handle special characters within a specially crafted URI. |
| MS11-061 – Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (KB2546250) |
Severity: Important
Affected Software
- Microsoft Visual Studio 2008
|
| CVE-2011-1263 – Remote Desktop Web Access Vulnerability |
| Description: A reflected XSS vulnerability exists in Remote Desktop Web Access that could allow an attacker
to inject a client-side script into the user's instance of Internet Explorer. |
| MS11-067 – Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (KB2578230) |
Severity: Important
Affected Software
- Microsoft Visual Studio 2005
- Microsoft Report Viewer 2005
|
| CVE-2011-1976 – XSS in andEnsureParam in Microsoft.ReportViewer.WebForms.dll |
| Description: An information disclosure vulnerability exists in the way that the Microsoft Report Viewer control improperly validates parameters within a data source. |
About Zscaler
Zscaler’s Cloud security solution enforces business policy for web and email, mitigates risk, and provides twice the functionality at a fraction of the cost of traditional solutions. Through a multi-tenant, globally-deployed infrastructure with over 40 data centers, Zscaler enables organizations to create and enforce security policy for every user, on any device, over any network. For more information, visit us at www.zscaler.com. |
Press Contacts:
Paula Dunne
Office: +1-408-776-1400, Mobile: +1-408-893-8750
Paula.Dunne@zscaler.com |
| Zscaler®, and the Zscaler Logo are trademarks of Zscaler, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners. |
| Related Links: |
|
The Cloud Security Company™
