Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following security vulnerability in Internet Explorer. Reports recently emerged on malware hosted at the Council on Foreign Relations (CFR) website that was leveraging a previously unknown vulnerability. It is being called a ‘watering hole’ attack as it is believed that the CFR website was specifically selected to target particular users of the site. At the present time, Microsoft has released a security advisory (2794220) detailing the vulnerability and recommended workarounds until a patch is available. The Zscaler cloud will detect and block websites leveraging this new vulnerability. Zscaler will continue to monitor exploits associated with this issue and deliver additional protections as needed.
Microsoft Security Advisory (2794220)
CVE-2012-4792 - Vulnerability in Internet Explorer Could Allow Remote Code Execution
Description: The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.
Zscaler is transforming enterprise networking and security with the world’s largest Direct-to-Cloud Network, which securely enables the productivity benefits of cloud, mobile and social technologies without the cost and complexity of traditional on-premise appliances and software. The Zscaler Direct-to-Cloud Network processes daily more than 10 billion transactions from more than 10 million users in 180 countries across 100 global data centers with near-zero latency. Learn why more than 4,000 global enterprises choose Zscaler to enable end-user productivity, enforce security policy and streamline WAN performance. Visit us at www.zscaler.com
Sr. PR Manager - Zscaler
Office Phone: +1-408-786-9285
Zscaler® and the Zscaler Logo are trademarks of Zscaler, Inc. All other trademarks are the property of their respective firms.