Security Advisory – November 27, 2013

Zscaler Protects Against Vulnerability in NDProxy driver can lead to Code Execution

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following vulnerability included in the November 27, 2013 Microsoft security bulletin .  Zscaler will continue to monitor exploits associated with this vulnerability and release and deploy additional protections as necessary.

MSA-2914486Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege

Severity: Critical
Affected Software

  • Windows XP (All Versions)
  • Windows Vista (All Versions)
  • Windows 7 (All Versions)
  • Windows 8 (All Versions)
  • Windows Server 2003/2008

CVE-2013-5065Vulnerability in NDProxy driver can lead to Code Execution

Description: There is a local authenticated vulnerability in the NDProxy driver that can lead to code execution in ring0 context. The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

divider-img

About Zscaler

Zscaler ensures that more than 12 million employees at more than 5,000 enterprise and government organizations worldwide are protected against cyber attacks and data breaches while staying fully compliant with corporate and regulatory policies. Zscaler’s award-winning Security-as-a-Service platform delivers a safe and productive Internet experience for every user, from any device and from any location. Zscaler effectively moves security into the Internet backbone, operating in more than 100 data centers around the world and enabling organizations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance. Zscaler delivers unified, carrier-grade Internet security, advanced persistent threat (APT) protection, data loss prevention, SSL decryption, traffic shaping, policy management and threat intelligence–all without the need for on-premise hardware, appliances or software. To learn more, visit us at www.zscaler.com.

Press Contacts:

Dan Druker
Chief Marketing Officer - Zscaler
ddruker@zscaler.com

Zscaler® and the Zscaler Logo are trademarks of Zscaler, Inc.
All other trademarks are the property of their respective firms.

Related Links:

 

Ad Retargater