SUNNYVALE, California, November 24, 2009
Zscaler, Inc., the market leader in cloud-delivered multi-tenant Security as a Service (SaaS), today announced that it has deployed protections to protect customers against a new zero-day threat that affects Internet Explorer 6 & 7. Zscaler was able to deploy initial protections shortly after exploit code was first released and continues to update the protections as additional details become available through the Microsoft Active Protections Program, which Zscaler participates in.
Microsoft has released a security advisory (Microsoft Security Advisory 977981), warning of the threat, which can be triggered by a malformed Cascading Style Sheet (CSS). In the advisory, Microsoft has stated that a patch is not yet available but that they are monitoring the situation closely. CVE-2009-3762 has been reserved for this issue.
“Internet Explorer, versions 6 & 7 account for approximately 41% of web browsers in use today, so this vulnerability will be an enticing one for attackers,” said Michael Sutton, vice president Security Research, Zscaler. “Attacks such as these are also prime candidates for targeting otherwise legitimate websites as an attack vector. The exploit can be triggered simply via HTML code, so attackers can inject code into websites with weak security protections.” According to Sutton, Zscaler is continually monitoring for exploitation leveraging this attack vector by actively monitoring the traffic of Zscaler customers.
Zscaler (NASDAQ: ZS) enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud-first world. Its flagship services, Zscaler Internet Access™ and Zscaler Private Access™, create fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100 percent cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances are unable to match. Used in more than 185 countries, Zscaler operates a multi-tenant distributed cloud security platform, protecting thousands of customers from cyberattacks and data loss. Learn more at zscaler.com or follow us on Twitter @zscaler.
Zscaler™, Zscaler Internet Access™, and Zscaler Private Access™, ZIA™ and ZPA™ are either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the properties of their respective owners.
Vice President, Global Communications