Zscaler Defends Against Zero Day Vulnerability in Internet Explorer 6/7

Sunnyvale, California, November 24, 2009

Zscaler, Inc., the market leader in cloud-delivered multi-tenant Security as a Service (SaaS), today announced that it has deployed protections to protect customers against a new zero-day threat that affects Internet Explorer 6 & 7. Zscaler was able to deploy initial protections shortly after exploit code was first released and continues to update the protections as additional details become available through the Microsoft Active Protections Program, which Zscaler participates in.

Microsoft has released a security advisory (Microsoft Security Advisory 977981), warning of the threat, which can be triggered by a malformed Cascading Style Sheet (CSS). In the advisory, Microsoft has stated that a patch is not yet available but that they are monitoring the situation closely. CVE-2009-3762 has been reserved for this issue.

“Internet Explorer, versions 6 & 7 account for approximately 41% of web browsers in use today, so this vulnerability will be an enticing one for attackers,” said Michael Sutton, vice president Security Research, Zscaler. “Attacks such as these are also prime candidates for targeting otherwise legitimate websites as an attack vector. The exploit can be triggered simply via HTML code, so attackers can inject code into websites with weak security protections.” According to Sutton, Zscaler is continually monitoring for exploitation leveraging this attack vector by actively monitoring the traffic of Zscaler customers.

About Zscaler

Zscaler is revolutionizing Internet security with the industry’s first Security as a Service platform. As the most innovative firm in the $35 billion security market, Zscaler is used by more than 5,000 leading organizations, including 50 of the Fortune 500. Zscaler ensures that more than 15 million users worldwide are protected against cyber attacks and data breaches while staying fully compliant with corporate and regulatory policies.

Zscaler is a Gartner Magic Quadrant leader for Secure Web Gateways and delivers a safe and productive Internet experience for every user, from any device and from any location — 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the internet backbone, operating in more than 100 data centers around the world and enabling organizations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance. Zscaler delivers unified, carrier-grade internet security, next generation firewall, web security, sandboxing/advanced persistent threat (APT) protection, data loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence—all without the need for on-premise hardware, appliances or software. To learn more, visit us at www.zscaler.com.

Additional Resources:

Media Contacts:

Whitney Black 
Director of Communications