- Zscaler, Inc., the market leader in cloud-delivered multi-tenant Security as a Service (SaaS), today announced that it has deployed protections to protect customers against a new zero-day threat that affects Internet Explorer 6 & 7. Zscaler was able to deploy initial protections shortly after exploit code was first released and continues to update the protections as additional details become available through the Microsoft Active Protections Program, which Zscaler participates in.
Microsoft has released a security advisory (Microsoft Security Advisory 977981), warning of the threat, which can be triggered by a malformed Cascading Style Sheet (CSS). In the advisory, Microsoft has stated that a patch is not yet available but that they are monitoring the situation closely. CVE-2009-3762 has been reserved for this issue.
“Internet Explorer, versions 6 & 7 account for approximately 41% of web browsers in use today, so this vulnerability will be an enticing one for attackers,” said Michael Sutton, vice president Security Research, Zscaler. “Attacks such as these are also prime candidates for targeting otherwise legitimate websites as an attack vector. The exploit can be triggered simply via HTML code, so attackers can inject code into websites with weak security protections.” According to Sutton, Zscaler is continually monitoring for exploitation leveraging this attack vector by actively monitoring the traffic of Zscaler customers.
Zscaler ensures that more than 15 million employees across thousands of enterprises and government organizations worldwide are protected against cyber attacks and data breaches while staying fully compliant with corporate and regulatory policies. Zscaler’s award-winning Security-as-a-Service platform delivers a safe and productive Internet experience for every user, from any device and from any location. Zscaler effectively moves security into the Internet backbone, operating in more than 100 data centers around the world and enabling organizations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance. Zscaler delivers unified, carrier-grade Internet security, advanced persistent threat (APT) protection, data loss prevention, SSL decryption, traffic shaping, policy management and threat intelligence–all without the need for on-premise hardware, appliances or software. To learn more, visit us at www.zscaler.com.
415-963-4174 ext. 26