Zscaler Deploys Protections for Internet Explorer Zero-Day Vulnerability
San Jose, California, January 14, 2010
Zscaler, Inc., the market leader in cloud-delivered multi-tenant Security as a Service (SaaS), announced that it has globally deployed protections to combat a zero-day vulnerability in Microsoft Internet Explorer. The vulnerability (CVE-2010-0249) affects all currently supported versions of Internet Explorer and has been tied to recent high profile, targeted attacks
Numerous reports suggest that this vulnerability was used in recently publicized attacks on Google, Adobe, and others. A patch is not yet available for this issue. Moreover, suggested workarounds can be cumbersome to implement and will restrict features on legitimate websites. Zscaler was notified of the exploit through the Microsoft MAPPs program, through which Microsoft shares data with trusted partners.
“Targeted, web based attacks can be a powerful tool for criminals,” said Michael Sutton, vice president Security Research, Zscaler. “Zero-day attacks that impact popular software such as Internet Explorer impact virtually every organization. When vulnerabilities such as these emerge, rapid deployment of protections is absolutely critical.” According to Sutton, Zscaler was able to push protections to all Zscaler Enforcement nodes within hours of receiving exploit details from Microsoft.