Zscaler Protects Customers from Zero-Day Microsoft DirectShow Vulnerability

Zscaler, Inc., the market leader in cloud-delivered multi-tenant Security as a Service (SaaS), today announced that within hours of receiving notification of a critical vulnerability in Microsoft operating systems, protections have been deployed to mitigate the threat. With Zscaler’s cloud-delivered security service, customers were immediately and transparently protected from the Microsoft DirectShow framework vulnerability, without needing to take any action on their own, such as deploying a patch on each appliance or every end-user computer.

Through its partnership with Microsoft, Zscaler is provided advanced notification and information about new vulnerabilities. Although a software patch is not yet available from Microsoft to fix the new vulnerability and may not be for several days, Microsoft has issued a public advisory regarding the ActiveX vulnerability as it is being actively exploited via ‘drive by download’ attacks from infected Web sites. Microsoft has additionally provided details of a workaround to protect users, however this requires making changes to the registry settings on each individual PC or laptop.

“With the high-speed, real-time inspection capabilities of the Zscaler infrastructure, we were able to quickly deploy countermeasures to protect our customers,” said Michael Sutton, vice president Security Research, Zscaler. “While it could take days for enterprises to implement a manual workaround on end-user machines, a SaaS service permits seamless deployment of protections from Web-based threats without any intervention required by our customers.”

For more information on the Microsoft DirectShow vulnerability, please visit https://docs.microsoft.com/en-us/