Zscaler Provides Advanced Protection for Massive Microsoft Patch Cycle




SUNNYVALE, California, August 10, 2010


Zscaler, Inc., the market leader in cloud-delivered multi-tenant Security as a Service (SaaS), today announced that it has deployed protections that enabled customers with immediate defense against the web-based threats included in Microsoft’s massive August patch cycle. With Zscaler’s cloud-delivered security service, customers were transparently protected from numerous vulnerabilities, many of which are critical in nature. Zscaler’s protections are in-line and, as such, do not require customers to take any action on their own.

On Tuesday, Microsoft released one of its largest monthly patch cycles to date, covering a total of 34 vulnerabilities in 14 advisories. Such patch cycles create a daunting task for enterprises, which must quickly deploy patches to individual systems before exploits emerge, allowing attackers to compromise machines. This challenge is made even more difficult for companies with a mobile workforce where laptop computers may not be online at any given time to permit patches to be pushed to road warriors. As a SaaS service provider, Zscaler has been able to deploy in-line protections that block threats before they ever reach vulnerable systems. Such protections apply to both end-user systems on the enterprise network and laptops out in the field.

“Working with Microsoft through its MAPPs program is of great benefit to our mutual customer base as it ensures immediate vulnerability shielding for critical web-based vulnerabilities the day that they are released,” said Michael Sutton, vice president of Security Research at Zscaler. The Microsoft Active Protections Program (MAPPs), ensures that Microsoft’s trusted security partners receive details of vulnerabilities ahead of public release in order to build appropriate protections.

Zscaler has deployed protections for the following vulnerabilities included in the Microsoft Security Bulletins for August 2010:

  • MS10-060
    • CVE-2010-0019 - Microsoft Silverlight Memory Corruption Vulnerability
  • MS10-053
    • CVE-2010-1258 - Event Handler Cross-Domain Vulnerability
    • CVE-2010-2556 - Uninitialized Memory Corruption Vulnerability
    • CVE-2010-2557 - Uninitialized Memory Corruption Vulnerability
    • CVE-2010-2558 - Race Condition Memory Corruption Vulnerability
    • CVE-2010-2559 - Uninitialized Memory Corruption Vulnerability
    • CVE-2010-2560 - HTML Layout Memory Corruption Vulnerability
  • MS10-049
    • CVE-2009-3555 - TLS/SSL Renegotiation Vulnerability


About Zscaler

Zscaler (NASDAQ: ZS) enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud-first world. Its flagship services, Zscaler Internet Access™ and Zscaler Private Access™, create fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100 percent cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances are unable to match. Used in more than 185 countries, Zscaler operates a multi-tenant distributed cloud security platform, protecting thousands of customers from cyberattacks and data loss. Learn more at zscaler.com or follow us on Twitter @zscaler.

Zscaler™, Zscaler Internet Access™, and Zscaler Private Access™, ZIA™ and ZPA™ are either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the properties of their respective owners.

Additional Resources:

Media Contacts:

Tom Stilwell
Vice President, Global Communications
[email protected]