Zscaler Provides Advanced Protection for Massive Microsoft Patch Cycle

Sunnyvale, California, August 10, 2010

Zscaler, Inc., the market leader in cloud-delivered multi-tenant Security as a Service (SaaS), today announced that it has deployed protections that enabled customers with immediate defense against the web-based threats included in Microsoft’s massive August patch cycle. With Zscaler’s cloud-delivered security service, customers were transparently protected from numerous vulnerabilities, many of which are critical in nature. Zscaler’s protections are in-line and, as such, do not require customers to take any action on their own.

On Tuesday, Microsoft released one of its largest monthly patch cycles to date, covering a total of 34 vulnerabilities in 14 advisories. Such patch cycles create a daunting task for enterprises, which must quickly deploy patches to individual systems before exploits emerge, allowing attackers to compromise machines. This challenge is made even more difficult for companies with a mobile workforce where laptop computers may not be online at any given time to permit patches to be pushed to road warriors. As a SaaS service provider, Zscaler has been able to deploy in-line protections that block threats before they ever reach vulnerable systems. Such protections apply to both end-user systems on the enterprise network and laptops out in the field.

“Working with Microsoft through its MAPPs program is of great benefit to our mutual customer base as it ensures immediate vulnerability shielding for critical web-based vulnerabilities the day that they are released,” said Michael Sutton, vice president of Security Research at Zscaler. The Microsoft Active Protections Program (MAPPs), ensures that Microsoft’s trusted security partners receive details of vulnerabilities ahead of public release in order to build appropriate protections.

Zscaler has deployed protections for the following vulnerabilities included in the Microsoft Security Bulletins for August 2010:

  • MS10-060
    • CVE-2010-0019 - Microsoft Silverlight Memory Corruption Vulnerability
  • MS10-053
    • CVE-2010-1258 - Event Handler Cross-Domain Vulnerability
    • CVE-2010-2556 - Uninitialized Memory Corruption Vulnerability
    • CVE-2010-2557 - Uninitialized Memory Corruption Vulnerability
    • CVE-2010-2558 - Race Condition Memory Corruption Vulnerability
    • CVE-2010-2559 - Uninitialized Memory Corruption Vulnerability
    • CVE-2010-2560 - HTML Layout Memory Corruption Vulnerability
  • MS10-049
    • CVE-2009-3555 - TLS/SSL Renegotiation Vulnerability

About Zscaler

Zscaler is revolutionizing Internet security with the industry’s first Security as a Service platform. As the most innovative firm in the $35 billion security market, Zscaler is used by more than 5,000 leading organizations, including 50 of the Fortune 500. Zscaler ensures that more than 15 million users worldwide are protected against cyber attacks and data breaches while staying fully compliant with corporate and regulatory policies.

Zscaler is a Gartner Magic Quadrant leader for Secure Web Gateways and delivers a safe and productive Internet experience for every user, from any device and from any location — 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the internet backbone, operating in more than 100 data centers around the world and enabling organizations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance. Zscaler delivers unified, carrier-grade internet security, next generation firewall, web security, sandboxing/advanced persistent threat (APT) protection, data loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence—all without the need for on-premise hardware, appliances or software. To learn more, visit us at www.zscaler.com.

Additional Resources:

Media Contacts:

Whitney Black 
Director of Communications