https://www.zscaler.com/ Zscaler Security Advisories identify and provide security vulnerabilities along with their criticality ratings. en https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-windows-april-2024 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 4 vulnerabilities included in the April 2024 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary. CVE-2024-26212 – DHCP Server Service Denial of Service Vulnerability Severity: Important Subscriptions Required Advanced Cloud Sandbox Advanced Threat Protection Affected Software Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 CVE-2024-26209 – Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Severity: Important Subscriptions Required Advanced Cloud Sandbox Advanced Threat Protection Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) CVE-2024-26234 – Proxy Driver Spoofing Vulnerability Severity: Important Subscriptions Required Advanced Cloud Sandbox Advanced Threat Protection Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2024-26211 – Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Severity: Important Subscriptions Required Advanced Cloud Sandbox Advanced Threat Protection Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Tue, 09 Apr 2024 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-windows-april-2024 https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-windows-march-2024 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 4 vulnerabilities included in the March 2024 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the March release and deploy additional protections, as necessary. CVE-2024-21433 – Windows Print Spooler Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2024-21437 – Windows Graphics Component Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2016 (Server Core installation) Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2024-26182 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2024-26160 – Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability Severity: Important Affected Software Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Tue, 12 Mar 2024 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-windows-march-2024 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-windows-february-2024 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the February 2024 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections, as necessary. CVE-2024-21338 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2024-21371 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 13 Feb 2024 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-windows-february-2024 https://www.zscaler.com/security-advisories/zscaler-protects-against-13-new-vulnerabilities-for-adobe-february-2024 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 13 vulnerabilities included in the February 2024 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections, as necessary. APSB24-07 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation, security feature bypass and memory leak. Affected Software Acrobat DC Continuous 23.008.20470 and earlier versions for Windows & macOS Acrobat Reader DC Continuous 23.008.20470 and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 20.005.30539 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 20.005.30539 and earlier versions for Windows & macOS CVE-2024-20726 – Out-of-bounds Write vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2024-20727 – Out-of-bounds Write vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2024-20728 – Out-of-bounds Write vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2024-20729 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Important CVE-2024-20730 – Integer Overflow or Wraparound vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2024-20731 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2024-20733 – Improper Input Validation vulnerability leading to Application denial-of-service. Severity: Important CVE-2024-20734 – Use After Free vulnerability leading to Memory leak. Severity: Important CVE-2024-20735 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2024-20736 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2024-20747 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2024-20748 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2024-20749 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important Tue, 13 Feb 2024 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-13-new-vulnerabilities-for-adobe-february-2024 https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-windows-january-2024 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 4 vulnerabilities included in the January 2024 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary. CVE-2024-21307 – Remote Desktop Client Remote Code Execution Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2024-20698 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2024-21310 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2024-20653 – Microsoft Common Log File System Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Tue, 09 Jan 2024 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-windows-january-2024 https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-windows-december-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 4 vulnerabilities included in the December 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the December release and deploy additional protections, as necessary. CVE-2023-35633 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows 10 for x64-based Systems Windows 10 for 32-bit Systems CVE-2023-35644 – Windows Sysmain Service Elevation of Privilege Severity: Important Affected Software Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64based Systems Windows 11 Version 23H2 for ARM64based Systems Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 version 21H2 for ARM64based Systems Windows 11 version 21H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2023-36005 – Windows Telephony Server Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64based Systems Windows 11 Version 23H2 for ARM64based Systems Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 version 21H2 for ARM64based Systems Windows 11 version 21H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2023-36391 – Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 11 Version 23H2 for x64based Systems Windows 11 Version 23H2 for ARM64based Systems Tue, 12 Dec 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-windows-december-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-17-new-vulnerabilities-for-adobe-november-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 17 vulnerabilities included in the November 2023 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections, as necessary. APSB23-54 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation, security feature bypass and memory leak. Affected Software Acrobat DC Continuous 23.006.20380 (Win), 23.006.20380 (Mac) and earlier versions for Windows & macOS Acrobat Reader DC Continuous 23.006.20380 (Win), 23.006.20380 (Mac) and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 20.005.30539 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 20.005.30539 and earlier versions for Windows & macOS CVE-2023-44336 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-44337 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-44338 – Out-of-bounds Read vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-44359 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-44365 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-44366 – Out-of-bounds Write vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-44367 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-44371 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-44372 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-44339 – Out-of-bounds Read leading to Memory leak. Severity: Important CVE-2023-44340 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Moderate CVE-2023-44348 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Moderate CVE-2023-44356 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Moderate CVE-2023-44357– Out-of-bounds Read vulnerability leading to Memory leak. Severity: Moderate CVE-2023-44358 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Moderate CVE-2023-44360 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Moderate CVE-2023-44361 – Use After Free vulnerability leading to Memory leak. Severity: Moderate Tue, 14 Nov 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-17-new-vulnerabilities-for-adobe-november-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-windows-november-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 6 vulnerabilities included in the November 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections, as necessary. CVE-2023-36033 – Windows DWM Core Library Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-36036 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for ARM64-based Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-36394 – Windows Search Service Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-36399 – Windows Storage Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2022, 23H2 Edition (Server Core installation) CVE-2023-36424 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for ARM64-based Systems CVE-2023-36017 – Windows Scripting Engine Memory Corruption Vulnerability Severity: Important Affected Software Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for ARM64-based Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 14 Nov 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-windows-november-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-7-new-vulnerabilities-windows-october-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 7 vulnerabilities included in the October 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary CVE-2023-38159 – Windows Graphics Component Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-36776 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-41772 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-36743 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-36594 – Windows Graphics Component Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-36713 – Windows Common Log File System Driver Information Disclosure Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-36731 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Tue, 10 Oct 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-7-new-vulnerabilities-windows-october-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-1-new-vulnerability-for-adobe-september-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 1 vulnerability included in the September 2023 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary. APSB23-34 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution. Affected Software Acrobat DC Continuous 23.003.20284 (Win), 23.003.20284 (Mac) and earlier versions for Windows & macOS Acrobat Reader DC Continuous 23.003.20244 (Win), 23.003.20284 (Mac) and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 20.005.30516 (Mac), 20.005.30514 (Win) and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 2020 20.005.30516 (Mac), 20.005.30514 (Win) and earlier versions for Windows & macOS CVE-2023-26369 – Out-of-bounds Write vulnerability leading to Arbitrary code execution. Severity: Critical Tue, 12 Sep 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-1-new-vulnerability-for-adobe-september-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-windows-september-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the September 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary. CVE-2023-38144 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 version 21H2 for ARM64based Systems Windows 11 version 21H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 version 21H2 for ARM64based Systems Windows 11 version 21H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2023-38143 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 version 21H2 for ARM64based Systems Windows 11 version 21H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Tue, 12 Sep 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-windows-september-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-26-new-vulnerabilities-for-adobe-august-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 26 vulnerabilities included in the August 2023 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary. APSB23-30 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation, security feature bypass and memory leak. Affected Software Acrobat DC Continuous 23.003.20244 (Win), 23.003.20244 (Mac) and earlier versions for Windows & macOS Acrobat Reader DC Continuous 23.003.20244 (Win), 23.003.20244 (Mac) and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 20.005.30467 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 20.005.30467 and earlier versions for Windows & macOS CVE-2023-38235 – Out-of-bounds Read vulnerability leading to Memory Leak. Severity: Critical CVE-2023-38236 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2023-38237 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2023-38238 – Use After Free vulnerability leading to Memory leak. Severity: Moderate CVE-2023-38240 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2023-38239 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2023-38241 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2023-38234 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38242 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2023-38233 – Out-of-bounds write vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38244 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2023-38247 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Moderate CVE-2023-38248 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Moderate CVE-2023-38232 – Out-of-bounds Read vulnerability leading to Memory Leak. Severity: Critical CVE-2023-38231 – Out-of-bounds Write vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38230 – Use After Free vulnerability leading to Memory Leak. Severity: Critical CVE-2023-38229 – Out-of-bounds Read vulnerability leading to Memory Leak. Severity: Critical CVE-2023-29303 – Use After Free vulnerability leading to Memory leak. Severity: Important CVE-2023-38222 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38228 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38227 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38226 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38225 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38224 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38246 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38223 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution. Severity: Critical Tue, 08 Aug 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-26-new-vulnerabilities-for-adobe-august-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-windows-august-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the August 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary. CVE-2023-35384 – Windows HTML Platforms Security Feature Bypass Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-36900 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 08 Aug 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-windows-august-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-windows-july-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the July 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections, as necessary. CVE-2023-33157 – Microsoft SharePoint Remote Code Execution Vulnerability Severity: Critical Affected Software Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 CVE-2023-35311 – Microsoft Outlook Security Feature Bypass Vulnerability Severity: Important Affected Software Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC 2021 for 32-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2013 (64-bit editions) Microsoft Outlook 2013 (32-bit editions) Microsoft Outlook 2016 (64-bit edition) Microsoft Office 2019 for 64-bit editions Microsoft Outlook 2016 (32-bit edition) Microsoft Office 2019 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Tue, 11 Jul 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-windows-july-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-windows-june-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 6 vulnerabilities included in the June 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections, as necessary. CVE-2023-29360 – Windows TPM Device Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 CVE-2023-29358 – Windows GDI Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems CVE-2023-29357 – Microsoft SharePoint Server Elevation of Privilege Vulnerability Severity: Critical Affected Software Microsoft SharePoint Server 2019 CVE-2023-28310 – Microsoft Exchange Server Remote Code Execution Vulnerability Severity: Important Affected Software Microsoft Exchange Server 2019 Cumulative Update 13 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 23 CVE-2023-29361 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 CVE-2023-29371 – Windows GDI Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Tue, 13 Jun 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-windows-june-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-14-new-vulnerabilities-for-adobe-april-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 14 vulnerabilities included in the April 2023 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary. APSB23-24 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation, security feature bypass and memory leak. Affected Software Acrobat DC Continuous 23.001.200932 (Win), 23.001.200932 (Mac) and earlier versions for Windows & macOS Acrobat Reader DC Continuous 23.001.200932 (Win), 23.001.200932 (Mac) and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 20.005.30441 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 20.005.30441 and earlier versions for Windows & macOS CVE-2023-26420 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26419 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26418 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26417 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26395 – Out-of-bounds Write vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26421 – Integer Underflow vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26422 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26423 – Use after free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26424 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26425 – Out-of-bounds write vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26397 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2023-26405 – Improper Input validation vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26406 – Improper Access Control leading to Security Feature Bypass Severity: Critical CVE-2023-26408 – Improper Access Control vulnerability leading to Security Feature bypass. Severity: Important Tue, 11 Apr 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-14-new-vulnerabilities-for-adobe-april-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-april-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the April 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary. CVE-2023-28274 – Windows Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-28285 – Windows Graphics Component Remote Code Execution Vulnerability Severity: Important Affected Software Microsoft Office LTSC for Mac 2021 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for Mac CVE-2023-24912 – Windows Graphics Component Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-28218 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-28220 – Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Severity: Critical Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 11 Apr 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-april-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-march-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the March 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the March release and deploy additional protections, as necessary. CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability Severity: Moderate Affected Software Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems CVE-2023-23410 – Windows HTTP.sys Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 14 Mar 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-march-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-february-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the February 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections, as necessary. CVE-2023-23376 – Windows Common Log File System Driver Elevation of Privilege Vulnerability. Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 version 21H2 for ARM64based Systems Windows 11 version 21H2 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2023-21823 – Windows Graphics Component Remote Code Execution Vulnerability Severity: Important Affected Software Windows Microsoft Office for Android Microsoft Office for iOS Microsoft Office for Universal Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Tue, 14 Feb 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-february-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-15-new-vulnerabilities-for-adobe-january-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 15 vulnerabilities included in the January 2023 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary. APSB23-01 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to denial-of-service, arbitrary code execution, privilege escalation and memory leak. Affected Software Acrobat DC Continuous 22.003.20282 (Win), 22.003.20281 (Mac) and earlier versions for Windows & macOS Acrobat Reader DC Continuous 22.003.20282 (Win), 22.003.20281 (Mac) and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 20.005.30418 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 20.005.30418 and earlier versions for Windows & macOS CVE-2023-21579 – Integer Overflow or Wraparound vulnerability leading to Arbitrary code execution Severity: Critical CVE-2023-21581 – Out-of-bounds Read vulnerability leading to memory leak Severity: Important CVE-2023-21585 – Out-of-bounds Read vulnerability leading to memory leak Severity: Important CVE-2023-21586 – NULL Pointer Dereference vulnerability leading to Application denial of service Severity: Important CVE-2023-21604 – Stack-based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical CVE-2023-21605 – Heap-based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical CVE-2023-21606 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2023-21607 – Improper Input Validation vulnerability leading to Arbitrary code execution Severity: Critical CVE-2023-21608 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2023-21609 – Out-of-bounds write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2023-21610 – Stack-based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical CVE-2023-21611 – Violation of Secure Design Principles leading to Privilege escalation Severity: Important CVE-2023-21612 – Violation of Secure Design Principles leading to Privilege escalation Severity: Important CVE-2023-21613 – Out-of-bounds Read vulnerability leading to memory leak Severity: Important CVE-2022-35691 – Out-of-bounds Read vulnerability leading to memory leak Severity: Important Wed, 11 Jan 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-15-new-vulnerabilities-for-adobe-january-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-january-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the January 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary. CVE-2023-21674 – Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. Severity: Important Affected Software Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 version 21H2 for ARM64based Systems Windows 11 version 21H2 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2023-21552 – Windows GDI Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 version 21H2 for ARM64based Systems Windows 11 version 21H2 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Wed, 11 Jan 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-january-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-december-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the December 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the December release and deploy additional protections, as necessary. CVE-2022-44675 – Windows Bluetooth Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 Datacenter: Azure Edition Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-44698 – Windows Win32k Elevation of Privilege Vulnerability Severity: Moderate Affected Software Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 Datacenter: Azure Edition Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Tue, 13 Dec 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-december-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-windows-november-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the November 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections, as necessary. CVE-2022-41113 – Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 Datacenter: Azure Edition (Hotpatch) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-41109 – Windows Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 Datacenter: Azure Edition (Hotpatch) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems CVE-2022-41096 – Microsoft DWM Core Library Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Tue, 08 Nov 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-windows-november-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-adobe-october-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 5 vulnerabilities included in the October 2022 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary. APSB22-46 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service and memory leak. Affected Software Acrobat DC Continuous 22.002.20212 and earlier versions for Windows & macOS Acrobat Reader DC Continuous 22.002.20212 and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 20.005.30381 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 20.005.30381 and earlier versions for Windows & macOS CVE-2022-35691 – NULL Pointer Dereference vulnerability leading to Application denial-of-service Severity: Important CVE-2022-38437 – Use After Free vulnerability leading to Memory leak Severity: Important CVE-2022-38449 – Out-of-bounds Read vulnerability leading to Memory leak Severity: Important CVE-2022-38450 – Stack-Based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-42339 – Stack-Based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical Tue, 11 Oct 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-adobe-october-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-october-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the October 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary. CVE-2022-38051 – Windows Graphics Component Elevation of Privilege Vulnerability Severity: Important Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-37970 – Windows DWM Core Library Elevation of Privilege Vulnerability Severity: Important Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox Affected Software Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-38050 – Win32k Elevation of Privilege Vulnerability Severity: Important Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox Affected Software Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-37989 – Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Severity: Important Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-38053 – Microsoft SharePoint Server Remote Code Execution Vulnerability Severity: Important Subscriptions Required Advanced Threat Protection Affected Software Windows Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Tue, 11 Oct 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-october-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-windows-september-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the September 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary. CVE-2022-35803 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows RT 8.1 Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2016 Windows 10 Version 1607 for 32bit Systems Windows Server 2012 (Server Core installation) Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2012 R2 (Server Core installation) Windows 10 for 32bit Systems Windows 7 for x64based Systems Service Pack 1 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2019 Windows 10 Version 1607 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows 10 Version 1809 for x64based Systems Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows 7 for 32bit Systems Service Pack 1 Windows 10 Version 1809 for 32bit Systems Windows 10 for x64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows 10 Version 21H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows 10 Version 20H2 for ARM64based Systems Windows 11 for ARM64based Systems Windows Server 2022 Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 1809 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 21H1 for 32bit Systems Windows Server 2022 Azure Edition Core Hotpatch Windows 10 Version 21H1 for x64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 10 Version 21H2 for ARM64based Systems CVE-2022-37957 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-34729 – Windows GDI Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Tue, 13 Sep 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-windows-september-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-7-new-vulnerabilities-for-adobe-august-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 7 vulnerabilities included in the August 2022 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary. APSB22-39 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Affected Software Acrobat DC Continuous 22.001.20169 and earlier versions for Windows & macOS Acrobat Reader DC Continuous 22.001.20169 and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 20.005.30362 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 20.005.30362 and earlier versions for Windows & macOS Acrobat 2017 Classic 2017 17.012.30249 and earlier versions for Windows & macOS Acrobat Reader 2017 Classic 2017 17.012.30249 and earlier versions for Windows & macOS CVE-2022-35665 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-35666 – Improper Input Validation vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-35667 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-35668 – Improper Input Validation vulnerability leading to Memory leak Severity: Important CVE-2022-35670 – Use After Free vulnerability leading to Memory leak Severity: Important CVE-2022-35671 – Out-of-bounds read vulnerability leading to Memory leak Severity: Important CVE-2022-35678 – Out-of-bounds read vulnerability leading to Memory leak Severity: Important Wed, 10 Aug 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-7-new-vulnerabilities-for-adobe-august-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-august-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the August 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary. CVE-2022-35793 – Windows Print Spooler Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems CVE-2022-35750 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-34713 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-35755 – Windows Print Spooler Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-34699 – Windows Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Wed, 10 Aug 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-august-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-20-new-vulnerabilities-for-adobe-july-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 20 vulnerabilities included in the July 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections, as necessary. APSB22-32 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Affected Software Acrobat DC Continuous 22.001.20142 and earlier versions for Windows & macOS Acrobat Reader DC Continuous 22.001.20142 and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 20.005.30334 and earlier versions for Windows & 20.005.30331 for macOS Acrobat Reader 2020 Classic 20.005.30334 and earlier versions for Windows & 20.005.30331 for macOS Acrobat 2017 Classic 2017 17.012.30229 and earlier versions for Windows & 17.012.30227 for macOS Acrobat Reader 2017 Classic 2017 17.012.30229 and earlier versions for Windows & 17.012.30227 for macOS CVE-2022-34230 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34229 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34228 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34227 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34226 – Out-of-bounds Read vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34225 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34224 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34223 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34222 – Out-of-bounds Read vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34237 – Use After Free vulnerability leading to Memory leak Severity: Important CVE-2022-34239 – Out-of-bounds Read vulnerability leading to Memory leak Severity: Important CVE-2022-34236 – Out-of-bounds Read vulnerability leading to Memory leak Severity: Important CVE-2022-34221 – Access of Resource Using Incompatible Type ('Type Confusion') vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34234 – Use After Free vulnerability leading to Memory leak Severity: Important CVE-2022-34220 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34219 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34217 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34216 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34233 – Use After Free vulnerability leading to Memory leak Severity: Important CVE-2022-34215 – Out-of-bounds Read vulnerability leading to Arbitrary code execution Severity: Critical Tue, 12 Jul 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-20-new-vulnerabilities-for-adobe-july-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-windows-july-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 4 vulnerabilities included in the July 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections, as necessary. CVE-2022-22047 – Windows CSRSS Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-30220 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-22034 – Windows Graphics Component Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-30202 – Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Tue, 12 Jul 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-windows-july-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-june-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the June 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections, as necessary. CVE-2022-30147 – Windows Installer Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-30160 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Wed, 15 Jun 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-june-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-windows-may-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 4 vulnerabilities included in the May 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections, as necessary. CVE-2022-29104 – Windows Print Spooler Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-29142 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems CVE-2022-23279 – Windows ALPC Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems CVE-2022-23270 – Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Severity: Critical Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 10 May 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-windows-may-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-61-new-vulnerabilities-for-adobe-acrobat-and-reader-april-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 61 vulnerabilities included in the April 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary. APSB22-16 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical, important, and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak, security feature bypass and privilege escalation. Affected Software Acrobat DC Continuous 22.001.20085 and earlier versions for Windows Acrobat Reader DC Continuous 22.001.20085 and earlier versions for Windows Acrobat 2020 Classic 2020 20.005.30314 and earlier versions for Windows & 20.005.30311 for macOS Acrobat Reader 2020 Classic 20.005.30311 and earlier versions for Windows & 20.005.30311 macOS Acrobat 2017 Classic 2017 17.012.30205 and earlier versions for Windows & macOS Acrobat Reader 2017 Classic 2017 17.012.30205 and earlier versions for Windows & macOS CVE-2022-24101 – Use After Free vulnerability leading to Memory Leak Severity: Moderate CVE-2022-24103 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-24104 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27785 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-24102 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27786 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27787 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27788 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27789 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27790 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27791 – Stack-based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27792 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27793 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27794 – Access Uninitialized Pointer vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27795 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27796 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27797 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27798 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27799 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27800 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27801 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27802 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28230 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28231 – Out-of-bounds Read vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28232 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28233 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28234 – Heap-based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28235 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28236 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28237 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28238 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28239 – Out-of-bounds Read vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28240 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28241 – Out-of-bounds Read vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28242 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28243 – Out-of-bounds Read vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28244 – Violation of Secure Design Principles leading to Arbitrary code execution Severity: Important CVE-2022-28245 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Critical CVE-2022-28246 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28248 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28249 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28250 – Use After Free vulnerability leading to Memory Leak Severity: Important CVE-2022-28251 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28252 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28253 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28254 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28255 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28256 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28257 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28258 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28259 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28260 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28261 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28262 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28263 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28264 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28265 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28266 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28267 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28268 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28269 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important Tue, 12 Apr 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-61-new-vulnerabilities-for-adobe-acrobat-and-reader-april-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-8-new-vulnerabilities-for-windows-april-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 8 vulnerabilities included in the April 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary. CVE-2022-24481 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-24542 – Windows Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-24546 – Windows DWM Core Library Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-26914 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-24521 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems CVE-2022-26904 – Windows User Profile Service Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems CVE-2022-24547 – Windows Digital Media Receiver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-24474 – Windows Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 12 Apr 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-8-new-vulnerabilities-for-windows-april-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-march-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the March 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the March release and deploy additional protections, as necessary. CVE-2022-24507 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems CVE-2022-23299 – Windows PDEV Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems CVE-2022-23285 – Remote Desktop Client Remote Code Execution Vulnerability Severity: Important Affected Software Windows RT 8.1 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems CVE-2022-24502 – Windows HTML Platforms Security Feature Bypass Vulnerability Severity: Important Affected Software Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2022 Azure Edition Core Hotpatch CVE-2022-23286 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Wed, 09 Mar 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-march-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-feb-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the February 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections, as necessary. CVE-2022-21989 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-21994 – Windows DWM Core Library Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-21996 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems CVE-2022-22000 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-22715 – Named Pipe File System Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 08 Feb 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-feb-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-25-new-adobe-vulnerabilities-jan-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 25 vulnerabilities included in the January 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary. APSB22-01 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical, important, and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak, application denial of service, security feature bypass and privilege escalation. Affected Software Acrobat DC Continuous 21.007.20099and earlier versions for Windows Acrobat Reader DC Continuous 21.007.20099 and earlier versions for Windows Acrobat DC Continuous 21.007.20099 and earlier versions for macOS Acrobat Reader DC Continuous 21.007.20099 and earlier versions for macOS Acrobat 2020 Classic 2020 20.004.30017 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 20.004.30017 and earlier versions for Windows & macOS Acrobat 2017 Classic 2017 17.011.30204 and earlier versions for Windows & macOS Acrobat Reader 2017 Classic 2017 17.011.30204 and earlier versions for Windows & macOS CVE-2021-44701 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2021-44702 – Improper Access Control vulnerability leading to Privilege escalation Severity: Critical CVE-2021-44703 – Stack-based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical CVE-2021-44704 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2021-44705 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2021-44706 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2021-44707 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2021-44708 – Heap-based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical CVE-2021-44709 – Heap-based Buffer Overflow vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2021-44710 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2021-44712 – Improper Input Validation vulnerability leading to Application denial-of-service. Severity: Important CVE-2021-44713 – Use After Free vulnerability leading to Application denial-of-service. Severity: Important CVE-2021-44714 – Violation of Secure Design Principles vulnerability leading to Security feature bypass. Severity: Moderate CVE-2021-44715 – Out-of-bounds Read vulnerability leading to Memory Leak. Severity: Moderate CVE-2021-44739 – Improper Input Validation vulnerability leading to Security feature bypass Severity: Moderate CVE-2021-44740 – NULL Pointer Dereference vulnerability leading to Application denial-of-service. Severity: Moderate CVE-2021-44741 – NULL Pointer Dereference vulnerability leading to Application denial-of-service. Severity: Moderate CVE-2021-44742 – Out-of-bounds Read vulnerability leading to Memory Leak. Severity: Moderate CVE-2021-45060 – Out-of-bounds Read vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2021-45061 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2021-45062 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2021-45063 – Use After Free vulnerability leading to Privilege escalation Severity: Moderate CVE-2021-45064 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2021-45067 – Access of Memory Location After End of Buffer vulnerability leading to Memory Leak. Severity: Important CVE-2021-45068 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical Wed, 12 Jan 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-25-new-adobe-vulnerabilities-jan-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-windows-jan-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 6 vulnerabilities included in the January 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary. CVE-2022-21881 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows Server 2016 (Server Core installation) Windows 10 Version 1809 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems CVE-2022-21882 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems CVE-2022-21887 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 11 for ARM64based Systems Windows 11 for x64based Systems CVE-2022-21897 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows RT 8.1 Windows 8.1 for x64based systems Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Windows Server 2012 R2 (Server Core installation) Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) CVE-2022-21908 – Windows Installer Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-21916 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Wed, 12 Jan 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-windows-jan-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-microsoft-windows-december-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the December 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the December release and deploy additional protections, as necessary. CVE-2021-41333 – Windows Print Spooler Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2021-43226 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2021-43883 – Windows Installer Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 14 Dec 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-microsoft-windows-december-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-microsoft-windows-november-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the November 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections, as necessary. CVE-2021-42292 – Microsoft Excel Security Feature Bypass Vulnerability. Severity: Important Affected Software Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Excel 2016 (32-bit edition) Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC for Mac 2021 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for Mac Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions CVE-2021-42298 – Microsoft Defender Remote Code Execution Vulnerability. Severity: Critical Affected Software Microsoft Malware Protection Engine CVE-2021-38666 – Remote Desktop Client Remote Code Execution Vulnerability. Severity: Critical Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Remote Desktop client for Windows Desktop Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 09 Nov 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-microsoft-windows-november-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-adobe-vulnerabilities-october-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 3 vulnerabilities included in the October 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary. APSB21-104 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Affected Software Acrobat DC Continuous 2021.007.20095 and earlier versions for Windows Acrobat Reader DC Continuous 2021.007.20095 and earlier versions for Windows Acrobat DC Continuous 2021.007.20096 and earlier versions for macOS Acrobat Reader DC Continuous 2021.007.20096 and earlier versions for macOS Acrobat 2020 Classic 2020 2020.004.30015 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 2020 2020.004.30015 and earlier versions for Windows & macOS Acrobat 2017 Classic 2017 17.011.30202 and earlier versions for Windows & macOS Acrobat Reader 2017 Classic 2017 17.011.30202 and earlier versions for Windows & macOS CVE-2021-40729 – Out-of-bounds Read vulnerability leading to Privilege escalation. Severity: Moderate CVE-2021-40730 – Use After Free vulnerability leading to Privilege escalation. Severity: Moderate CVE-2021-40731 – Out-of-bounds Write leading to Arbitrary code execution. Severity: Critical Tue, 12 Oct 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-adobe-vulnerabilities-october-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-microsoft-windows-october-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 6 vulnerabilities included in the October 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary. CVE-2021-41357 – Win32k elevation of Privilege Vulnerability Severity: Important Affected Software Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems CVE-2021-40487 – Microsoft SharePoint Server Remote Code Execution Vulnerability. Severity: Important Affected Software Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 CVE-2021-40450 – Win32k Elevation of Privilege Vulnerability. Severity: Important Affected Software Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2021-40467 – Windows Common Log File System Driver Elevation of Privilege Vulnerability. Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2021-40470 – DirectX Graphics Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit System CVE-2021-40449 – Win32k Elevation of Privilege Vulnerability. Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Tue, 12 Oct 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-microsoft-windows-october-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-adobe-september-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 4 vulnerabilities included in the September 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary. APSB21-55 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical, important, and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Affected Software Acrobat DC Continuous 2021.005.20060 and earlier versions for Windows Acrobat Reader DC Continuous 2021.005.20060 and earlier versions for Windows Acrobat DC Continuous 2021.005.20058 and earlier versions for macOS Acrobat Reader DC Continuous 2021.005.20058 and earlier versions for macOS Acrobat 2020 Classic 2020 2020.004.30006 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 2020 2020.004.30006 and earlier versions for Windows & macOS Acrobat 2017 Classic 2017 2017.011.30199 and earlier versions for Windows & macOS Acrobat Reader 2017 Classic 2017 2017.011.30199 and earlier versions for Windows & macOS CVE-2021-39836 – Use After Free leading to Arbitrary code execution. Severity: Critical CVE-2021-39842 – Use After Free leading to Arbitrary code execution. Severity: Critical CVE-2021-39843 – Out-of-bounds Write leading to Memory leak. Severity: Critical CVE-2021-39845 – Stack-based Buffer Overflow leading to Arbitrary code execution. Severity: Critical Tue, 14 Sep 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-adobe-september-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-september-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the September 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary. CVE-2021-38633 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) CVE-2021-40444 – Microsoft MSHTML Remote Code Execution Vulnerability Severity: Important Affected Software Windows 7 for x64-based Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for x64-based systems Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 8.1 for 32-bit systems Windows 8.1 for 32-bit systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2021-36955 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 14 Sep 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-september-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-microsoft-windows-august-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the August 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary. CVE-2021-34480 – Scripting Engine Memory Corruption Vulnerability Severity: Critical Affected Software Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2021-34535 – Remote Desktop Client Remote Code Execution Vulnerability Severity: Critical Affected Software Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Remote Desktop client for Windows Desktop Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Tue, 10 Aug 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-microsoft-windows-august-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-adobe-july-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 2 vulnerabilities included in the July 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections, as necessary. APSB21-51 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Affected Software Acrobat DC Continuous 2021.005.20054 and earlier versions for Windows and macOS Acrobat Reader DC Continuous 2021.005.20054 and earlier versions for Windows and macOS Acrobat 2020 Classic 2020 2020.004.30005 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 2020 2020.004.30005 and earlier versions for Windows & macOS Acrobat 2017 Classic 2017 2017.011.30197 and earlier versions for Windows & macOS Acrobat Reader 2017 Classic 2017 2017.011.30197 and earlier versions for Windows & macOS CVE-2021-28635 – Use After Free leading to Arbitrary code execution. Severity: Critical CVE-2021-28640 – Use After Free leading to Arbitrary code execution. Severity: Critical Tue, 13 Jul 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-adobe-july-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-microsoft-windows-july-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the July 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections, as necessary. CVE-2021-31979 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) CVE-2021-33771 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability Severity: Critical Affected Software Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2012 Windows Server 2012 R2 CVE-2021-34449 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability Severity: Critical Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 13 Jul 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-microsoft-windows-july-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-microsoft-windows-june-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 6 vulnerabilities included in the June 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections, as necessary. CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability Severity: Important Affected Software Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2021-31952 – Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2021-31954 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2021-31959 – Scripting Engine Memory Corruption Vulnerability Severity: Critical Affected Software Windows RT 8.1 Windows 7 for 32-bit Systems Service Pack 1 Windows 10 for x64-based Systems Windows 7 for x64-based Systems Service Pack 1 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows 10 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 20H2 for 32-bit Systems Windows 8.1 for x64-based systems Windows Server 2019 Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Tue, 08 Jun 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-microsoft-windows-june-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-1-new-adobe-vulnerability-june-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 1 vulnerability included in the June 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections, as necessary. APSB21-37 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Affected Software Acrobat DC Continuous 2021.001.20155 and earlier versions for Windows Acrobat Reader DC Continuous 2021.001.20155 and earlier versions for Windows Acrobat DC Continuous 2021.001.20155 and earlier versions for macOS Acrobat Reader DC Continuous 2021.001.20155 and earlier versions for macOS Acrobat 2020 Classic 2020 2020.001.30025 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 2020 2020.001.30025 and earlier versions for Windows & macOS Acrobat 2017 Classic 2017 2017.011.30196 and earlier versions for Windows & macOS Acrobat Reader 2017 Classic 2017 2017.011.30196 and earlier versions for Windows & macOS CVE-2021-28554 – Out-of-bounds read leading to Arbitrary code execution. Severity: Critical Tue, 08 Jun 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-1-new-adobe-vulnerability-june-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-internet-explorer-microsoft-may-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the May 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections, as necessary. CVE-2021-26419 – Scripting Engine Memory Corruption Vulnerability Severity: Critical Affected Software Internet Explorer 11 on Windows Server 2016 Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems Internet Explorer 11 on Windows Server 2019 Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems Internet Explorer 11 on Windows 10 Version 20H2 for x64-based Systems Internet Explorer 11 on Windows 10 Version 20H2 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 20H2 for ARM64-based Systems Internet Explorer 11 on Windows 10 for 32-bit Systems Internet Explorer 11 on Windows 10 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 Internet Explorer 11 on Windows 8.1 for 32-bit systems Internet Explorer 11 on Windows 8.1 for x64-based systems Internet Explorer 11 on Windows RT 8.1 Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Internet Explorer 11 on Windows Server 2012 Internet Explorer 11 on Windows Server 2012 R2 CVE-2021-31170 – Windows Graphics Component Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) CVE-2021-31188 – Windows Graphics Component Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Wed, 12 May 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-internet-explorer-microsoft-may-2021