https://www.zscaler.com/ Zscaler Security Advisories identify and provide security vulnerabilities along with their criticality ratings. en https://www.zscaler.com/security-advisories/zscaler-protects-against-1-new-vulnerability-for-adobe-september-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 1 vulnerability included in the September 2023 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary. APSB23-34 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution. Affected Software Acrobat DC Continuous 23.003.20284 (Win), 23.003.20284 (Mac) and earlier versions for Windows & macOS Acrobat Reader DC Continuous 23.003.20244 (Win), 23.003.20284 (Mac) and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 20.005.30516 (Mac), 20.005.30514 (Win) and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 2020 20.005.30516 (Mac), 20.005.30514 (Win) and earlier versions for Windows & macOS CVE-2023-26369 – Out-of-bounds Write vulnerability leading to Arbitrary code execution. Severity: Critical Tue, 12 Sep 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-1-new-vulnerability-for-adobe-september-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-windows-september-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the September 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary. CVE-2023-38144 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 version 21H2 for ARM64based Systems Windows 11 version 21H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 version 21H2 for ARM64based Systems Windows 11 version 21H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2023-38143 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 version 21H2 for ARM64based Systems Windows 11 version 21H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Tue, 12 Sep 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-windows-september-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-26-new-vulnerabilities-for-adobe-august-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 26 vulnerabilities included in the August 2023 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary. APSB23-30 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation, security feature bypass and memory leak. Affected Software Acrobat DC Continuous 23.003.20244 (Win), 23.003.20244 (Mac) and earlier versions for Windows & macOS Acrobat Reader DC Continuous 23.003.20244 (Win), 23.003.20244 (Mac) and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 20.005.30467 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 20.005.30467 and earlier versions for Windows & macOS CVE-2023-38235 – Out-of-bounds Read vulnerability leading to Memory Leak. Severity: Critical CVE-2023-38236 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2023-38237 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2023-38238 – Use After Free vulnerability leading to Memory leak. Severity: Moderate CVE-2023-38240 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2023-38239 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2023-38241 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2023-38234 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38242 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2023-38233 – Out-of-bounds write vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38244 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2023-38247 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Moderate CVE-2023-38248 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Moderate CVE-2023-38232 – Out-of-bounds Read vulnerability leading to Memory Leak. Severity: Critical CVE-2023-38231 – Out-of-bounds Write vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38230 – Use After Free vulnerability leading to Memory Leak. Severity: Critical CVE-2023-38229 – Out-of-bounds Read vulnerability leading to Memory Leak. Severity: Critical CVE-2023-29303 – Use After Free vulnerability leading to Memory leak. Severity: Important CVE-2023-38222 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38228 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38227 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38226 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38225 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38224 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38246 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-38223 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution. Severity: Critical Tue, 08 Aug 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-26-new-vulnerabilities-for-adobe-august-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-windows-august-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the August 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary. CVE-2023-35384 – Windows HTML Platforms Security Feature Bypass Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-36900 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 08 Aug 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-windows-august-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-windows-july-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the July 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections, as necessary. CVE-2023-33157 – Microsoft SharePoint Remote Code Execution Vulnerability Severity: Critical Affected Software Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 CVE-2023-35311 – Microsoft Outlook Security Feature Bypass Vulnerability Severity: Important Affected Software Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC 2021 for 32-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2013 (64-bit editions) Microsoft Outlook 2013 (32-bit editions) Microsoft Outlook 2016 (64-bit edition) Microsoft Office 2019 for 64-bit editions Microsoft Outlook 2016 (32-bit edition) Microsoft Office 2019 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Tue, 11 Jul 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-windows-july-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-windows-june-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 6 vulnerabilities included in the June 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections, as necessary. CVE-2023-29360 – Windows TPM Device Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 CVE-2023-29358 – Windows GDI Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems CVE-2023-29357 – Microsoft SharePoint Server Elevation of Privilege Vulnerability Severity: Critical Affected Software Microsoft SharePoint Server 2019 CVE-2023-28310 – Microsoft Exchange Server Remote Code Execution Vulnerability Severity: Important Affected Software Microsoft Exchange Server 2019 Cumulative Update 13 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 23 CVE-2023-29361 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 CVE-2023-29371 – Windows GDI Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Tue, 13 Jun 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-windows-june-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-14-new-vulnerabilities-for-adobe-april-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 14 vulnerabilities included in the April 2023 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary. APSB23-24 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation, security feature bypass and memory leak. Affected Software Acrobat DC Continuous 23.001.200932 (Win), 23.001.200932 (Mac) and earlier versions for Windows & macOS Acrobat Reader DC Continuous 23.001.200932 (Win), 23.001.200932 (Mac) and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 20.005.30441 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 20.005.30441 and earlier versions for Windows & macOS CVE-2023-26420 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26419 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26418 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26417 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26395 – Out-of-bounds Write vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26421 – Integer Underflow vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26422 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26423 – Use after free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26424 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26425 – Out-of-bounds write vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26397 – Out-of-bounds Read vulnerability leading to Memory leak. Severity: Important CVE-2023-26405 – Improper Input validation vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2023-26406 – Improper Access Control leading to Security Feature Bypass Severity: Critical CVE-2023-26408 – Improper Access Control vulnerability leading to Security Feature bypass. Severity: Important Tue, 11 Apr 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-14-new-vulnerabilities-for-adobe-april-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-april-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the April 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary. CVE-2023-28274 – Windows Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-28285 – Windows Graphics Component Remote Code Execution Vulnerability Severity: Important Affected Software Microsoft Office LTSC for Mac 2021 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for Mac CVE-2023-24912 – Windows Graphics Component Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-28218 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2023-28220 – Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Severity: Critical Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 11 Apr 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-april-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-march-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the March 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the March release and deploy additional protections, as necessary. CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability Severity: Moderate Affected Software Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems CVE-2023-23410 – Windows HTTP.sys Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 14 Mar 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-march-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-february-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the February 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections, as necessary. CVE-2023-23376 – Windows Common Log File System Driver Elevation of Privilege Vulnerability. Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 version 21H2 for ARM64based Systems Windows 11 version 21H2 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2023-21823 – Windows Graphics Component Remote Code Execution Vulnerability Severity: Important Affected Software Windows Microsoft Office for Android Microsoft Office for iOS Microsoft Office for Universal Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Tue, 14 Feb 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-february-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-15-new-vulnerabilities-for-adobe-january-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 15 vulnerabilities included in the January 2023 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary. APSB23-01 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to denial-of-service, arbitrary code execution, privilege escalation and memory leak. Affected Software Acrobat DC Continuous 22.003.20282 (Win), 22.003.20281 (Mac) and earlier versions for Windows & macOS Acrobat Reader DC Continuous 22.003.20282 (Win), 22.003.20281 (Mac) and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 20.005.30418 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 20.005.30418 and earlier versions for Windows & macOS CVE-2023-21579 – Integer Overflow or Wraparound vulnerability leading to Arbitrary code execution Severity: Critical CVE-2023-21581 – Out-of-bounds Read vulnerability leading to memory leak Severity: Important CVE-2023-21585 – Out-of-bounds Read vulnerability leading to memory leak Severity: Important CVE-2023-21586 – NULL Pointer Dereference vulnerability leading to Application denial of service Severity: Important CVE-2023-21604 – Stack-based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical CVE-2023-21605 – Heap-based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical CVE-2023-21606 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2023-21607 – Improper Input Validation vulnerability leading to Arbitrary code execution Severity: Critical CVE-2023-21608 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2023-21609 – Out-of-bounds write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2023-21610 – Stack-based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical CVE-2023-21611 – Violation of Secure Design Principles leading to Privilege escalation Severity: Important CVE-2023-21612 – Violation of Secure Design Principles leading to Privilege escalation Severity: Important CVE-2023-21613 – Out-of-bounds Read vulnerability leading to memory leak Severity: Important CVE-2022-35691 – Out-of-bounds Read vulnerability leading to memory leak Severity: Important Wed, 11 Jan 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-15-new-vulnerabilities-for-adobe-january-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-january-2023 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the January 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary. CVE-2023-21674 – Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. Severity: Important Affected Software Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 version 21H2 for ARM64based Systems Windows 11 version 21H2 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2023-21552 – Windows GDI Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 version 21H2 for ARM64based Systems Windows 11 version 21H2 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Wed, 11 Jan 2023 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-january-2023 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-december-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the December 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the December release and deploy additional protections, as necessary. CVE-2022-44675 – Windows Bluetooth Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 Datacenter: Azure Edition Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-44698 – Windows Win32k Elevation of Privilege Vulnerability Severity: Moderate Affected Software Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 Datacenter: Azure Edition Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Tue, 13 Dec 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-december-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-windows-november-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the November 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections, as necessary. CVE-2022-41113 – Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 Datacenter: Azure Edition (Hotpatch) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-41109 – Windows Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 Datacenter: Azure Edition (Hotpatch) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems CVE-2022-41096 – Microsoft DWM Core Library Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 22H2 for 32bit Systems Windows 10 Version 22H2 for ARM64based Systems Windows 10 Version 22H2 for x64based Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Tue, 08 Nov 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-windows-november-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-adobe-october-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 5 vulnerabilities included in the October 2022 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary. APSB22-46 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service and memory leak. Affected Software Acrobat DC Continuous 22.002.20212 and earlier versions for Windows & macOS Acrobat Reader DC Continuous 22.002.20212 and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 20.005.30381 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 20.005.30381 and earlier versions for Windows & macOS CVE-2022-35691 – NULL Pointer Dereference vulnerability leading to Application denial-of-service Severity: Important CVE-2022-38437 – Use After Free vulnerability leading to Memory leak Severity: Important CVE-2022-38449 – Out-of-bounds Read vulnerability leading to Memory leak Severity: Important CVE-2022-38450 – Stack-Based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-42339 – Stack-Based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical Tue, 11 Oct 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-adobe-october-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-october-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the October 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary. CVE-2022-38051 – Windows Graphics Component Elevation of Privilege Vulnerability Severity: Important Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-37970 – Windows DWM Core Library Elevation of Privilege Vulnerability Severity: Important Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox Affected Software Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-38050 – Win32k Elevation of Privilege Vulnerability Severity: Important Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox Affected Software Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-37989 – Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Severity: Important Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 11 Version 22H2 for x64based Systems Windows 11 Version 22H2 for ARM64based Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-38053 – Microsoft SharePoint Server Remote Code Execution Vulnerability Severity: Important Subscriptions Required Advanced Threat Protection Affected Software Windows Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Tue, 11 Oct 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-october-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-windows-september-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the September 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary. CVE-2022-35803 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows RT 8.1 Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2016 Windows 10 Version 1607 for 32bit Systems Windows Server 2012 (Server Core installation) Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2012 R2 (Server Core installation) Windows 10 for 32bit Systems Windows 7 for x64based Systems Service Pack 1 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2019 Windows 10 Version 1607 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows 10 Version 1809 for x64based Systems Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows 7 for 32bit Systems Service Pack 1 Windows 10 Version 1809 for 32bit Systems Windows 10 for x64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows 10 Version 21H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows 10 Version 20H2 for ARM64based Systems Windows 11 for ARM64based Systems Windows Server 2022 Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 1809 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 21H1 for 32bit Systems Windows Server 2022 Azure Edition Core Hotpatch Windows 10 Version 21H1 for x64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 10 Version 21H2 for ARM64based Systems CVE-2022-37957 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-34729 – Windows GDI Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Tue, 13 Sep 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-windows-september-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-7-new-vulnerabilities-for-adobe-august-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 7 vulnerabilities included in the August 2022 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary. APSB22-39 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Affected Software Acrobat DC Continuous 22.001.20169 and earlier versions for Windows & macOS Acrobat Reader DC Continuous 22.001.20169 and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 20.005.30362 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 20.005.30362 and earlier versions for Windows & macOS Acrobat 2017 Classic 2017 17.012.30249 and earlier versions for Windows & macOS Acrobat Reader 2017 Classic 2017 17.012.30249 and earlier versions for Windows & macOS CVE-2022-35665 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-35666 – Improper Input Validation vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-35667 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-35668 – Improper Input Validation vulnerability leading to Memory leak Severity: Important CVE-2022-35670 – Use After Free vulnerability leading to Memory leak Severity: Important CVE-2022-35671 – Out-of-bounds read vulnerability leading to Memory leak Severity: Important CVE-2022-35678 – Out-of-bounds read vulnerability leading to Memory leak Severity: Important Wed, 10 Aug 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-7-new-vulnerabilities-for-adobe-august-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-august-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the August 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary. CVE-2022-35793 – Windows Print Spooler Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems CVE-2022-35750 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-34713 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-35755 – Windows Print Spooler Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-34699 – Windows Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Wed, 10 Aug 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-august-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-20-new-vulnerabilities-for-adobe-july-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 20 vulnerabilities included in the July 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections, as necessary. APSB22-32 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Affected Software Acrobat DC Continuous 22.001.20142 and earlier versions for Windows & macOS Acrobat Reader DC Continuous 22.001.20142 and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 20.005.30334 and earlier versions for Windows & 20.005.30331 for macOS Acrobat Reader 2020 Classic 20.005.30334 and earlier versions for Windows & 20.005.30331 for macOS Acrobat 2017 Classic 2017 17.012.30229 and earlier versions for Windows & 17.012.30227 for macOS Acrobat Reader 2017 Classic 2017 17.012.30229 and earlier versions for Windows & 17.012.30227 for macOS CVE-2022-34230 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34229 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34228 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34227 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34226 – Out-of-bounds Read vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34225 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34224 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34223 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34222 – Out-of-bounds Read vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34237 – Use After Free vulnerability leading to Memory leak Severity: Important CVE-2022-34239 – Out-of-bounds Read vulnerability leading to Memory leak Severity: Important CVE-2022-34236 – Out-of-bounds Read vulnerability leading to Memory leak Severity: Important CVE-2022-34221 – Access of Resource Using Incompatible Type ('Type Confusion') vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34234 – Use After Free vulnerability leading to Memory leak Severity: Important CVE-2022-34220 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34219 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34217 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34216 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-34233 – Use After Free vulnerability leading to Memory leak Severity: Important CVE-2022-34215 – Out-of-bounds Read vulnerability leading to Arbitrary code execution Severity: Critical Tue, 12 Jul 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-20-new-vulnerabilities-for-adobe-july-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-windows-july-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 4 vulnerabilities included in the July 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections, as necessary. CVE-2022-22047 – Windows CSRSS Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-30220 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-22034 – Windows Graphics Component Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-30202 – Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Tue, 12 Jul 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-windows-july-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-june-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the June 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections, as necessary. CVE-2022-30147 – Windows Installer Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-30160 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Wed, 15 Jun 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-june-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-windows-may-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 4 vulnerabilities included in the May 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections, as necessary. CVE-2022-29104 – Windows Print Spooler Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-29142 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems CVE-2022-23279 – Windows ALPC Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems CVE-2022-23270 – Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Severity: Critical Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 10 May 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-windows-may-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-61-new-vulnerabilities-for-adobe-acrobat-and-reader-april-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 61 vulnerabilities included in the April 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary. APSB22-16 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical, important, and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak, security feature bypass and privilege escalation. Affected Software Acrobat DC Continuous 22.001.20085 and earlier versions for Windows Acrobat Reader DC Continuous 22.001.20085 and earlier versions for Windows Acrobat 2020 Classic 2020 20.005.30314 and earlier versions for Windows & 20.005.30311 for macOS Acrobat Reader 2020 Classic 20.005.30311 and earlier versions for Windows & 20.005.30311 macOS Acrobat 2017 Classic 2017 17.012.30205 and earlier versions for Windows & macOS Acrobat Reader 2017 Classic 2017 17.012.30205 and earlier versions for Windows & macOS CVE-2022-24101 – Use After Free vulnerability leading to Memory Leak Severity: Moderate CVE-2022-24103 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-24104 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27785 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-24102 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27786 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27787 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27788 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27789 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27790 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27791 – Stack-based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27792 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27793 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27794 – Access Uninitialized Pointer vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27795 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27796 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27797 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27798 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27799 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27800 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27801 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-27802 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28230 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28231 – Out-of-bounds Read vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28232 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28233 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28234 – Heap-based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28235 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28236 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28237 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28238 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28239 – Out-of-bounds Read vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28240 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28241 – Out-of-bounds Read vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28242 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28243 – Out-of-bounds Read vulnerability leading to Arbitrary code execution Severity: Critical CVE-2022-28244 – Violation of Secure Design Principles leading to Arbitrary code execution Severity: Important CVE-2022-28245 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Critical CVE-2022-28246 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28248 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28249 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28250 – Use After Free vulnerability leading to Memory Leak Severity: Important CVE-2022-28251 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28252 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28253 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28254 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28255 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28256 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28257 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28258 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28259 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28260 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28261 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28262 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28263 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28264 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28265 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28266 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28267 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28268 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important CVE-2022-28269 – Out-of-bounds Read vulnerability leading to Memory Leak Severity: Important Tue, 12 Apr 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-61-new-vulnerabilities-for-adobe-acrobat-and-reader-april-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-8-new-vulnerabilities-for-windows-april-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 8 vulnerabilities included in the April 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary. CVE-2022-24481 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-24542 – Windows Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-24546 – Windows DWM Core Library Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-26914 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-24521 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems CVE-2022-26904 – Windows User Profile Service Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems CVE-2022-24547 – Windows Digital Media Receiver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-24474 – Windows Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 12 Apr 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-8-new-vulnerabilities-for-windows-april-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-march-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the March 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the March release and deploy additional protections, as necessary. CVE-2022-24507 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems CVE-2022-23299 – Windows PDEV Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems CVE-2022-23285 – Remote Desktop Client Remote Code Execution Vulnerability Severity: Important Affected Software Windows RT 8.1 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems CVE-2022-24502 – Windows HTML Platforms Security Feature Bypass Vulnerability Severity: Important Affected Software Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2022 Azure Edition Core Hotpatch CVE-2022-23286 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Wed, 09 Mar 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-march-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-feb-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the February 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections, as necessary. CVE-2022-21989 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-21994 – Windows DWM Core Library Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-21996 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems CVE-2022-22000 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-22715 – Named Pipe File System Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Azure Edition Core Hotpatch Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 08 Feb 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-feb-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-25-new-adobe-vulnerabilities-jan-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 25 vulnerabilities included in the January 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary. APSB22-01 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical, important, and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak, application denial of service, security feature bypass and privilege escalation. Affected Software Acrobat DC Continuous 21.007.20099and earlier versions for Windows Acrobat Reader DC Continuous 21.007.20099 and earlier versions for Windows Acrobat DC Continuous 21.007.20099 and earlier versions for macOS Acrobat Reader DC Continuous 21.007.20099 and earlier versions for macOS Acrobat 2020 Classic 2020 20.004.30017 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 20.004.30017 and earlier versions for Windows & macOS Acrobat 2017 Classic 2017 17.011.30204 and earlier versions for Windows & macOS Acrobat Reader 2017 Classic 2017 17.011.30204 and earlier versions for Windows & macOS CVE-2021-44701 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2021-44702 – Improper Access Control vulnerability leading to Privilege escalation Severity: Critical CVE-2021-44703 – Stack-based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical CVE-2021-44704 – Use After Free vulnerability leading to Arbitrary code execution Severity: Critical CVE-2021-44705 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2021-44706 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2021-44707 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2021-44708 – Heap-based Buffer Overflow vulnerability leading to Arbitrary code execution Severity: Critical CVE-2021-44709 – Heap-based Buffer Overflow vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2021-44710 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2021-44712 – Improper Input Validation vulnerability leading to Application denial-of-service. Severity: Important CVE-2021-44713 – Use After Free vulnerability leading to Application denial-of-service. Severity: Important CVE-2021-44714 – Violation of Secure Design Principles vulnerability leading to Security feature bypass. Severity: Moderate CVE-2021-44715 – Out-of-bounds Read vulnerability leading to Memory Leak. Severity: Moderate CVE-2021-44739 – Improper Input Validation vulnerability leading to Security feature bypass Severity: Moderate CVE-2021-44740 – NULL Pointer Dereference vulnerability leading to Application denial-of-service. Severity: Moderate CVE-2021-44741 – NULL Pointer Dereference vulnerability leading to Application denial-of-service. Severity: Moderate CVE-2021-44742 – Out-of-bounds Read vulnerability leading to Memory Leak. Severity: Moderate CVE-2021-45060 – Out-of-bounds Read vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2021-45061 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical CVE-2021-45062 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2021-45063 – Use After Free vulnerability leading to Privilege escalation Severity: Moderate CVE-2021-45064 – Use After Free vulnerability leading to Arbitrary code execution. Severity: Critical CVE-2021-45067 – Access of Memory Location After End of Buffer vulnerability leading to Memory Leak. Severity: Important CVE-2021-45068 – Out-of-bounds Write vulnerability leading to Arbitrary code execution Severity: Critical Wed, 12 Jan 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-25-new-adobe-vulnerabilities-jan-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-windows-jan-2022 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 6 vulnerabilities included in the January 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary. CVE-2022-21881 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows Server 2016 (Server Core installation) Windows 10 Version 1809 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems CVE-2022-21882 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems CVE-2022-21887 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 11 for ARM64based Systems Windows 11 for x64based Systems CVE-2022-21897 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows RT 8.1 Windows 8.1 for x64based systems Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Windows Server 2012 R2 (Server Core installation) Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) CVE-2022-21908 – Windows Installer Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2022-21916 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 21H2 for x64based Systems Windows 10 Version 21H2 for ARM64based Systems Windows 10 Version 21H2 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Wed, 12 Jan 2022 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-windows-jan-2022 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-microsoft-windows-december-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the December 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the December release and deploy additional protections, as necessary. CVE-2021-41333 – Windows Print Spooler Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2021-43226 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2021-43883 – Windows Installer Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 14 Dec 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-microsoft-windows-december-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-microsoft-windows-november-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the November 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections, as necessary. CVE-2021-42292 – Microsoft Excel Security Feature Bypass Vulnerability. Severity: Important Affected Software Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Excel 2016 (32-bit edition) Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC for Mac 2021 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for Mac Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions CVE-2021-42298 – Microsoft Defender Remote Code Execution Vulnerability. Severity: Critical Affected Software Microsoft Malware Protection Engine CVE-2021-38666 – Remote Desktop Client Remote Code Execution Vulnerability. Severity: Critical Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Remote Desktop client for Windows Desktop Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 09 Nov 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-microsoft-windows-november-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-adobe-vulnerabilities-october-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 3 vulnerabilities included in the October 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary. APSB21-104 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Affected Software Acrobat DC Continuous 2021.007.20095 and earlier versions for Windows Acrobat Reader DC Continuous 2021.007.20095 and earlier versions for Windows Acrobat DC Continuous 2021.007.20096 and earlier versions for macOS Acrobat Reader DC Continuous 2021.007.20096 and earlier versions for macOS Acrobat 2020 Classic 2020 2020.004.30015 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 2020 2020.004.30015 and earlier versions for Windows & macOS Acrobat 2017 Classic 2017 17.011.30202 and earlier versions for Windows & macOS Acrobat Reader 2017 Classic 2017 17.011.30202 and earlier versions for Windows & macOS CVE-2021-40729 – Out-of-bounds Read vulnerability leading to Privilege escalation. Severity: Moderate CVE-2021-40730 – Use After Free vulnerability leading to Privilege escalation. Severity: Moderate CVE-2021-40731 – Out-of-bounds Write leading to Arbitrary code execution. Severity: Critical Tue, 12 Oct 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-adobe-vulnerabilities-october-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-microsoft-windows-october-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 6 vulnerabilities included in the October 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary. CVE-2021-41357 – Win32k elevation of Privilege Vulnerability Severity: Important Affected Software Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems CVE-2021-40487 – Microsoft SharePoint Server Remote Code Execution Vulnerability. Severity: Important Affected Software Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 CVE-2021-40450 – Win32k Elevation of Privilege Vulnerability. Severity: Important Affected Software Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2021-40467 – Windows Common Log File System Driver Elevation of Privilege Vulnerability. Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2021-40470 – DirectX Graphics Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2021-40449 – Win32k Elevation of Privilege Vulnerability. Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64based Systems Service Pack 2 Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 11 for ARM64based Systems Windows 11 for x64based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Tue, 12 Oct 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-microsoft-windows-october-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-adobe-september-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 4 vulnerabilities included in the September 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary. APSB21-55 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical, important, and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Affected Software Acrobat DC Continuous 2021.005.20060 and earlier versions for Windows Acrobat Reader DC Continuous 2021.005.20060 and earlier versions for Windows Acrobat DC Continuous 2021.005.20058 and earlier versions for macOS Acrobat Reader DC Continuous 2021.005.20058 and earlier versions for macOS Acrobat 2020 Classic 2020 2020.004.30006 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 2020 2020.004.30006 and earlier versions for Windows & macOS Acrobat 2017 Classic 2017 2017.011.30199 and earlier versions for Windows & macOS Acrobat Reader 2017 Classic 2017 2017.011.30199 and earlier versions for Windows & macOS CVE-2021-39836 – Use After Free leading to Arbitrary code execution. Severity: Critical CVE-2021-39842 – Use After Free leading to Arbitrary code execution. Severity: Critical CVE-2021-39843 – Out-of-bounds Write leading to Memory leak. Severity: Critical CVE-2021-39845 – Stack-based Buffer Overflow leading to Arbitrary code execution. Severity: Critical Tue, 14 Sep 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-adobe-september-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-september-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the September 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary. CVE-2021-38633 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) CVE-2021-40444 – Microsoft MSHTML Remote Code Execution Vulnerability Severity: Important Affected Software Windows 7 for x64-based Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for x64-based systems Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 8.1 for 32-bit systems Windows 8.1 for 32-bit systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2021-36955 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 14 Sep 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-september-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-microsoft-windows-august-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the August 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary. CVE-2021-34480 – Scripting Engine Memory Corruption Vulnerability Severity: Critical Affected Software Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems CVE-2021-34535 – Remote Desktop Client Remote Code Execution Vulnerability Severity: Critical Affected Software Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 R2 for x64based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 7 for x64based Systems Service Pack 1 Windows 7 for 32bit Systems Service Pack 1 Windows Server 2016 Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows 10 Version 21H1 for 32bit Systems Windows 10 Version 21H1 for ARM64based Systems Windows 10 Version 21H1 for x64based Systems Remote Desktop client for Windows Desktop Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for 32bit Systems Windows Server 2019 Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for 32bit Systems Tue, 10 Aug 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-microsoft-windows-august-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-adobe-july-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 2 vulnerabilities included in the July 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections, as necessary. APSB21-51 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Affected Software Acrobat DC Continuous 2021.005.20054 and earlier versions for Windows and macOS Acrobat Reader DC Continuous 2021.005.20054 and earlier versions for Windows and macOS Acrobat 2020 Classic 2020 2020.004.30005 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 2020 2020.004.30005 and earlier versions for Windows & macOS Acrobat 2017 Classic 2017 2017.011.30197 and earlier versions for Windows & macOS Acrobat Reader 2017 Classic 2017 2017.011.30197 and earlier versions for Windows & macOS CVE-2021-28635 – Use After Free leading to Arbitrary code execution. Severity: Critical CVE-2021-28640 – Use After Free leading to Arbitrary code execution. Severity: Critical Tue, 13 Jul 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-adobe-july-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-microsoft-windows-july-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the July 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections, as necessary. CVE-2021-31979 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) CVE-2021-33771 – Windows Kernel Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability Severity: Critical Affected Software Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2012 Windows Server 2012 R2 CVE-2021-34449 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability Severity: Critical Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Tue, 13 Jul 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-microsoft-windows-july-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-microsoft-windows-june-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 6 vulnerabilities included in the June 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections, as necessary. CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability Severity: Important Affected Software Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2021-31952 – Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2021-31954 – Windows Common Log File System Driver Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2021-31959 – Scripting Engine Memory Corruption Vulnerability Severity: Critical Affected Software Windows RT 8.1 Windows 7 for 32-bit Systems Service Pack 1 Windows 10 for x64-based Systems Windows 7 for x64-based Systems Service Pack 1 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows 10 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 20H2 for 32-bit Systems Windows 8.1 for x64-based systems Windows Server 2019 Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Tue, 08 Jun 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-microsoft-windows-june-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-1-new-adobe-vulnerability-june-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 1 vulnerability included in the June 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections, as necessary. APSB21-37 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Affected Software Acrobat DC Continuous 2021.001.20155 and earlier versions for Windows Acrobat Reader DC Continuous 2021.001.20155 and earlier versions for Windows Acrobat DC Continuous 2021.001.20155 and earlier versions for macOS Acrobat Reader DC Continuous 2021.001.20155 and earlier versions for macOS Acrobat 2020 Classic 2020 2020.001.30025 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 2020 2020.001.30025 and earlier versions for Windows & macOS Acrobat 2017 Classic 2017 2017.011.30196 and earlier versions for Windows & macOS Acrobat Reader 2017 Classic 2017 2017.011.30196 and earlier versions for Windows & macOS CVE-2021-28554 – Out-of-bounds read leading to Arbitrary code execution. Severity: Critical Tue, 08 Jun 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-1-new-adobe-vulnerability-june-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-internet-explorer-microsoft-may-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the May 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections, as necessary. CVE-2021-26419 – Scripting Engine Memory Corruption Vulnerability Severity: Critical Affected Software Internet Explorer 11 on Windows Server 2016 Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems Internet Explorer 11 on Windows Server 2019 Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems Internet Explorer 11 on Windows 10 Version 20H2 for x64-based Systems Internet Explorer 11 on Windows 10 Version 20H2 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 20H2 for ARM64-based Systems Internet Explorer 11 on Windows 10 for 32-bit Systems Internet Explorer 11 on Windows 10 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 Internet Explorer 11 on Windows 8.1 for 32-bit systems Internet Explorer 11 on Windows 8.1 for x64-based systems Internet Explorer 11 on Windows RT 8.1 Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Internet Explorer 11 on Windows Server 2012 Internet Explorer 11 on Windows Server 2012 R2 CVE-2021-31170 – Windows Graphics Component Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) CVE-2021-31188 – Windows Graphics Component Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Wed, 12 May 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-internet-explorer-microsoft-may-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-windows-april-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the April 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary. CVE-2021-28310 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems CVE-2021-28319 – Windows TCP/IP Driver Denial of Service Vulnerability Severity: Important Affected Software Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems CVE-2021-28442 – Windows TCP/IP Information Disclosure Vulnerability Severity: Important Affected Software Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Wed, 14 Apr 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-windows-april-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-7-new-vulnerabilities-for-microsoft-windows-march-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 7 vulnerabilities included in the March 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the March release and deploy additional protections, as necessary. Zscaler has published an advisory last week regarding the coverage for exploits related to Microsoft Exchange Servers. Zscaler has also published a blog on how to Disrupt the Microsoft Exchange Attacks with Zero Trust Architecture. CVE-2021-24095 – DirectX Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) CVE-2021-26411 – Internet Explorer Memory Corruption Vulnerability Severity: Critical Affected Software Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems Internet Explorer 11 on Windows Server 2019 Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems Internet Explorer 11 on Windows 10 Version 20H2 for x64-based Systems Internet Explorer 11 on Windows 10 Version 20H2 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 20H2 for ARM64-based Systems Internet Explorer 11 on Windows 10 for 32-bit Systems Internet Explorer 11 on Windows 10 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 Internet Explorer 11 on Windows 8.1 for 32-bit systems Internet Explorer 11 on Windows 8.1 for x64-based systems Internet Explorer 11 on Windows RT 8.1 Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Internet Explorer 11 on Windows Server 2012 Internet Explorer 11 on Windows Server 2012 R2 Internet Explorer 11 on Windows Server 2016 Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems. Microsoft Edge (EdgeHTML-based) on Windows Server 2019 Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for 32-bit Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for ARM64-based Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for x64-based Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 20H2 for x64-based Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 20H2 for 32-bit Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 20H2 for ARM64-based Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems. Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems. Microsoft Edge (EdgeHTML-based) on Windows Server 2016 CVE-2021-26855 – Microsoft Exchange Server Remote Code Execution Vulnerability Severity: Critical Affected Software Microsoft Exchange Server 2016 Cumulative Update 19 Microsoft Exchange Server 2019 Cumulative Update 8 Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 7 Microsoft Exchange Server 2016 Cumulative Update 18 CVE-2021-26863 – Windows Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) CVE-2021-26868 – Windows Graphics Component Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) CVE-2021-26877 – Windows DNS Server Remote Code Execution Vulnerability Severity: Important Affected Software Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) CVE-2021-26897 – Windows DNS Server Remote Code Execution Vulnerability Severity: Critical Affected Software Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Wed, 10 Mar 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-7-new-vulnerabilities-for-microsoft-windows-march-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-microsoft-windows-february-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 4 vulnerabilities included in the February 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections, as necessary. CVE-2021-1698 – Windows Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) CVE-2021-1732 – Windows Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) CVE-2021-24072 – Microsoft SharePoint Server Remote Code Execution Vulnerability Severity: Important Affected Software Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Foundation 2013 Service Pack 1 CVE-2021-24078 – Windows DNS Server Remote Code Execution Vulnerability Severity: Critical Affected Software Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 2004 (Server Core installation) Windows Server, version 20H2 (Server Core Installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Wed, 10 Feb 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-microsoft-windows-february-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-13-new-adobe-vulnerabilities-february-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 13 vulnerabilities included in the February 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections, as necessary. APSB21-09 – Security updates available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Affected Software Acrobat DC Continuous 2020.013.20074 and earlier versions for Windows & macOS Acrobat Reader DC Continuous 2020.013.20074 and earlier versions for Windows & macOS Acrobat 2020 Classic 2020 2020.001.30018 and earlier versions for Windows & macOS Acrobat Reader 2020 Classic 2020 2020.001.30018 and earlier versions for Windows & macOS Acrobat 2017 Classic 2017 2017.011.30188 and earlier versions for Windows & macOS Acrobat Reader 2017 Classic 2017 2017.011.30188 and earlier versions for Windows & macOS CVE-2021-21017 – Heap-based Buffer Overflow leading to Arbitrary code execution. Severity: Critical Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox CVE-2021-21021 – Use After Free leading to Arbitrary code execution. Severity: Critical Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox CVE-2021-21028 – Use After Free leading to Arbitrary code execution. Severity: Critical Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox CVE-2021-21035 – Use After Free leading to Arbitrary code execution. Severity: Critical Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox CVE-2021-21039 – Use After Free leading to Arbitrary code execution. Severity: Critical Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox CVE-2021-21040 – Use After Free leading to Arbitrary code execution. Severity: Critical Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox CVE-2021-21041 – Use After Free leading to Arbitrary code execution. Severity: Critical Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox CVE-2021-21042 – Out-of-bounds Read leading to Privilege escalation. Severity: Important Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox CVE-2021-21057 – NULL Pointer Dereference leading to Information Disclosure. Severity: Important Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox CVE-2021-21058 – Buffer overflow leading to Arbitrary code execution. Severity: Critical Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox CVE-2021-21059 – Buffer overflow leading to Arbitrary code execution. Severity: Critical Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox CVE-2021-21062 – Buffer overflow leading to Arbitrary code execution. Severity: Critical Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox CVE-2021-21063 – Buffer overflow leading to Arbitrary code execution. Severity: Critical Subscriptions Required Advanced Threat Protection Advanced Cloud Sandbox Tue, 09 Feb 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-13-new-adobe-vulnerabilities-february-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-microsoft-windows-january-2021 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the January 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary. CVE-2021-1647 – Microsoft Defender Remote Code Execution Vulnerability Severity: Critical Affected Software Microsoft System Center Endpoint Protection Microsoft System Center 2012 R2 Endpoint Protection Microsoft Security Essentials Microsoft System Center 2012 Endpoint Protection Windows Defender on Windows 10 Version 1803 for 32-bit Systems Windows Defender on Windows 10 Version 1803 for x64-based Systems Windows Defender on Windows 10 Version 1803 for ARM64-based Systems Windows Defender on Windows 10 Version 1809 for 32-bit Systems Windows Defender on Windows 10 Version 1809 for x64-based Systems Windows Defender on Windows 10 Version 1809 for ARM64-based Systems Windows Defender on Windows Server 2019 Windows Defender on Windows Server 2019 (Server Core installation) Windows Defender on Windows 10 Version 1909 for 32-bit Systems Windows Defender on Windows 10 Version 1909 for x64-based Systems Windows Defender on Windows 10 Version 1909 for ARM64-based Systems Windows Defender on Windows Server, version 1909 (Server Core installation) Windows Defender on Windows 10 Version 1903 for 32-bit Systems Windows Defender on Windows 10 Version 1903 for x64-based Systems Windows Defender on Windows 10 Version 1903 for ARM64-based Systems Windows Defender on Windows Server, version 1903 (Server Core installation) Windows Defender on Windows 10 Version 2004 for 32-bit Systems Windows Defender on Windows 10 Version 2004 for ARM64-based Systems Windows Defender on Windows 10 Version 2004 for x64-based Systems Windows Defender on Windows Server, version 2004 (Server Core installation) Windows Defender on Windows 10 Version 20H2 for x64-based Systems Windows Defender on Windows 10 Version 20H2 for 32-bit Systems Windows Defender on Windows 10 Version 20H2 for ARM64-based Systems Windows Defender on Windows Server, version 20H2 (Server Core Installation) Windows Defender on Windows 10 for 32-bit Systems Windows Defender on Windows 10 for x64-based Systems Windows Defender on Windows 10 Version 1607 for 32-bit Systems Windows Defender on Windows 10 Version 1607 for x64-based Systems Windows Defender on Windows Server 2016 Windows Defender on Windows Server 2016 (Server Core installation) Windows Defender on Windows 7 for 32-bit Systems Service Pack 1 Windows Defender on Windows 7 for x64-based Systems Service Pack 1 Windows Defender on Windows 8.1 for 32-bit systems Windows Defender on Windows 8.1 for x64-based systems Windows Defender on Windows RT 8.1 Windows Defender on Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Defender on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Defender on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Defender on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Defender on Windows Server 2012 Windows Defender on Windows Server 2012 (Server Core installation) Windows Defender on Windows Server 2012 R2 Windows Defender on Windows Server 2012 R2 (Server Core installation) CVE-2021-1707 – Microsoft SharePoint Server Remote Code Execution Vulnerability Severity: Important Affected Software Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Foundation 2010 Service Pack 2 Microsoft SharePoint Foundation 2013 Service Pack 1 CVE-2021-1709 – Windows Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for ARM64-based Systems Windows Server, version 1903 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Tue, 12 Jan 2021 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-microsoft-windows-january-2021 https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-microsoft-windows-december-2020 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the December 2020 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the December release and deploy additional protections, as necessary. CVE-2020-17144 – Microsoft Exchange Remote Code Execution Vulnerability Severity: Important Affected Software Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 31 A remote code execution vulnerability exists in Microsoft Exchange server. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. CVE-2020-17096 – Windows NTFS Remote Code Execution Vulnerability Severity: Important Affected Software Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows RT 8.1 Windows 8.1 for x64based systems Windows 8.1 for 32bit systems Windows 10 for x64based Systems Windows 10 for 32bit Systems Windows 10 Version 20H2 for x64based Systems Windows 10 Version 20H2 for ARM64based Systems Windows 10 Version 20H2 for 32bit Systems Windows 10 Version 2004 for x64based Systems Windows 10 Version 2004 for ARM64based Systems Windows 10 Version 2004 for 32bit Systems Windows 10 Version 1909 for x64based Systems Windows 10 Version 1909 for ARM64based Systems Windows 10 Version 1909 for 32bit Systems Windows 10 Version 1903 for x64based Systems Windows 10 Version 1903 for ARM64based Systems Windows 10 Version 1903 for 32bit Systems Windows 10 Version 1809 for x64based Systems Windows 10 Version 1809 for ARM64based Systems Windows 10 Version 1809 for 32bit Systems Windows 10 Version 1803 for x64based Systems Windows 10 Version 1803 for ARM64based Systems Windows 10 Version 1803 for 32bit Systems Windows 10 Version 1607 for x64based Systems Windows 10 Version 1607 for 32bit Systems An elevation of privilege vulnerability exists in Windows NTFS system. A local attacker could run a specially crafted application that would elevate the attacker's privileges. A remote attacker with SMBv2 access to a vulnerable system could send specially crafted requests over a network to exploit this vulnerability and execute code on the target system. Tue, 08 Dec 2020 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-2-new-vulnerabilities-microsoft-windows-december-2020 https://www.zscaler.com/security-advisories/zscaler-protects-against-9-new-vulnerabilities-microsoft-windows-november-2020 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 9 vulnerabilities included in the November 2020 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections, as necessary. CVE-2020-17061 – Microsoft SharePoint Remote Code Execution Vulnerability Severity: Important Affected Software Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Foundation 2010 Service Pack 2 Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 A remote code execution vulnerability exists in Microsoft SharePoint Service. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. CVE-2020-17057 – Windows Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server, version 1903 (Server Core installation) Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems An elevation of privilege vulnerability exists in Windows. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. CVE-2020-17051 – Windows Network File System Remote Code Execution Vulnerability Severity: Critical Affected Software Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server, version 1903 (Server Core installation) Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems A remote code execution vulnerability exists in Windows Network File System. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. CVE-2020-17053 – Internet Explorer Memory Corruption Vulnerability Severity: Critical Affected Software Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems Internet Explorer 11 on Windows Server 2019 Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 20H2 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 20H2 for x64-based Systems Internet Explorer 11 on Windows 10 Version 20H2 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems A memory corruption vulnerability exists in the way Internet Explorer handles objects in memory. CVE-2020-17010 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for 32-bit Systems An elevation of privilege vulnerability exists in Windows. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. CVE-2020-17038 – Win32k Elevation of Privilege Vulnerability Severity: Critical Affected Software Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems An elevation of privilege vulnerability exists in Windows. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. CVE-2020-16998 – DirectX Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. CVE-2020-17087 – Windows Kernel Local Elevation of Privilege Vulnerability Severity: Important Affected Software Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems An elevation of privilege vulnerability exists in Windows. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. CVE-2020-17047 – Windows Network File System Denial of Service Vulnerability Severity: Important Affected Software Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems A denial of service vulnerability exists when the Windows NFS server. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding. Tue, 10 Nov 2020 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-9-new-vulnerabilities-microsoft-windows-november-2020 https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-microsoft-windows-october-2020 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 4 vulnerabilities included in the October 2020 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary. CVE-2020-16898 – Windows TCP/IP Remote Code Execution Vulnerability Severity: Critical Affected Software Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for ARM64-based Systems Windows Server, version 1903 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. CVE-2020-16899 – Windows TCP/IP Denial of Service Vulnerability Severity: Important Affected Software Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for ARM64-based Systems Windows Server, version 1903 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. The vulnerability would not allow an attacker to execute code or to elevate user rights directly. CVE-2020-16907 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for ARM64-based Systems Windows Server, version 1903 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. CVE-2020-16913 – Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for ARM64-based Systems Windows Server, version 1903 (Server Core installation) Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows Server, version 2004 (Server Core installation) An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Tue, 13 Oct 2020 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-microsoft-windows-october-2020 https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-microsoft-windows-september-2020 Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the September 2020 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary. CVE-2020-0856 – Active Directory Information Disclosure Vulnerability Severity: Important Affected Software Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 2004 (Server Core installation) An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system. To exploit this condition, an authenticated attacker would need to send a specially crafted request to the AD|DNS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system. CVE-2020-1152 – Windows Win32k Elevation of Privilege Vulnerability Severity: Important Affected Software Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 2004 (Server Core installation) An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. CVE-2020-0664 – Active Directory Information Disclosure Vulnerability Severity: Important Affected Software Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 2004 (Server Core installation) An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system. To exploit this condition, an authenticated attacker would need to send a specially crafted request to the AD|DNS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system. Thu, 10 Sep 2020 12:00:00 +0000 [email protected] https://www.zscaler.com/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-microsoft-windows-september-2020