Global leaders are coming to Zenith Live. Are you? Learn More
Global leaders are coming to Zenith Live. Are you?
Learn More

 

Security Advisory - March 10, 2015

Zscaler Protects against Internet Explorer Corruption, Adobe Font Driver Remote Code Execution, SharePoint/Exchange Cross-Site Scripting, and Kernel Mode Information Disclosure Vulnerabilities

 

 

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 26 vulnerabilities included in the March 2015 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the March release and deploy additional protections as necessary.

MS15-018 - Cumulative Security Update for Internet Explorer

Severity: Critical
Affected Software

  • Internet Explorer 6-11

CVE-2015-0032 - VBScript Memory Corruption Vulnerability
CVE-2015-0056 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-0072 - Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-0099 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-0100 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1622 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1623 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1625 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1627 - Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-1634 - Internet Explorer Memory Corruption Vulnerability

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory.

MS15-021 - Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution

Severity: Important
Affected Software

  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1

CVE-2015-0087 - Adobe Font Driver Information Disclosure Vulnerability
CVE-2015-0089 - Adobe Font Driver Information Disclosure Vulnerability
CVE-2015-0090 - Adobe Font Driver Remote Code Execution Vulnerability
CVE-2015-0091 - Adobe Font Driver Remote Code Execution Vulnerability
CVE-2015-0092 - Adobe Font Driver Remote Code Execution Vulnerability
CVE-2015-0093 - Adobe Font Driver Remote Code Execution Vulnerability

Description: Information disclosure vulnerabilities exist in the Adobe Font Driver that could allow the disclosure of memory contents to an attacker. These vulnerabilities are caused when the Adobe Font Driver tries to read or display certain fonts. An attacker could use the vulnerabilities to gain information about the system that could then be combined with other attacks to compromise the system. The information disclosure vulnerabilities by themselves do not allow arbitrary code execution. However, an attacker could use these vulnerabilities in conjunction with another vulnerability to bypass security features such as Kernel Address Space Layout Randomization (KASLR).

MS15-022 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

Severity: Important
Affected Software

  • Office 2007
  • Office 2010
  • Office 2013
  • Office Web Apps 2010
  • SharePoint Server 2010
  • SharePoint Server 2013
  • Office Web Apps 2013

CVE-2015-0086 - Microsoft Office Memory Corruption Vulnerability
CVE-2015-1633 - Microsoft SharePoint XSS Vulnerability
CVE-2015-1636 - Microsoft SharePoint XSS Vulnerability

Description: A remote code execution vulnerability exists in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.

MS15-023 - Vulnerability in Microsoft Windows Could Allow Elevation of Privilege

Severity: Important
Affected Software

  • Windows Server 2003
  • Windows Vista SP2
  • Windows 7 SP1
  • Windows Server 2008 R2
  • Windows 8
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1

CVE-2015-0077 - Microsoft Windows Kernel Memory Disclosure Vulnerability
CVE-2015-0078 - Win32k Elevation of Privilege Vulnerability

Description: An information disclosure vulnerability exists in the Windows kernel-mode driver that could allow the disclosure of kernel memory contents to an attacker. This vulnerability is caused when the Windows kernel-mode driver fails to initialize function buffers in a manner that removes the results of previous function calls.

MS15-025 - Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege

Severity: Important
Affected Software

  • Windows Server 2003
  • Windows Vista SP2
  • Windows 7 SP1
  • Windows Server 2008 R2
  • Windows 8
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1

CVE-2015-0073 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege

Description: An elevation of privilege vulnerability exists in the way that Windows Registry Virtualization improperly allows a user to modify the virtual store of another user. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the account of another user who is logged on to the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts potentially with full user rights.

MS15-026 - Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege

Severity: Important
Affected Software

  • Exchange Server 2013 SP1

CVE-2015-1628 - OWA Modified Canary Parameter Cross Site Scripting Vulnerability
CVE-2015-1629 - Exchange DLP Cross Site Scripting Vulnerability
CVE-2015-1630 - Audit Report Cross Site Scripting Vulnerability
CVE-2015-1632 - Exchange Error Message Cross Site Scripting Vulnerability

Description: Elevation of privilege vulnerabilities exist when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. An attacker could exploit these vulnerabilities by modifying certain properties within Outlook Web App and then convincing users to browse to the targeted Outlook Web App site. An attacker who successfully exploited these vulnerabilities could run script in the context of the current user. The script could then, for example, use the victim's identity to take actions on the affected Outlook Web App site on behalf of the victim with the same permissions as the current user. Any system that is used to access an affected version of Outlook Web App would potentially be at risk to attack.