Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 26 vulnerabilities included in the March 2015 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the March release and deploy additional protections as necessary.
MS15-018 - Cumulative Security Update for Internet Explorer
CVE-2015-0032 - VBScript Memory Corruption Vulnerability
CVE-2015-0056 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-0072 - Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-0099 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-0100 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1622 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1623 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1625 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1627 - Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-1634 - Internet Explorer Memory Corruption Vulnerability
Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory.
MS15-021 - Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution
CVE-2015-0087 - Adobe Font Driver Information Disclosure Vulnerability
CVE-2015-0089 - Adobe Font Driver Information Disclosure Vulnerability
CVE-2015-0090 - Adobe Font Driver Remote Code Execution Vulnerability
CVE-2015-0091 - Adobe Font Driver Remote Code Execution Vulnerability
CVE-2015-0092 - Adobe Font Driver Remote Code Execution Vulnerability
CVE-2015-0093 - Adobe Font Driver Remote Code Execution Vulnerability
Description: Information disclosure vulnerabilities exist in the Adobe Font Driver that could allow the disclosure of memory contents to an attacker. These vulnerabilities are caused when the Adobe Font Driver tries to read or display certain fonts. An attacker could use the vulnerabilities to gain information about the system that could then be combined with other attacks to compromise the system. The information disclosure vulnerabilities by themselves do not allow arbitrary code execution. However, an attacker could use these vulnerabilities in conjunction with another vulnerability to bypass security features such as Kernel Address Space Layout Randomization (KASLR).
MS15-022 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
Description: A remote code execution vulnerability exists in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.
MS15-023 - Vulnerability in Microsoft Windows Could Allow Elevation of Privilege
Description: An information disclosure vulnerability exists in the Windows kernel-mode driver that could allow the disclosure of kernel memory contents to an attacker. This vulnerability is caused when the Windows kernel-mode driver fails to initialize function buffers in a manner that removes the results of previous function calls.
MS15-025 - Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege
CVE-2015-0073 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
Description: An elevation of privilege vulnerability exists in the way that Windows Registry Virtualization improperly allows a user to modify the virtual store of another user. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the account of another user who is logged on to the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts potentially with full user rights.
MS15-026 - Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege
CVE-2015-1628 - OWA Modified Canary Parameter Cross Site Scripting Vulnerability
CVE-2015-1629 - Exchange DLP Cross Site Scripting Vulnerability
CVE-2015-1630 - Audit Report Cross Site Scripting Vulnerability
CVE-2015-1632 - Exchange Error Message Cross Site Scripting Vulnerability
Description: Elevation of privilege vulnerabilities exist when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. An attacker could exploit these vulnerabilities by modifying certain properties within Outlook Web App and then convincing users to browse to the targeted Outlook Web App site. An attacker who successfully exploited these vulnerabilities could run script in the context of the current user. The script could then, for example, use the victim's identity to take actions on the affected Outlook Web App site on behalf of the victim with the same permissions as the current user. Any system that is used to access an affected version of Outlook Web App would potentially be at risk to attack.