Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 25 vulnerabilities included in the May 2015 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections as necessary.
MS15-043 - Cumulative Security Update for Internet Explorer
CVE-2015-1658 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1685 - Internet Explorer ASLR Bypass
CVE-2015-1686 - VBScript and JScript ASLR Bypass
CVE-2015-1688 - Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-1689 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1692 - Internet Explorer Clipboard Information Disclosure Vulnerability
CVE-2015-1706 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1708 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1709 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1710 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1711 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1713 - Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-1714 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1718 - Internet Explorer Memory Corruption Vulnerability
Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
MS15-044 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
CVE-2015-1671 – TrueType Font Parsing Vulnerability
Description: An information disclosure vulnerability exists in Microsoft Windows when the Windows DirectWrite library improperly handles OpenType fonts. An attacker who successfully exploited this vulnerability could potentially read data which was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.
MS15-045 - Vulnerability in Windows Journal Could Allow Remote Code Execution
CVE-2015-1675 - Windows Journal Remote Code Execution Vulnerability
CVE-2015-1696 - Windows Journal Remote Code Execution Vulnerability
CVE-2015-1697 - Windows Journal Remote Code Execution Vulnerability
CVE-2015-1698 - Windows Journal Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Windows when a specially crafted Journal file is opened in Windows Journal. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS15-048 - Vulnerabilities in .NET Framework Could Allow Elevation of Privilege
CVE-2015-1672 - Microsoft Windows Kernel Memory Disclosure Vulnerability
Description: A denial of service vulnerability exists in Microsoft .NET Framework that could allow an unauthenticated attacker to degrade the performance of a .NET-enabled website and disrupt the availability of applications that use Microsoft .NET Framework. The vulnerability exists when Microsoft .NET Framework attempts to decrypt certain specially crafted XML data.
MS15-051 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
CVE-2015-1676 - Microsoft Windows Kernel Memory Disclosure Vulnerability
CVE-2015-1678 - Microsoft Windows Kernel Memory Disclosure Vulnerability
CVE-2015-1680 - Microsoft Windows Kernel Memory Disclosure Vulnerability
Description: Information disclosure vulnerabilities exist when the Windows kernel-mode driver leaks private address information during a function call, which could allow the disclosure of kernel memory contents revealing information about the system to an attacker. The information disclosure vulnerabilities by themselves do not allow arbitrary code execution. However, an attacker could use them in conjunction with another vulnerability to bypass security features, such as Address Space Layout Randomization (ASLR).
MS15-052 - Vulnerability in Windows Kernel Could Allow Security Feature Bypass
CVE-2015-1674 - Windows Kernel Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists when the Windows kernel fails to properly validate which mode the request comes from, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.
MS15-054 - Vulnerability in Microsoft Management Console File Format Could Allow Denial of Service
CVE-2015-1681 - Microsoft Management Console File Format Denial of Service Vulnerability
Description: This vulnerability allows an unauthenticated attacker to create a denial of service condition if the attacker can convince a user to open a share containing a specially crafted .msc file. However, the attacker has no means to force a user to visit the share or view the file.