Global leaders are coming to Zenith Live. Are you? Learn More
Global leaders are coming to Zenith Live. Are you?
Learn More

 

Security Advisory - May 12, 2015

Zscaler Protects against Internet Explorer Memory Corruption, GDI+ and Journal Remote Code Execution, .NET Framework and KMD Privilege Escalation Vulnerabilities

 

 

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 25 vulnerabilities included in the May 2015 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections as necessary.

MS15-043 - Cumulative Security Update for Internet Explorer

Severity: Critical
Affected Software

  • Internet Explorer 6-11

CVE-2015-1658 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1685 - Internet Explorer ASLR Bypass
CVE-2015-1686 - VBScript and JScript ASLR Bypass
CVE-2015-1688 - Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-1689 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1692 - Internet Explorer Clipboard Information Disclosure Vulnerability
CVE-2015-1706 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1708 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1709 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1710 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1711 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1713 - Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-1714 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1718 - Internet Explorer Memory Corruption Vulnerability

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS15-044 - Vulnerabilities in GDI+ Could Allow Remote Code Execution

Severity: Critical
Affected Software

  • Windows Server 2003 SP2
  • Windows Vista SP2
  • Windows Server 2008 SP2
  • Windows 7 SP1
  • Windows Server 2008 R2
  • Windows 8
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1

CVE-2015-1671TrueType Font Parsing Vulnerability

Description: An information disclosure vulnerability exists in Microsoft Windows when the Windows DirectWrite library improperly handles OpenType fonts. An attacker who successfully exploited this vulnerability could potentially read data which was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

MS15-045 - Vulnerability in Windows Journal Could Allow Remote Code Execution

Severity: Critical
Affected Software

  • Windows Vista SP2
  • Windows Server 2008 SP2
  • Windows 7 SP1
  • Windows Server 2008 R2
  • Windows 8
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1

CVE-2015-1675 - Windows Journal Remote Code Execution Vulnerability
CVE-2015-1696 - Windows Journal Remote Code Execution Vulnerability
CVE-2015-1697 - Windows Journal Remote Code Execution Vulnerability
CVE-2015-1698 - Windows Journal Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in Microsoft Windows when a specially crafted Journal file is opened in Windows Journal. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS15-048 - Vulnerabilities in .NET Framework Could Allow Elevation of Privilege

Severity: Important
Affected Software

  • Windows Server 2003 SP2
  • Windows Vista SP2
  • Windows Server 2008 SP2
  • Windows 7 SP1
  • Windows Server 2008 R2
  • Windows 8
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1

CVE-2015-1672 - Microsoft Windows Kernel Memory Disclosure Vulnerability

Description: A denial of service vulnerability exists in Microsoft .NET Framework that could allow an unauthenticated attacker to degrade the performance of a .NET-enabled website and disrupt the availability of applications that use Microsoft .NET Framework. The vulnerability exists when Microsoft .NET Framework attempts to decrypt certain specially crafted XML data.

MS15-051 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

Severity: Important
Affected Software

  • Windows Server 2003
  • Windows Vista SP2
  • Windows Server 2008 R2
  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1

CVE-2015-1676 - Microsoft Windows Kernel Memory Disclosure Vulnerability
CVE-2015-1678 - Microsoft Windows Kernel Memory Disclosure Vulnerability
CVE-2015-1680 - Microsoft Windows Kernel Memory Disclosure Vulnerability

Description: Information disclosure vulnerabilities exist when the Windows kernel-mode driver leaks private address information during a function call, which could allow the disclosure of kernel memory contents revealing information about the system to an attacker. The information disclosure vulnerabilities by themselves do not allow arbitrary code execution. However, an attacker could use them in conjunction with another vulnerability to bypass security features, such as Address Space Layout Randomization (ASLR).

MS15-052 - Vulnerability in Windows Kernel Could Allow Security Feature Bypass

Severity: Important
Affected Software

  • Windows 8
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1

CVE-2015-1674 - Windows Kernel Security Feature Bypass Vulnerability

Description: A security feature bypass vulnerability exists when the Windows kernel fails to properly validate which mode the request comes from, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.

MS15-054 - Vulnerability in Microsoft Management Console File Format Could Allow Denial of Service

Severity: Important
Affected Software

  • Windows Server 2003
  • Windows Vista SP2
  • Windows Vista SP2
  • Windows Server 2008 SP2
  • Windows 7 SP1
  • Windows Server 2008 SP1
  • Windows 8
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1

CVE-2015-1681 - Microsoft Management Console File Format Denial of Service Vulnerability

Description: This vulnerability allows an unauthenticated attacker to create a denial of service condition if the attacker can convince a user to open a share containing a specially crafted .msc file. However, the attacker has no means to force a user to visit the share or view the file.