Security Advisory - December 11, 2012

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following three web-based, client-side vulnerabilities included in the December 2012 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections as necessary.

MS12-077 – Cumulative Security Update for Internet Explorer (2761465)

Severity: Critical
Affected Software

• Internet Explorer 6
• Internet Explorer 7
• Internet Explorer 8
• Internet Explorer 9
• Internet Explorer 10

CVE-2012-4787 - Improper Ref Counting Use After Free Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted.   

MS12-078 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534

Severity: Critical
Affected Software

• Windows XP
• Windows Server 2003
• Windows Vista
• Windows Server 2008
• Windows 7
• Windows 8
• Windows Server 2012

CVE-2012-2556 - OpenType Font Parsing Vulnerability

Description: A remote code execution vulnerability exists in the way that affected components handle a specially crafted OpenType font file.

MS12-079 – Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642

Severity: Critical
Affected Software

• Microsoft Office 2003
• Microsoft Office 2007
• Microsoft Office 2010

CVE-2012-2539 - Word RTF 'listoverridecount' Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted Rich Text Format (RTF) data.