Security Advisory - December 11, 2012
Zscaler Protects Against Latest Microsoft’s Patch Cycle
Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following three web-based, client-side vulnerabilities included in the December 2012 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections as necessary.
MS12-077 – Cumulative Security Update for Internet Explorer (2761465)
Severity: Critical
Affected Software
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
CVE-2012-4787 - Improper Ref Counting Use After Free Vulnerability
Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted.
MS12-078 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534
Severity: Critical
Affected Software
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows 8
- Windows Server 2012
CVE-2012-2556 - OpenType Font Parsing Vulnerability
Description: A remote code execution vulnerability exists in the way that affected components handle a specially crafted OpenType font file.
MS12-079 – Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642
Severity: Critical
Affected Software
- Microsoft Office 2003
- Microsoft Office 2007
- Microsoft Office 2010
CVE-2012-2539 - Word RTF 'listoverridecount' Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted Rich Text Format (RTF) data.