Zero trust security

Make it possible

Your Mission

 

Security Advisory - January 10, 2012

Zscaler Protects Against Latest Microsoft’s Patch Cycle

 

 

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following six web based, client-side vulnerabilities included in the January 2012 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections as necessary.

MS12-002 – Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)

Severity: Important
Affected Software

  • WindowsXP
  • Windows Server 2003

CVE-2012-0009 - Object Packager Insecure Executable Launching Vulnerability

Description: A remote code execution vulnerability exists in the way that Windows registers and uses the Windows Object Packager.

MS12-004 – Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)

Severity: Important
Affected Software

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7

CVE-2012-0003 - MIDI Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in Windows Media Player.

CVE-2012-0004 - DirectShow Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Windows handles media files.

MS12-005 – Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)

Severity: Important
Affected Software

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7

CVE-2012-0013 - Assembly Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Windows Packager loads ClickOnce applications embedded in Microsoft Office files.

MS12-006 – Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)

Severity: Critical
Affected Software

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7

CVE-2011-3389 - SSL and TLS Protocols Vulnerability

Description: An information disclosure vulnerability exists in SSL 3.0 and TLS 1.0 encryption protocols.

MS12-007 – Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)

Severity: Important
Affected Software

  • Microsoft Anti-Cross Site Scripting Library V3.x
  • Microsoft Anti-Cross Site Scripting Library V4.0

CVE-2012-0007 - AntiXSS Library Bypass Vulnerability

Description: An information disclosure vulnerability exists when the Microsoft Anti-Cross Site Scripting (AntiXSS) Library incorrectly sanitizes specially crafted HTML.