Zenith Live is coming to Europe in October. Join us! Learn More
Zenith Live is coming to Europe in October. Join us!
Learn More

Zero trust security

Make it possible

Your Mission

 

Security Advisory - June 10, 2014

Zscaler Protects against Lync Server Information Disclosure and Multiple Remote Code Execution Vulnerabilities in Internet Explorer

 

 

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 14 vulnerabilities included in the June 2014 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections as necessary.

MS14-032 - Lync Server Content Sanitization Vulnerability

Severity: Important
Affected Software

  • SharePoint Server 2010
  • SharePoint Server 2013

CVE-2014-1823 – Microsoft Lync Server Could Allow Information Disclosure

Description: An information disclosure vulnerability exists when Lync Server fails to properly sanitize specially crafted content. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user's browser to obtain information from web sessions.

MS14-035 - Cumulative Security Update for Internet Explorer

Severity: Critical
Affected Software

  • Internet Explorer 6-11

CVE-2014-0282 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1762 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1766 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1769 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1772 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1785 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1789 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1791 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1795 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1797 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1800 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1804 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1805 – Internet Explorer Memory Corruption Vulnerability

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.