Security Advisory - June 10, 2014

Zscaler Protects against Lync Server Information Disclosure and Multiple Remote Code Execution Vulnerabilities in Internet Explorer

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 14 vulnerabilities included in the June 2014 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections as necessary.

MS14-032 - Lync Server Content Sanitization Vulnerability

Severity: Important
Affected Software

SharePoint Server 2010
SharePoint Server 2013

CVE-2014-1823 – Microsoft Lync Server Could Allow Information Disclosure

Description: An information disclosure vulnerability exists when Lync Server fails to properly sanitize specially crafted content. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user's browser to obtain information from web sessions.

MS14-035 - Cumulative Security Update for Internet Explorer

Severity: Critical
Affected Software

Internet Explorer 6-11

CVE-2014-0282 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1762 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1766 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1769 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1772 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1785 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1789 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1791 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1795 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1797 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1800 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1804 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1805 – Internet Explorer Memory Corruption Vulnerability

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Zscaler named a Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge

Your world, secured

Zscaler: A Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge (SSE)

The Zscaler Difference

Zero Trust Fundamentals

Secure Your Users

Secure Your Workloads

Secure Your IoT and OT

Products

Solution Areas

Zero Trust Exchange Platform

Transform with Zero Trust Architecture

Secure Your Business Goals

Learn, Connect, and Get Support.

Resource Center

Events & Trainings

Security Research & Services

Tools

Community & Support

Industry & Market Solutions

About Zscaler

Partners

News & Announcements

Leadership Team

Partner Integrations

Investor Relations

Environmental, Social & Governance

Careers

Press Center

Compliance

Zenith Ventures

Security Advisory - June 10, 2014

Zscaler Protects against Lync Server Information Disclosure and Multiple Remote Code Execution Vulnerabilities in Internet Explorer