Security Advisory - June 10, 2014
Zscaler Protects against Lync Server Information Disclosure and Multiple Remote Code Execution Vulnerabilities in Internet Explorer
Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 14 vulnerabilities included in the June 2014 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections as necessary.
MS14-032 - Lync Server Content Sanitization Vulnerability
Severity: Important
Affected Software
- SharePoint Server 2010
- SharePoint Server 2013
CVE-2014-1823 – Microsoft Lync Server Could Allow Information Disclosure
Description: An information disclosure vulnerability exists when Lync Server fails to properly sanitize specially crafted content. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user's browser to obtain information from web sessions.
MS14-035 - Cumulative Security Update for Internet Explorer
Severity: Critical
Affected Software
- Internet Explorer 6-11
CVE-2014-0282 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1762 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1766 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1769 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1772 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1785 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1789 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1791 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1795 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1797 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1800 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1804 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-1805 – Internet Explorer Memory Corruption Vulnerability
Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.