Security Advisory - August 13, 2013

Zscaler Protects Against Memory Corruption in Internet Explorer Memory Corruption, RPC Privilege Elevation and NAT Denial of Service Vulnerabilities

 

 

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following 10 vulnerabilities included in the August 2013 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections as necessary.

MS13-059Cumulative Security Update for Internet Explorer

Severity: Critical
Affected Software

  • Internet Explorer 6-10

CVE-2013-3184 – Internet Explorer Memory Corruption Vulnerability
CVE-2013-3187 – Internet Explorer Memory Corruption Vulnerability
CVE-2013-3188 – Internet Explorer Memory Corruption Vulnerability
CVE-2013-3189 – Internet Explorer Memory Corruption Vulnerability
CVE-2013-3191 – Internet Explorer Memory Corruption Vulnerability
CVE-2013-3193 – Internet Explorer Memory Corruption Vulnerability
CVE-2013-3194 – Internet Explorer Memory Corruption Vulnerability
CVE-2013-3199 – Internet Explorer Memory Corruption Vulnerability

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses an object in memory. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS13-062 – Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege

Severity: Important
Affected Software

  • Windows XP (All Versions)
  • Windows Vista (All Versions)
  • Windows 7 (All Versions)
  • Windows 8 (All Versions)
  • Windows RT (All Versions)
  • Windows Server 2003/2008/2012 (All Versions)

CVE-2013-3175 - Remote Procedure Call Vulnerability

Description: An elevation of privilege vulnerability exists in the way that Windows handles asynchronous RPC requests. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS13-064 – Vulnerability in Windows NAT Driver Could Allow Denial of Service

Severity: Important
Affected Software

  • Windows Server 2012 (All Versions)

CVE-2013-3182 - Windows NAT Denial of Service Vulnerability

Description: A denial of service vulnerability exists in the Windows NAT Driver that could cause the target system to stop responding until restarted.