Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 3 vulnerabilities included in the January 2015 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections as necessary.
MS15-001 - Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege
CVE-2015-0002 - Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in how the Microsoft Windows Application Compatibility Infrastructure (AppCompat) improperly checks the authorization of the caller's impersonation token. An attacker could attempt to exploit this to run a privileged application. The update addresses the vulnerability by implementing proper authorization checking of impersonation token usage.
MS15-008 - Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege
CVE-2015-0011 - WebDav elevation of privilege vulnerability
Description: An elevation of privilege vulnerability exists in the WebDAV kernel-mode driver (mrxdav.sys) when it fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation-level security and gain elevated privileges on a targeted system, which could allow them to intercept WebDAV requests for files from any server (including corporate SharePoint sites) and redirect those file requests to return any, potentially malicious, files of the attacker's choosing.
MS15-004 - Vulnerability in Windows Components Could Allow Elevation of Privilege
CVE-2015-0016 - Directory Traversal Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the TS WebProxy Windows component. The vulnerability is caused when Windows fails to properly sanitize file paths. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The update addresses the vulnerability by correcting how Windows sanitizes file paths.