Global leaders are coming to Zenith Live. Are you? Learn More
Global leaders are coming to Zenith Live. Are you?
Learn More

 

Security Advisory - January 13, 2015

Zscaler Protects against Microsoft Application Compatibility Infrastructure, WebDav, and Directory Traversal Elevation of Privilege Vulnerabilities

 

 

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 3 vulnerabilities included in the January 2015 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections as necessary.

MS15-001 - Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege

Severity: Important
Affected Software

  • Windows 7
  • Windows Server 2008 R2
  • Windows 8
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1

CVE-2015-0002 - Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability

Description: An elevation of privilege vulnerability exists in how the Microsoft Windows Application Compatibility Infrastructure (AppCompat) improperly checks the authorization of the caller's impersonation token. An attacker could attempt to exploit this to run a privileged application. The update addresses the vulnerability by implementing proper authorization checking of impersonation token usage.

MS15-008 - Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege

Severity: Important
Affected Software

  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1

CVE-2015-0011 - WebDav elevation of privilege vulnerability

Description: An elevation of privilege vulnerability exists in the WebDAV kernel-mode driver (mrxdav.sys) when it fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation-level security and gain elevated privileges on a targeted system, which could allow them to intercept WebDAV requests for files from any server (including corporate SharePoint sites) and redirect those file requests to return any, potentially malicious, files of the attacker's choosing.

MS15-004 - Vulnerability in Windows Components Could Allow Elevation of Privilege

Severity: Important
Affected Software

  • Windows Vista
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1

CVE-2015-0016 - Directory Traversal Elevation of Privilege Vulnerability

Description: An elevation of privilege vulnerability exists in the TS WebProxy Windows component. The vulnerability is caused when Windows fails to properly sanitize file paths. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The update addresses the vulnerability by correcting how Windows sanitizes file paths.