Global leaders are coming to Zenith Live. Are you? Learn More
Global leaders are coming to Zenith Live. Are you?
Learn More

 

Security Advisory - December 09, 2014

Zscaler Protects against Microsoft Office Remote Code Execution, Exchange Server Privilege Elevation, Microsoft Graphics Component Information Disclosure, and Internet Explorer Memory Corruption Vulnerabilities

 

 

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 17 vulnerabilities included in the December 2014 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the December release and deploy additional protections as necessary.

MS14-075 - Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege

Severity: Important
Affected Software

  • Microsoft Exchange Server 2013 SP1

CVE-2014-6325 - OWA XSS Vulnerability

Description: Elevation of privilege vulnerabilities exist when Microsoft Exchange Server does not properly validate input. An attacker who successfully exploited these vulnerabilities could run script in the context of the current user. An attacker could, for example, read content that the attacker is not authorized to read, use the victim's identity to take actions on the Outlook Web Access site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim. Any system that is used to access an affected version of Outlook Web Access would potentially be at risk to attack. The update addresses the vulnerabilities by ensuring that URLs are properly sanitized.

MS14-080 - Cumulative Security Update for Internet Explorer

Severity: Important
Affected Software

  • Internet Explorer 6-11

CVE-2014-6328 - Internet Explorer XSS Filter Bypass Vulnerability
CVE-2014-6329 - Internet Explorer Memory Corruption Vulnerability
CVE-2014-6330 - Internet Explorer Memory Corruption Vulnerability
CVE-2014-6363 - VBScript Memory Corruption Vulnerability
CVE-2014-6365 - Internet Explorer XSS Filter Bypass Vulnerability
CVE-2014-6366 - Internet Explorer Memory Corruption Vulnerability
CVE-2014-6369 - Internet Explorer Memory Corruption Vulnerability
CVE-2014-6373 - Internet Explorer Memory Corruption Vulnerability
CVE-2014-6374 - Internet Explorer Memory Corruption Vulnerability
CVE-2014-6375 - Internet Explorer Memory Corruption Vulnerability
CVE-2014-6376 - Internet Explorer Memory Corruption Vulnerability
CVE-2014-8966 - Internet Explorer Memory Corruption Vulnerability

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory.

MS14-082 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

Severity: Important
Affected Software

  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft Office 2013

CVE-2014-6364 - Microsoft Office Component Use After Free Vulnerability

Description: A remote code execution vulnerability exists in the context of the current user that is caused when Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS14-083 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution

Severity: Important
Affected Software

  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft Office 2013

CVE-2014-6360 - Global Free Remote Code Execution in Excel Vulnerability
CVE-2014-6361 - Excel Invalid Pointer Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Excel does not properly handle objects in memory while parsing specially crafted Office files. System memory may be corrupted in such a way that an attacker could execute arbitrary code.

MS14-085 - Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure

Severity: Important
Affected Software

  • Windows Server 2003 SP2
  • Windows Vista SP2
  • Windows Server 2008 SP2
  • Windows 7 SP1
  • Windows 8
  • Windows 8.1
  • Windows Server 2012

CVE-2014-6355 - Information Disclosure Vulnerability

Description: An information disclosure vulnerability exists in the Microsoft Graphics Component that could allow an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The vulnerability is caused when the Microsoft Graphics Component improperly handles the decoding of JPEG images in memory. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system.