Security Advisory - November 11, 2014
Zscaler Protects against Multiple Memory Corruption in Internet Explorer, Microsoft Office Remote Code Execution, and Windows Audio and SharePoint Privilege Escalation Vulnerabilities
Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 17 vulnerabilities included in the November 2014 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections as necessary.
MS14-065 – Cumulative Security Update for Internet Explorer
- Internet Explorer 6-11
CVE-2014-4143 - Internet Explorer Memory Corruption Vulnerability
CVE-2014-6323 - Internet Explorer Clipboard Information Disclosure Vulnerability
CVE-2014-6337 - Internet Explorer Memory Corruption Vulnerability
CVE-2014-6339 - Internet Explorer ASLR Bypass Vulnerability
CVE-2014-6340 - Internet Explorer Cross-domain Information Disclosure Vulnerability
CVE-2014-6341 - Internet Explorer Memory Corruption Vulnerability
CVE-2014-6342 - Internet Explorer Memory Corruption Vulnerability
CVE-2014-6347 - Internet Explorer Memory Corruption Vulnerability
CVE-2014-6348 - Internet Explorer Memory Corruption Vulnerability
CVE-2014-6350 - Internet Explorer Elevation of Privilege Vulnerability
CVE-2014-6351 - Internet Explorer Memory Corruption Vulnerability
CVE-2014-6353 - Internet Explorer Memory Corruption Vulnerability
Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory.
MS14-069 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
- Office 2007
- Word Viewer
- Microsoft Office Compatibility Pack SP 3
CVE-2014-6333 - Microsoft Office Double Delete Remote Code Execution Vulnerability
CVE-2014-6334 - Microsoft Office Bad Index Remote Code Execution Vulnerability
CVE-2014-6335 - Microsoft Office Invalid Pointer Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the context of the current user that is caused when Microsoft Word improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.
MS14-071 – Vulnerability in Windows Audio Service Could Allow Elevation of Privilege
- Windows Vista SP2
- Windows Server 2008 SP2
- Windows 7 SP1
- Windows 8
- Windows 8.1
- Windows Server 2012
CVE-2014-4126 - Windows Audio Service Vulnerability
Description: An elevation of privilege vulnerability exists in the Windows audio service component that could be exploited through Internet Explorer. The vulnerability is caused when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.
MS14-073 – Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege
- SharePoint Server 2010 SP2
CVE-2014-4116 - Windows Audio Service SharePoint Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize page content in SharePoint lists. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user. The security update addresses the vulnerability by correcting how SharePoint Server sanitizes modified lists within SharePoint mobile browser view.