Global leaders are coming to Zenith Live. Are you? Learn More
Global leaders are coming to Zenith Live. Are you?
Learn More

 

Security Advisory - July 21, 2015

Zscaler Protects against Multiple Security Vulnerabilities in Internet Explorer, Windows Kernel Mode Driver, and Microsoft Office

 

 

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 36 vulnerabilities included in the July 2015 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections as necessary.

MS15-065 - Security Update for Internet Explorer

Severity: Critical
Affected Software

  • Internet Explorer 6-11

CVE-2015-1733 - Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-1738 - Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-1767 - Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2383 - Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2388 - Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2389 - Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2390 - Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2391 - Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2397 - Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2401 - Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2402 - Internet Explorer Information Disclosure Vulnerability
CVE-2015-2403 - Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2404 - Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2405 - Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-2406 - Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2408 - Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2411 - Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2412 - Internet Explorer Information Disclosure Vulnerability
CVE-2015-2413 - Internet Explorer Information Disclosure Vulnerability
CVE-2015-2419 - JScript9 Memory Corruption Vulnerability
CVE-2015-2421 - Internet Explorer ASLR Bypass
CVE-2015-2422 - Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2425 - Internet Explorer Memory Corruption Vulnerability

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS15-066 - Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution

Severity: Critical
Affected Software

  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008

CVE-2015-2372 - VBScript Memory Corruption Vulnerability

 

Description: This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

MS15-069 - Vulnerabilities in Windows Could Allow Remote Code Execution

Severity: Important
Affected Software

  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows 8.1
  • Windows Server 2012

CVE-2015-2369 - DLL Planting Remote Code Execution Vulnerability

Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow Remote Code Execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open an RTF file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file.

MS15-070Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

Severity: Important
Affected Software

  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft Office 2013
  • Microsoft Office 2013 RT
  • Microsoft Excel for Mac 2011
  • Excel Services on Microsoft SharePoint Server 2007
  • Excel Services on Microsoft SharePoint Server 2010
  • Excel Services on Microsoft SharePoint Server 2013

CVE-2015-2375 – Microsoft Excel ASLR Bypass Vulnerability
CVE-2015-2377 – Microsoft Office Memory Corruption Vulnerability
CVE-2015-2378 – Microsoft Excel DLL Remote Code Execution Vulnerability
CVE-2015-2379 – Microsoft Office Memory Corruption Vulnerability
CVE-2015-2380 – Microsoft Office Memory Corruption Vulnerability
CVE-2015-2415 – Microsoft Office Memory Corruption Vulnerability

Description: Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory. Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities.

MS15-073Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege

Severity: Important
Affected Software

  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2012
  • Windows Vista
  • Windows 7
  • Windows 8

CVE-2015-2366 – Win32k Elevation of Privilege Vulnerability

Description: An elevation of privilege vulnerability exists due to the way the Windows kernel-mode driver handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over an affected system.

MS15-075 – Vulnerabilities in OLE Could Allow Elevation of Privilege

Severity: Important
Affected Software

  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2012
  • Windows Vista
  • Windows 7
  • Windows 8

CVE-2015-2416 – OLE Elevation of Privilege Vulnerability

Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if used in conjunction with another vulnerability that allows arbitrary code to be run.

MS15-076Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege

Severity: Important
Affected Software

  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows Server 2012
  • Windows 7
  • Windows 8

CVE-2015-2370 – Windows RPC Elevation of Privilege Vulnerability

Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability, which exists in Windows Remote Procedure Call (RPC) authentication, could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

MS15-077Vulnerability in ATM Font Driver Could Allow Elevation of Privilege

Severity: Important
Affected Software

  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2012
  • Windows 7
  • Windows Vista
  • Windows 8

CVE-2015-2387 – ATMFD.DLL Memory Corruption Vulnerability

Description: An elevation of privilege vulnerability exists in Adobe Type Manager Font Driver (ATMFD) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS15-078Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution

Severity: Critical
Affected Software

  • Windows Vista
  • Windows Server 2008
  • Windows Server 2012
  • Windows 7
  • Windows 8

CVE-2015-2426 – OpenType Font Driver Vulnerability

Description: The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.