Security Advisory - July 14, 2015

Zscaler Protects against Multiple Security Vulnerabilities in Internet Explorer, Windows Kernel Mode Driver, and Microsoft Office

 

 

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 26 vulnerabilities included in the July 2015 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections as necessary.

MS15-070 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

Severity: Important
Affected Software

  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft Office 2013
  • Microsoft Office 2013 RT
  • Microsoft Excel for Mac 2011
  • Excel Services on Microsoft SharePoint Server 2007
  • Excel Services on Microsoft SharePoint Server 2010
  • Excel Services on Microsoft SharePoint Server 2013

CVE-2015-2375 - Microsoft Excel ASLR Bypass Vulnerability
CVE-2015-2377 - Microsoft Office Memory Corruption Vulnerability
CVE-2015-2379 - Microsoft Office Memory Corruption Vulnerability
CVE-2015-2415 - Microsoft Office Memory Corruption Vulnerability

Description: Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory. Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities.

MS15-065 - Security Update for Internet Explorer

Severity: Critical
Affected Software

  • Internet Explorer 6-11

CVE-2015-1733 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-1738 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-1767 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2383 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2388 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2389 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2390 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2391 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2397 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2401 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2402 – Internet Explorer Information Disclosure Vulnerability
CVE-2015-2403 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2404 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2406 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2408 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2411 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2405 – Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-2419 – JScript9 Memory Corruption Vulnerability
CVE-2015-2421 – Internet Explorer ASLR Bypass
CVE-2015-2422 – Multiple Memory Corruption Vulnerabilities in Internet Explorer

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS15-066 - Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution

Severity: Critical
Affected Software

  • Internet Explorer 6-11

CVE-2015-2372 - VBScript Memory Corruption Vulnerability

Description: Memory corruption vulnerability occurs when the contents of memory locations are modified due to programming errors, this lead to the application crash.

MS15-077 - Vulnerability in ATM Font Driver Could Allow Elevation of Privilege

Severity: Important
Affected Software

  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2012
  • Windows 7

CVE-2015-2387 - ATMFD.DLL Memory Corruption Vulnerability

Description: An elevation of privilege vulnerability exists in Adobe Type Manager Font Driver (ATMFD) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.