Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following 2 vulnerabilities included in the April 2013 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the March release and deploy additional protections as necessary.
MS13-029 – Vulnerability in Remote Desktop Client Could Allow Remote Code Execution
CVE-2013-1296 - RDP ActiveX Control Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Remote Desktop ActiveX control, mstscax.dll, attempts to access an object in memory that has been deleted. An attacker could exploit the vulnerability by convincing the user to visit a specially crafted webpage. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
MS13-035 – Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege
CVE-2013-1289 - HTML Sanitization Vulnerability
Description: An elevation of privilege vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks on affected systems and run script in the security context of the current user.