Zenith Live is coming to Europe in October. Join us! Learn More
Zenith Live is coming to Europe in October. Join us!
Learn More

Zero trust security

Make it possible

Your Mission

 

Security Advisory - May 13, 2014

Zscaler Protects against SharePoint XSS and Internet Explorer Remote Code Execution Vulnerabilities

 

 

Zscaler, working with Microsoft through the MAPPs program, has proactively deployed protections for the following 3 vulnerabilities included in the May 2014 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections as necessary.

MS14-022 - SharePoint XSS Vulnerability

Severity: Critical
Affected Software

  • SharePoint Server 2007
  • SharePoint Server 2010
  • SharePoint Server 2013
  • Office Web Apps 2010
  • Office Web Apps 2013
  • SharePoint Designer 2007
  • SharePoint Designer 2010
  • SharePoint Designer 2013

CVE-2014-1754 – SharePoint XSS Vulnerability

Description: An elevation of privilege vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.

MS14-029 - Cumulative Security Update for Internet Explorer

Severity: Critical
Affected Software

  • Internet Explorer 6-11

CVE-2014-1815 – SharePoint XSS Vulnerability
CVE-2014-0310 – SharePoint XSS Vulnerability

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.