Security Advisory - January 14, 2014
Zscaler Protects against Vulnerability in Windows Kernel which allows Elevation of Privileges
Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 1 vulnerability included in the January 2014 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections as necessary.
MS14-002 – Vulnerability in Windows Kernel Could Allow Elevation of Privilege
- Windows XP (All Versions)
- Windows Server 2003
CVE-2013-5065 – Kernel NDProxy Vulnerability
Description: An elevation of privilege vulnerability exists in the NDProxy component of the Windows kernel due to improper validation of input passed from user mode to the kernel. The vulnerability could allow an attacker to run code in kernel mode. An attacker who successfully exploited this vulnerability could run a specially crafted application and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full administrator rights.