Zscaler Security Advisories

Security Advisory - January 14, 2014

Zscaler Protects against Vulnerability in Windows Kernel which allows Elevation of Privileges

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 1 vulnerability included in the January 2014 Microsoft security bulletins.  Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections as necessary.

MS14-002Vulnerability in Windows Kernel Could Allow Elevation of Privilege
Severity: Important
Affected Software

  • Windows XP (All Versions)
  • Windows Server 2003

CVE-2013-5065 – Kernel NDProxy Vulnerability

Description: An elevation of privilege vulnerability exists in the NDProxy component of the Windows kernel due to improper validation of input passed from user mode to the kernel. The vulnerability could allow an attacker to run code in kernel mode. An attacker who successfully exploited this vulnerability could run a specially crafted application and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full administrator rights.