Zenith Live is coming to Europe in October. Join us! Learn More
Zenith Live is coming to Europe in October. Join us!
Learn More

Zero trust security

Make it possible

Your Mission

 

Security Advisory - February 11, 2014

Zscaler Protects against Vulnerability in Windows XML Core Services, Direct2D, and Internet Explorer Memory Corruption

 

 

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 26 vulnerabilities included in the February 2014 Microsoft security bulletins.  Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections as necessary.

MS14-005Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure
Severity: Important
Affected Software

  • Windows XP (All Versions)
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows 8
  • Windows Server 2012

CVE-2014-0266 – MSXML Information Disclosure Vulnerability

Description: An information disclosure vulnerability exists that could allow an attacker to read files on the local file system of a user, or read content of web domains where a user is currently authenticated. An attacker could exploit this vulnerability when a user views specially crafted web content that is designed to invoke MSXML through Internet Explorer.

MS14-006Vulnerability in IPv6 Could Allow Denial of Service
Severity: Important
Affected Software

  • Windows 8
  • Windows Server 2012

CVE-2014-0254 – TCP/IP Version 6 (IPv6) Denial of Service Vulnerability

Description: A denial of service vulnerability exists in Windows in the IPv6 implementation of TCP/IP. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding.

MS14-007Vulnerability in Direct2D Could Allow Remote Code Execution
Severity: Critical
Affected Software

  • Windows 7
  • Windows 8
  • Windows Server 2008
  • Windows Server 2012

CVE-2014-0263 – Microsoft Graphics Component Memory Corruption Vulnerability

Description: A remote code execution vulnerability exists in the way that affected Windows components handle specially crafted 2D geometric figures. The vulnerability could allow remote code execution if a user views files containing such specially crafted figures using Internet Explorer. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

MS14-009Vulnerability in Direct2D Could Allow Remote Code Execution
Severity: Important
Affected Software

  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2012

CVE-2014-0253 – POST Request DoS Vulnerability

Description: A denial of service vulnerability exists in Microsoft ASP.NET that could allow an attacker to cause an ASP.NET server to become unresponsive.

MS14-010Cumulative Security Update for Internet Explorer
Severity: Important
Affected Software

  • Internet Explorer 6-11

CVE-2014-0267 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0269 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0270 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0271 – VBScript Memory Corruption Vulnerability
CVE-2014-0272 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0273 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0274 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0275 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0276 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0277 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0278 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0279 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0281 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0283 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0284 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0285 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0286 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0287 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0288 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0289 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0290 – Internet Explorer Memory Corruption Vulnerability

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses an object in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.  There is also an information disclosure vulnerability that exists in the way that Internet Explorer handles specially crafted web content when generating print previews. An attacker who successfully exploited this vulnerability could gather information from any page that the victim is viewing.

APSB14-04Vulnerability in Windows Kernel Could Allow Elevation of Privilege
Severity: Critical
Affected Software

  • Adobe Flash Player 12.0.0.43 and earlier

CVE-2014-0497 – Integer underflow in AVM li32

Description: Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.