Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following four vulnerabilities included in the January 2013 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections as necessary.
MS13-003 – Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)
CVE-2013-0009 - System Center Operations Manager Web Console XSS Vulnerability
CVE-2013-0010 - System Center Operations Manager Web Console XSS Vulnerability
Description: A cross-site scripting (XSS) vulnerability exists in System Center Operations Manager that could allow specially crafted script code to run under the guise of the server.
MS13-007 – Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)
CVE-2013-0005 - Replace Denial of Service Vulnerability
Description: A denial of service vulnerability exists in the OData specification that could allow denial of service.
MS13-006 – Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220)
CVE-2013-0013 Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists in the way that the Microsoft Windows SSL/TLS (Secure Socket Layer and Transport Layer Security) handle the SSL version 3 (SSLv3) and TLS protocols.