Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following four vulnerabilities included in the January 2013 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections as necessary.

MS13-003 – Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)

Severity: Important

Affected Software

• Microsoft System Center Operations Manager 2007

CVE-2013-0009 - System Center Operations Manager Web Console XSS Vulnerability

CVE-2013-0010 - System Center Operations Manager Web Console XSS Vulnerability

Description: A cross-site scripting (XSS) vulnerability exists in System Center Operations Manager that could allow specially crafted script code to run under the guise of the server.  

MS13-007 – Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)

Severity: Important
Affected Software

• Windows XP
• Windows Server 2003
• Windows Vista
• Windows Server 2008
• Windows 7
• Windows 8
• Windows Server 2012

CVE-2013-0005 - Replace Denial of Service Vulnerability

Description: A denial of service vulnerability exists in the OData specification that could allow denial of service.

MS13-006 – Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220)

Severity: Important
Affected Software

• Windows Vista
• Windows Server 2008
• Windows 7
• Windows 8
• Windows Server 2012
• Windows RT

CVE-2013-0013 Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability

Description: A security feature bypass vulnerability exists in the way that the Microsoft Windows SSL/TLS (Secure Socket Layer and Transport Layer Security) handle the SSL version 3 (SSLv3) and TLS protocols.