Zscaler to Expand Zero Trust Exchange Platform's AI Cloud with Data Fabric Purpose-built for Security

Zscaler Security Advisories

Security Advisory - April 14, 2015

Zscaler Protects against Internet Explorer Memory Corruption, Office Remote Code Execution, Windows Task Scheduler, and SharePoint XSS Vulnerabilities

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 18 vulnerabilities included in the April 2015 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections as necessary.

MS15-032 - Cumulative Security Update for Internet Explorer

Severity: Critical
Affected Software

  • Internet Explorer 6-11

CVE-2015-1652 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1657 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1660 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1661 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1662 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1665 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1666 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1667 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1668 - Internet Explorer Elevation of Privilege Vulnerability

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS15-033 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

Severity: Critical
Affected Software

  • Microsoft Office 2007 SP3
  • Microsoft Office 2010 SP2
  • Microsoft Office 2013 SP1
  • Microsoft Office 2013 RT
  • Windows Server 2008 R2
  • Microsoft Office for Mac
  • Microsoft Word Viewer

CVE-2015-1641 - Microsoft Office Memory Corruption Vulnerability
CVE-2015-1649 - Microsoft Office Component Use After Free Vulnerability
CVE-2015-1650 - Microsoft Office Component Use After Free Vulnerability
CVE-2015-1651 - Microsoft Office Component Use After Free Vulnerability

Description: A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle rich text format files in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then, for example, take actions on the behalf of the logged-on user with the same permissions as the current user.

MS15-036 - Microsoft SharePoint XSS Vulnerability

Severity: Important
Affected Software

  • Microsoft SharePoint Server 2013
  • Microsoft SharePoint Server 2010

CVE-2015-1640 - Microsoft SharePoint XSS Vulnerability
CVE-2015-1653 - Microsoft SharePoint XSS Vulnerability

Description: Elevation of privilege vulnerabilities exist when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server. An authenticated attacker could exploit these vulnerabilities by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited these vulnerabilities could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user.These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim.

MS15-037 - Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege

Severity: Important
Affected Software

  • Windows 7 SP1
  • Windows Server 2008

CVE-2015-0098 - Microsoft Windows Kernel Memory Disclosure Vulnerability

Description: An elevation of privilege vulnerability exists in Task Scheduler due to a known invalid task being present on certain systems. An attacker who successfully exploited the vulnerability could cause Task Scheduler to run a specially crafted application in the context of the System account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS15-038 - Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege

Severity: Important
Affected Software

CVE-2015-1643 - NtCreateTransactionManager Type Confusion Vulnerability
CVE-2015-1644 - Windows MS-DOS device name Vulnerability

Description: An elevation of privilege vulnerability exists in Microsoft Windows when it fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation-level security checks and gain elevated privileges on a targeted system.

  • Windows Server 2003
  • Windows Vista SP2
  • Windows Server 2008 R2
  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1