Zscaler Security Advisories
Zscaler Protects against Vulnerability in Windows XML Core Services, Direct2D, and Internet Explorer Memory Corruption
Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 26 vulnerabilities included in the February 2014 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections as necessary.
MS14-005 – Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure
Severity: Important
Affected Software
- Windows XP (All Versions)
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows 8
- Windows Server 2012
CVE-2014-0266 – MSXML Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists that could allow an attacker to read files on the local file system of a user, or read content of web domains where a user is currently authenticated. An attacker could exploit this vulnerability when a user views specially crafted web content that is designed to invoke MSXML through Internet Explorer.
MS14-006 – Vulnerability in IPv6 Could Allow Denial of Service
Severity: Important
Affected Software - Windows 8
- Windows Server 2012
CVE-2014-0254 – TCP/IP Version 6 (IPv6) Denial of Service Vulnerability
Description: A denial of service vulnerability exists in Windows in the IPv6 implementation of TCP/IP. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding.
MS14-007 – Vulnerability in Direct2D Could Allow Remote Code Execution
Severity: Critical
Affected Software - Windows 7
- Windows 8
- Windows Server 2008
- Windows Server 2012
CVE-2014-0263 – Microsoft Graphics Component Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that affected Windows components handle specially crafted 2D geometric figures. The vulnerability could allow remote code execution if a user views files containing such specially crafted figures using Internet Explorer. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
MS14-009 – Vulnerability in Direct2D Could Allow Remote Code Execution
Severity: Important
Affected Software - Windows XP
- Windows Vista
- Windows 7
- Windows 8
- Windows Server 2003
- Windows Server 2008
- Windows Server 2012
CVE-2014-0253 – POST Request DoS Vulnerability
Description: A denial of service vulnerability exists in Microsoft ASP.NET that could allow an attacker to cause an ASP.NET server to become unresponsive.
MS14-010 – Cumulative Security Update for Internet Explorer
Severity: Important
Affected Software - Internet Explorer 6-11
-
CVE-2014-0267 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0269 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0270 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0271 – VBScript Memory Corruption Vulnerability
CVE-2014-0272 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0273 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0274 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0275 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0276 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0277 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0278 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0279 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0281 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0283 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0284 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0285 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0286 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0287 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0288 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0289 – Internet Explorer Memory Corruption Vulnerability
CVE-2014-0290 – Internet Explorer Memory Corruption VulnerabilityDescription: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses an object in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. There is also an information disclosure vulnerability that exists in the way that Internet Explorer handles specially crafted web content when generating print previews. An attacker who successfully exploited this vulnerability could gather information from any page that the victim is viewing.
APSB14-04 – Vulnerability in Windows Kernel Could Allow Elevation of Privilege
Severity: Critical
Affected Software - Adobe Flash Player 12.0.0.43 and earlier
-
CVE-2014-0497 – Integer underflow in AVM li32
Description: Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.