onsdag 10 juni 2015

Zscaler skyddar mot nya sårbarheter i Adobe Flash, Internet Exploreroch Office

Zscaler har proaktivt utvecklat skydd för nya sårbarheter i Adobe Flash, Adobe AIR, Internet Explorer och Microsoft Office. Det avancerade skyddslagret används för att blockera zero-day-hot som utnyttjar nyupptäckta sårbarheter och inkluderas i Zscaler Business Suit och Zscaler Enterprise Suit.

WeClouds webbsäkerhetslösning från Zscaler analyserar allt innehåll i den data som hämtas från webben och bedömer det genom flera olika analyser, jämförelser och beteendeanalyser. Skanningen av http/https sker i realtid och skyddar användare och system oavsett var de kopplat upp sig genom att styra trafiken via någon av skannings-noderna i det globala säkerhetsnätverket.



APSB15-11Security updates available for Adobe Reader and Acrobat
Severity: Critical

Affected Software
  • Adobe Flash Player 17.0.0.188 and earlier versions for Windows and Macintosh
  • Adobe Flash Player Extended Support Release 13.0.0.289 and earlier 13.x versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.460 and earlier 11.x versions for Linux
  • Adobe AIR Desktop Runtime 17.0.0.172 and earlier versions for Windows and Macintosh
  • Adobe AIR SDK and SDK & Compiler 17.0.0.172 and earlier versions for Windows and Macintosh
  • Adobe AIR for Android 17.0.0.144 and earlier versions

CVE-2015-3096 – Variant of CVE-2014-5333 (Rosetta Flash) using 2-bytes UTF-8 sequence
CVE-2015-3098 – Same-origin-policy/SecurityDomain/AllowScriptAccess violation via loaded flash files
CVE-2015-3100 – Misusing of FPU Instruction Could Cause Security Vulnerabilities
CVE-2015-3102 – Adobe Flash custom pageDomain vulnerability
CVE-2015-3103 – Flash Player Race Condition Vulnerability
CVE-2015-3104 – Integer overflow / memory corruption with excessive number of shader input channels
CVE-2015-3105 – Out-of-bounds write in ShaderParameter resolution
CVE-2015-3106 – AS2 Use After Free in TextField.filters
CVE-2015-3108 – Uninitialized memory information leak when shading into a ByteArray

Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.


MS15-056Cumulative Security Update for Internet Explorer
Severity: Critical

Affected Software
  • Internet Explorer 6-11
CVE-2015-1687 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1730 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1731 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1732 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1735 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1736 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1737 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1740 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1741 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1742 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1743 – Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-1744 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1745 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1747 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1748 – Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-1750 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1752 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1753 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1755 – Internet Explorer Memory Corruption Vulnerability
CVE-2015-1766 – Internet Explorer Memory Corruption Vulnerability

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS15-059Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
Severity: Important

Affected Software
  • Office 2007 SP3
  • Office 2010 SP2
  • Office 2013
CVE-2015-1770 – Microsoft Office Uninitialized Memory Use Vulnerability
CVE-2015-1760 – Microsoft Office Use After Free Vulnerability
CVE-2015-1759 – Microsoft Office Use After Free Vulnerability

Description: Remote code execution vulnerabilities exist in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.

MS15-061Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
Severity: Important
Affected Software
  • Windows Server 2003 SP2
  • Windows Vista SP2
  • Windows Server 2008 SP2
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8
  • Windows 8.1
  • Windows Server 2012

CVE-2015-1721 – Win32k Null Pointer Dereference Vulnerability
CVE-2015-1722 – Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability
CVE-2015-1768 – Win32k Memory Corruption Elevation of Privilege Vulnerability


Description: Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver when it accesses an object in memory that has either not been correctly initialized or deleted. The vulnerabilities may corrupt memory in such a way that an attacker could gain elevated privileges on a targeted system.


www.wecloud.se

info@wecloud.com