torsdag 23 juli 2015

Proaktivt skydd mot sårbarheter som panik-patchades av Microsoft

Zscaler har proaktivt utvecklat skydd för attacker mot de nya sårbarheter som panik-patchades av Microsoft igår.  Sårbarheterba rörde Adobe Flash, Internet Explorer, Windows Kernel Mode Driver, Internet Explorer och Microsoft Office. Det avancerade skyddslagret används för att blockera zero-day-hot som utnyttjar nyupptäckta sårbarheter och inkluderas i Zscaler Business Suitoch Zscaler Enterprise Suit.

WeClouds webbsäkerhetslösning från Zscaler analyserar allt innehåll i den data som hämtas från webben och bedömer det genom flera olika analyser, jämförelser och beteendeanalyser. Skanningen av http/https sker i realtid och skyddar användare och system oavsett var de kopplat upp sig genom att styra trafiken via någon av skannings-noderna i det globala säkerhetsnätverket.



APSA15-04Security updates available for Adobe Flash Player
Severity: Critical

Affected Software
  • Adobe Flash Player 18.0.0.203 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 18.0.0.204 and earlier versions for Linux installed with Google Chrome
  • Adobe Flash Player Extended Support Release version 13.0.0.302 and earlier 13.x versions for Windows and Macintosh
  • Adobe Flash Player Extended Support Release version 11.2.202.481 and earlier 11.x versions for Linux
CVE-2015-5122 - ActionScript 3 opaqueBackground property vulnerability
CVE-2015-5123 - ActionScript 3 BitmapData object vulnerability

Description: Critical vulnerabilities have been identified in Adobe Flash Player. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

APSB15-15Security updates available for Adobe Reader and Acrobat
Severity: Important

Affected Software
  • Acrobat XI 11.0.11 and earlier versions
  • Acrobat X 10.1.14 and earlier versions
  • Reader XI 11.0.11 and earlier versions
  • Reader X 10.1.14 and earlier versions
CVE-2014-8450 - Security Bypass vulnerabilities that could lead to information disclosure
CVE-2015-4447 - Security Bypass restrictions on JavaScript API execution
CVE-2015-5086 - Security Bypass restrictions on JavaScript API execution
CVE-2015-5087 - Security Bypass vulnerabilities that could lead to code execution
CVE-2015-5093 - Buffer Overflow / Underflow vulnerability that could lead to code execution
CVE-2015-5094 - Memory Corruption vulnerabilities that could lead to code execution
CVE-2015-5095 - Use After Free vulnerabilities that could lead to code execution
CVE-2015-5097 - Integer Overflow vulnerabilities that could lead to code execution
CVE-2015-5098 - Memory Corruption vulnerabilities that could lead to code execution
CVE-2015-5099 - Use After Free vulnerabilities that could lead to code execution
CVE-2015-5100 - Memory Corruption vulnerabilities that could lead to code execution
CVE-2015-5101 - Memory Corruption vulnerabilities that could lead to code execution
CVE-2015-5102 - Memory Corruption vulnerabilities that could lead to code execution
CVE-2015-5103 - Memory Corruption vulnerabilities that could lead to code execution
CVE-2015-5104 - Memory Corruption vulnerabilities that could lead to code execution
CVE-2015-5111 - Use After Free vulnerabilities that could lead to code execution
CVE-2015-5113 - Use After Free vulnerabilities that could lead to code execution

Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

APSB 15-16Security updates available for Adobe Flash Player
Severity: Critical

Affected Software
  • Adobe Flash Player Desktop Runtime 18.0.0.194 and earlier versions for Windows and Macintosh
  • Adobe Flash Player Extended Support Release 13.0.0.296 and earlier  versions for Windows and Macintosh
  • Adobe Flash Player for Google Chrome 18.0.0.194 and earlier versions for Windows, Macintosh and Linux
  • Adobe Flash Player 11.2.202.468 and earlier versions for Linux
  • AIR Desktop Runtime 18.0.0.144 and earlier versions for Windows and Macintosh
  • AIR SDK 18.0.0.144 and earlier versions for Windows, Macintosh, Android and iOS
CVE-2014-0578 - Same origin policy bypass that can lead to cross-site information disclosures
CVE-2015-3118 - Use after free vulnerability when setting TextField.filters
CVE-2015-3119 - Type Confusion vulnerability in NetConnection with __proto__
CVE-2015-3121 - The data member of the SharedObject has Type Confusion vulnerability
CVE-2015-3127 - Use after free vulnerability in Flash when a SharedObject is used as part of the Array
CVE-2015-3128 - Use after free vulnerability in Flash when a text field that was added to a movie clip is deleted by an implementation of valueOf() or toString() in a custom object.
CVE-2015-5119 - Use-after-free in the ByteArray assignation operator

Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.

MS15-065Security Update for Internet Explorer
Severity: Critical

Affected Software
  • Internet Explorer 6-11
CVE-2015-1733 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-1738 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-1767 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2383 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2388 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2389 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2390 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2391 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2397 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2401 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2402 – Internet Explorer Information Disclosure Vulnerability
CVE-2015-2403 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2404 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2405 – Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-2406 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2408 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2411 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2412 – Internet Explorer Information Disclosure Vulnerability
CVE-2015-2413 – Internet Explorer Information Disclosure Vulnerability
CVE-2015-2419 – JScript9 Memory Corruption Vulnerability
CVE-2015-2421 – Internet Explorer ASLR Bypass
CVE-2015-2422 – Multiple Memory Corruption Vulnerabilities in Internet Explorer
CVE-2015-2425 – Internet Explorer Memory Corruption Vulnerability

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS15-066Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution
Severity: Critical

Affected Software
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
 CVE-2015-2372 – VBScript Memory Corruption Vulnerability

Description: This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

MS15-069Vulnerabilities in Windows Could Allow Remote Code Execution
Severity: Important

Affected Software
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows 8.1
  • Windows Server 2012
CVE-2015-2369 – DLL Planting Remote Code Execution Vulnerability

Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow Remote Code Execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open an RTF file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file.

MS15-070Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
Severity: Important

Affected Software
  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft Office 2013
  • Microsoft Office 2013 RT
  • Microsoft Excel for Mac 2011
  • Excel Services on Microsoft SharePoint Server 2007
  • Excel Services on Microsoft SharePoint Server 2010
  • Excel Services on Microsoft SharePoint Server 2013
CVE-2015-2375 – Microsoft Excel ASLR Bypass Vulnerability
CVE-2015-2377 – Microsoft Office Memory Corruption Vulnerability
CVE-2015-2378 – Microsoft Excel DLL Remote Code Execution Vulnerability
CVE-2015-2379 – Microsoft Office Memory Corruption Vulnerability
CVE-2015-2380 – Microsoft Office Memory Corruption Vulnerability
CVE-2015-2415 – Microsoft Office Memory Corruption Vulnerability

Description: Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory. Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities.

MS15-073Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege
Severity: Important

Affected Software
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2012
  • Windows Vista
  • Windows 7
  • Windows 8
CVE-2015-2366 – Win32k Elevation of Privilege Vulnerability

Description: An elevation of privilege vulnerability exists due to the way the Windows kernel-mode driver handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over an affected system.

MS15-075Vulnerabilities in OLE Could Allow Elevation of Privilege
Severity: Important

Affected Software
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2012
  • Windows Vista
  • Windows 7
  • Windows 8
 CVE-2015-2416 – OLE Elevation of Privilege Vulnerability

Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if used in conjunction with another vulnerability that allows arbitrary code to be run.

MS15-076Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege
Severity: Important

Affected Software
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows Server 2012
  • Windows 7
  • Windows 8
CVE-2015-2370 – Windows RPC Elevation of Privilege Vulnerability

Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability, which exists in Windows Remote Procedure Call (RPC) authentication, could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

MS15-077Vulnerability in ATM Font Driver Could Allow Elevation of Privilege
Severity: Important

Affected Software
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2012
  • Windows 7
  • Windows Vista
  • Windows 8
CVE-2015-2387 – ATMFD.DLL Memory Corruption Vulnerability

Description: An elevation of privilege vulnerability exists in Adobe Type Manager Font Driver (ATMFD) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS15-078Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution
Severity: Critical

Affected Software
  • Windows Vista
  • Windows Server 2008
  • Windows Server 2012
  • Windows 7
  • Windows 8
CVE-2015-2426 – OpenType Font Driver Vulnerability

Description: The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.


www.wecloud.com

info@wecloud.com