onsdag 13 april 2016

Zscaler ger proaktivt skydd mot nya säkerhetshål

Zscaler har proaktivt utvecklat skydd för attacker mot de 3 sårbarheter som presenterades i Adobe's security bulletins samt 13 sårbarheter som presenterades i Microsoft Microsoft security bulletins i april. Det avancerade skyddslagret används för att blockera zero-day-hot som utnyttjar nyupptäckta sårbarheter och inkluderas i Zscaler Advanced Behavioral Analysis.





WeClouds webbsäkerhetslösning från Zscaler analyserar allt innehåll i den data som hämtas från webben och bedömer det genom flera olika analyser, jämförelser och beteendeanalyser. Skanningen av http/https sker i realtid och skyddar användare och system oavsett var de kopplat upp sig genom att styra trafiken via någon av skannings-noderna i det globala säkerhetsnätverket.


Severity: Critical
Affected Software

  • Adobe Flash Player Desktop Runtime 21.0.0.197 and earlier
  • Adobe Flash Player Extended Support Release 18.0.0.333 and earlier
  • Adobe Flash Player for Google Chrome 21.0.0.197 and earlier
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 21.0.0.197 and earlier
  • Adobe Flash Player for Internet Explorer 11 21.0.0.197 and earlier
  • Adobe Flash Player for Linux 11.2.202.577 and earlier
  • AIR Desktop Runtime 21.0.0.176 and earlier
  • AIR SDK 21.0.0.176 and earlier
  • AIR SDK & Compiler 21.0.0.176 and earlier
Security Subscription Required: Advanced Behavioral Analysis
CVE-2016-1018 – Flash Player Buffer Overflow / Underflow Vulnerability
Security Subscription Required: Advanced Behavioral Analysis
CVE-2016-1019 – Flash Player Type Confusion Vulnerability
Security Subscription Required: Advanced Behavioral Analysis
Description: Adobe has released security updates for Adobe Flash Player.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
MS16-037 –  Cumulative Security Update for Internet Explorer


Severity: Critical
Affected Software

  • Internet Explorer 9-11
            Security Subscription Required: Advanced Internet Security
            CVE-2016-0159 – Internet Explorer Memory Corruption Vulnerability
            Security Subscription Required: Advanced Internet Security
            CVE-2016-0164 – Internet Explorer Memory Corruption Vulnerability
            Security Subscription Required: Advanced Internet Security
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS16-038 – Cumulative Security Update for Microsoft Edge


Severity: Critical
Affected Software

  • Microsoft Edge
Security Subscription Required: Advanced Internet Security
CVE-2016-0156 – Microsoft Edge Memory Corruption Vulnerability
Security Subscription Required: Advanced Internet Security
CVE-2016-0157 – Microsoft Edge Memory Corruption Vulnerability
Security Subscription Required: Advanced Internet Security
CVE-2016-0158 – Microsoft Edge Elevation of Privilege Vulnerability
Security Subscription Required: Advanced Internet Security
CVE-2016-0161 – Microsoft Edge Elevation of Privilege Vulnerability
Security Subscription Required: Advanced Internet Security
Description: This security update resolves vulnerabilities in Microsoft Edge. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS16-039 – Security Update for Microsoft Graphics Component


Severity: Critical
Affected Software

  • Windows Vista SP2
  • Windows Server 2008 SP2
  • Windows 7 SP1
  • Windows Server 2008 R2 SP1
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT 8.1
Security Subscription Required: Advanced Behavioral Analysis
CVE-2016-0165 – Win32k Elevation of Privilege Vulnerability
Security Subscription Required: Advanced Behavioral Analysis
CVE-2016-0167 – Win32k Elevation of Privilege Vulnerability
Security Subscription Required: Advanced Behavioral Analysis
Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.
MS16-040 – Security Update for Microsoft XML Core Service


Severity: Critical
Affected Software    

  • Windows Vista SP2
  • Windows Server 2008 SP2
  • Windows 7 SP1
  • Windows Server 2008 R2 SP1
  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT 8.1
  • Windows 10
Security Subscription Required: Advanced Internet Security
         
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.
MS16-048 – Security Update for CSRSS


Severity: Important
Affected Software

  • Windows 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows 10
Security Subscription Required: Advanced Behavioral Analysis
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application.
www.wecloud.se




APSB16-10Security updates available for Flash Player
CVE-2016-1017 – Flash Player Use-After-Free Vulnerability
            CVE-2016-0154 – Microsoft Browser Memory Corruption Vulnerability
CVE-2016-0155 – Microsoft Edge Memory Corruption Vulnerability
CVE-2016-0143 – Win32k Elevation of Privilege Vulnerability
CVE-2016-0147 – MSXML Remote Code Execution Vulnerability
CVE-2016-0151 – Windows CSRSS Security Feature Bypass Vulnerability

info@wecloud.se

www.wecloud.se