onsdag 12 april 2017

Zscaler skyddar 16 säkerhetshål i Microsofts mjukvaror

Zscaler skyddar 16 nya sårbarheter i Microsoft Outlook, Windows Graphics och Graphics Component, .NET Framework , Windows, Windows Kernel, Microsoft Office, Microsoft Office Services och Web Apps, Microsoft Edge och Internet Explorer.

Som medlem i Microsoft MAPP får Zscaler information om säkerhetsproblem från Microsoft innan de offentliggörs via de månatliga säkerhetsuppdateringarna. Det avancerade skyddslagret i Zscaler används för att blockera zero-day-hot som utnyttjar nyupptäckta sårbarheter.

Zscaler samarbetar med Microsoft via MAPP-programmet och har proaktivt implementerat skydd mot en nyupptäckt sårbarhet som inkluderas i Microsoft security bulletins april 2017. 

CVE-2017-0106 – Microsoft Outlook Remote Code Execution Vulnerability
Severity: Important
Subscriptions Required
  • Advanced Internet Security
Affected Software
  • Windows 10
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows 8.1
  • Windows RT 8.1
  • Windows Server 2016
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Exploitation of this vulnerability requires that a user open or preview a specially crafted email message with an affected version of Microsoft Outlook. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted email message to the user and then convincing the user to preview or open the email. The update addresses the vulnerability by correcting the way that Microsoft Outlook parses specially crafted email messages.

CVE-2017-0155 – Windows Graphics Elevation of Privilege Vulnerability
Severity: Important
Subscriptions Required
  • Advanced Internet Security
Affected Software
  • Windows 7
  • Windows Server 2008 R2 Service Pack 1
  • Windows Server 2008 Service Pack 2
  • Windows Vista Service Pack 2
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Microsoft Graphics Component handles objects in memory.

CVE-2017-0156 – Windows Graphics Component Elevation of Privilege Vulnerability
Severity: Critical
Subscriptions Required
  • Advanced Internet Security
Affected Software
  • Windows 7
  • Windows Server 2008 R2 Systems Service Pack 1
  • Windows Server 2012
  • Windows 8.1
  • Windows Server 2012 R2
  • Windows RT 8.1
  • Windows 10
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Microsoft Graphics Component handles objects in memory.

CVE-2017-0160 – .NET Remote Code Execution Vulnerability
Severity: Critical
Subscriptions Required
  • Advanced Internet Security
Affected Software
  • Microsoft .NET Framework 4.5.2
  • Microsoft .NET Framework 4.6
  • Microsoft .NET Framework 4.6.1
  • Microsoft .NET Framework 4.6.2
  • Microsoft .NET Framework 4.7
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 2.0 Service Pack 2
  • Microsoft .NET Framework 3.5.1
A remote code execution vulnerability exists when Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would first need to access the local system with the ability to execute a malicious application. The security update addresses the vulnerability by correcting how .NET validates input on library load.

CVE-2017-0165 – Windows Elevation of Privilege Vulnerability
Severity: Important
Subscriptions Required
  • Advanced Internet Security
Affected Software
  • Windows 8.1
  • Windows Server 2012 R2
  • Windows RT 8.1
  • Windows 10
An elevation of privilege vulnerability exists when Microsoft Windows fails to properly sanitize handles in memory. An attacker who successfully exploited the vulnerability could run arbitrary code as System. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to elevate privileges. The update addresses the vulnerability by correcting how Windows sanitizes handles in memory.

CVE-2017-0167 – Windows Kernel Information Disclosure Vulnerability
Severity: Important
Subscriptions Required
  • Advanced Internet Security
Affected Software
  • Windows 8.1
  • Windows Server 2012 R2
  • Windows RT 8.1
  • Windows 10
  • Windows Server 2016
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.

CVE-2017-0188 – Win32k Information Disclosure Vulnerability
Severity: Critical
Subscriptions Required
  • Advanced Internet Security
Affected Software
  • Windows Server 2012
  • Windows 8.1
  • Windows Server 2012 R2
  • Windows RT 8.1
  • Windows 10
  • Windows Server 2016
A Win32k information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory.

CVE-2017-0189 – Win32k Elevation of Privilege Vulnerability
Severity: Important
Subscriptions Required
  • Advanced Internet Security
Affected Software
  • Windows 10
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.

CVE-2017-0192 – ATMFD.dll Information Disclosure Vulnerability
Severity: Important
Subscriptions Required
  • Advanced Internet Security
Affected Software
  • Windows 7 Service Pack 1
  • Windows Server 2008 R2 Service Pack 1
  • Windows Server 2008 Service Pack 2 (Server Core installation)
  • Windows Server 2012
  • Windows 2012 R2
  • Windows 8.1
  • Windows RT 8.1
  • Windows 10
  • Windows Server 2016
  • Windows Vista Service Pack 2
  • Windows Server 2008
An information disclosure vulnerability exists in Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how ATMFD.dll handles objects in memory.

CVE-2017-0194 – Microsoft Office Memory Corruption Vulnerability
Severity: Important
Subscriptions Required
  • Advanced Internet Security
Affected Software
  • Microsoft Outlook 2007 Service Pack 3
  • Microsoft Excel 2010 Service Pack 2
  • Microsoft Office Compatibility Pack Service Pack 2
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain functions handle objects in memory.

CVE-2017-0199 – Microsoft Outlook Remote Code Execution Vulnerability
Severity: Critical
Subscriptions Required
  • Advanced Internet Security
Affected Software
  • Windows 7 Service Pack 1
  • Windows Server 2008 R2 Service Pack 1 (Server Core Installation)
  • Windows Server 2008 Service Pack 2 (Server Core installation)
  • Microsoft Office 2007 Service Pack 3
  • Windows Server 2012
  • Microsoft Office 2010 Service Pack 2
  • Microsoft Office 2013 Service Pack 1
  • Microsoft Office 2016
  • Windows Vista Service Pack 2
A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Exploitation of this vulnerability requires that a user open or preview a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user and then convincing the user to open the file. The update addresses the vulnerability by correcting the way that Microsoft Office parses specially crafted files, and by enabling API functionality in Windows that Microsoft Office and WordPad will leverage to resolve the identified issue.

CVE-2017-0200 – Microsoft Edge Memory Corruption Vulnerability
Severity: Critical
Subscriptions Required
  • Advanced Internet Security
Affected Software
  • Microsoft Edge on Windows 10 Version 1607
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.

CVE-2017-0201 – Scripting Engine Memory Corruption Vulnerability
Severity: Critical
Subscriptions Required
  • Advanced Internet Security
Affected Software
  • Internet Explorer 9 on Windows Vista Service Pack 2
  • Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2
  • Internet Explorer 9 on Windows Vista x64 Edition Service Pack 2
  • Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2
  • Internet Explorer 10 on Windows Server 2012
A remote code execution vulnerability exists in the way that the JScript and VBScript engines render when handling objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The update addresses the vulnerability by modifying how the JScript and VBScript scripting engines handle objects in memory.

CVE-2017-0202 – Internet Explorer Memory Corruption Vulnerability
Severity: Critical
Subscriptions Required
  • Advanced Internet Security
Affected Software
  • Internet Explorer 11
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by an enticement in an email or instant message, or by getting them to open an attachment sent through email. The update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.

CVE-2017-0205 – Microsoft Edge Memory Corruption Vulnerability
Severity: Critical
Subscriptions Required
  • Advanced Internet Security
Affected Software
  • Microsoft Edge on Windows 10
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.

CVE-2017-0210 – Internet Explorer Elevation of Privilege Vulnerability
Severity: Important
Subscriptions Required
  • Advanced Internet Security
Affected Software
  • Internet Explorer 11
  • Internet Explorer 10 on Windows Server 2012
An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. The update addresses the vulnerability by helping to ensure that cross-domain policies are properly enforced in Internet Explorer. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Internet Explorer. The vulnerability by itself does not allow arbitrary code to be run. However, the vulnerability could be used in conjunction with another vulnerability (for example, a remote code execution vulnerability) that could take advantage of the elevated privileges when running arbitrary code. For example, an attacker could exploit another vulnerability to run arbitrary code through Internet Explorer, but due to the context in which processes are launched by Internet Explorer, the code might be restricted to run at a low integrity level (very limited permissions). However, an attacker could, in turn, exploit this vulnerability to cause the arbitrary code to run at a medium integrity level (permissions of the current user).

WeClouds webbsäkerhetslösning från Zscaler analyserar allt innehåll i den data som hämtas från webben och bedömer det genom flera olika jämförelser och beteendeanalyser. Skanningen av http/https sker i realtid och skyddar användare och system, oavsett var de kopplat upp sig, genom att styra trafiken via någon av skannings-noderna i det globala säkerhetsnätverket.

www.wecloud.se
info@wecloud.se