VPNの脆弱性に関する不安が広がっています。ZPAの60日間無料トライアルを利用して、VPNからの移行のメリットをお確かめください。

ゼットスケーラーのセキュリティアドバイザリ

セキュリティ アドバイザリー - 3月 09, 2010

Zscaler Protects Against Internet Explorer Zero Day Attack

References:

Impact : Remote code execution

Patch: Microsoft issued a patch for this vulnerability on March 30, 2010, details of which can be found in Microsoft Security Bulletin MS10-018

Affected Software:

  • Microsoft Internet Explorer 6
  • Microsoft Internet Explorer 7

Non-Affected Software

Microsoft Internet Explorer 8

Description

Microsoft has released a security advisory (981374) detailing a new, unpatched vulnerability in Internet Explorer (IE), which is being used in targeted attacks. The vulnerability is caused by an invalid pointer reference and impacts IE 6 & 7, while IE 8 is not believed to be vulnerable.

Zscaler Protections

Working with Microsoft, through the Microsoft Active Protections Program (MAPP), Zscaler has been provided with confidential data related to this vulnerability, which has been leveraged to deploy protections. Zscaler was able to deploy protections for this issue throughout its global cloud infrastructure within an hour of receiving notification from Microsoft.