VPNの脆弱性に関する不安が広がっています。ZPAの60日間無料トライアルを利用して、VPNからの移行のメリットをお確かめください。

ゼットスケーラーのセキュリティアドバイザリ

セキュリティ アドバイザリー - 6月 09, 2015

Zscaler Protects against Multiple Security Vulnerabilities in Internet Explorer, Windows Kernel Mode Driver, and Microsoft Office

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for the following 25 vulnerabilities included in the June 2015 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections as necessary.

MS15-056 - Cumulative Security Update for Internet Explorer

Severity: Critical
Affected Software

  • Internet Explorer 6-11

CVE-2015-1687 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1730 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1731 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1732 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1735 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1736 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1737 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1740 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1741 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1742 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1743 - Internet Explorer Elevation of Privilege Vulnerability
CVE-2015-1744 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1745 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1747 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1748 - nternet Explorer Elevation of Privilege Vulnerability
CVE-2015-1750 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1752 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1753 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1755 - Internet Explorer Memory Corruption Vulnerability
CVE-2015-1766 - Internet Explorer Memory Corruption Vulnerability

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

 

MS15-059 - Vulnerabilities in GDI+ Could Allow Remote Code Execution

Severity: Critical
Affected Software

  • Office 2007 SP3
  • Office 2010 SP2
  • Office 2013

CVE-2015-1770 – Microsoft Office Uninitialized Memory Use Vulnerability

CVE-2015-1760 – Microsoft Office Use After Free Vulnerability

CVE-2015-1759 – Microsoft Office Use After Free Vulnerability

Description: Remote code execution vulnerabilities exist in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.

 

MS15-061 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege

Severity: Critical
Affected Software

  • Windows Server 2003 SP2
  • Windows Vista SP2
  • Windows Server 2008 SP2
  • Windows Server 2008 R2
  • Windows 7
  • Windows 8.1
  • Windows Server 2008 R2
  • Windows 8
  • Windows 8.1
  • Windows Server 2012

CVE-2015-1721 - Win32k Null Pointer Dereference Vulnerability
CVE-2015-1722 - Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability
CVE-2015-1768 - Win32k Memory Corruption Elevation of Privilege Vulnerability

Description: Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver when it accesses an object in memory that has either not been correctly initialized or deleted. The vulnerabilities may corrupt memory in such a way that an attacker could gain elevated privileges on a targeted system