VPNの脆弱性に関する不安が広がっています。ZPAの60日間無料トライアルを利用して、VPNからの移行のメリットをお確かめください。

ゼットスケーラーのセキュリティアドバイザリ

セキュリティ アドバイザリー - 10月 11, 2011

Zscaler Provides Immediate Vulnerability Protection for Latest Microsoft Patch Cycle

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following fifteenweb based, client-side vulnerabilities included in the October 2011 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections as necessary.

MS11-076 – Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)

Severity: Important
Affected Software

  • Windows Vista
  • Windows 7

CVE-2011-2009 - Media Center Insecure Library Loading Vulnerability

Description: A remote code execution vulnerability exists in the way that Windows Media Center handles the loading of DLL files.

MS11-077 – Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)

Severity: Important
Affected Software

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7

CVE-2011-2003 - Font Library File Buffer Overrun Vulnerability

Description: A remote code execution vulnerability exists in the Windows kernel due to improper handling of a specially crafted .fon font file.

MS11-078 – Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)

Severity: Critical
Affected Software

  • NET Framework 1.1 Service Pack 1
  • NET Framework 2.0 Service Pack 2
  • NET Framework 3.5.1
  • NET Framework 4
  • Silverlight 4

CVE-2011-1253 - .NET Framework Class Inheritance Vulnerability

Description: A remote code execution vulnerability exists in the way that the Microsoft .NET Framework and Silverlight framework restrict inheritance within classes.

MS11-079 – Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)

Severity: Important
Affected Software

  • Forefront Unified Access Gateway 2010

CVE-2011-1897 - Default Reflected XSS Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-2011-1969 - Poisoned Cup of Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-2011-2012 - Null Session Cookie Crash

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

MS11-081 – Cumulative Security Update for Internet Explorer (2586448)

Severity: Critical
Affected Software

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9

CVE-2011-1993 - Scroll Event Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-2011-1995 - OLEAuto32.dll Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized.

CVE-2011-1996 - Option Element Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-2011-1997 - OnLoad Event Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-2011-1998 - Jscript9.dll Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized.

CVE-2011-1999 - Select Element Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses a dereferenced memory address.

CVE-2011-2000 - Body Element Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted.

CVE-2011-2001 - Virtual Function Table Corruption Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses a virtual function table after it has been corrupted.

MS10-080 – Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)

Severity: Important
Affected Software

  • Windows XP
  • Windows Server 2003

CVE-2011-2005 - Ancillary Function Driver Elevation of Privilege Vulnerability

Description: An elevation of privilege vulnerability exists where the Ancillary Function Driver (afd.sys) improperly validates input passed from user mode to the Windows kernel.