Zscaler Provides Advanced Protection for Massive Microsoft Patch Cycle
August 2010 by Zscaler
Zscaler, Inc. announced that it has deployed protections that enabled customers with immediate defense against the web-based threats included in Microsoft’s massive August patch cycle. With Zscaler’s cloud-delivered security service, customers were transparently protected from numerous vulnerabilities, many of which are critical in nature. Zscaler’s protections are in-line and, as such, do not require customers to take any action on their own.
On Tuesday, Microsoft released one of its largest monthly patch cycles to date, covering a total of 34 vulnerabilities in 14 advisories. Such patch cycles create a daunting task for enterprises, which must quickly deploy patches to individual systems before exploits emerge, allowing attackers to compromise machines. This challenge is made even more difficult for companies with a mobile workforce where laptop computers may not be online at any given time to permit patches to be pushed to road warriors. As a SaaS service provider, Zscaler has been able to deploy in-line protections that block threats before they ever reach vulnerable systems. Such protections apply to both end-user systems on the enterprise network and laptops out in the field.
“Working with Microsoft through its MAPPs program is of great benefit to our mutual customer base as it ensures immediate vulnerability shielding for critical web-based vulnerabilities the day that they are released,” said Michael Sutton, vice president of Security Research at Zscaler. The Microsoft Active Protections Program (MAPPs), ensures that Microsoft’s trusted security partners receive details of vulnerabilities ahead of public release in order to build appropriate protections.
Zscaler has deployed protections for the following vulnerabilities included in the Microsoft Security Bulletins for August 2010:
o CVE-2010-0019 - Microsoft Silverlight Memory Corruption Vulnerability
o CVE-2010-1258 - Event Handler Cross-Domain Vulnerability
o CVE-2010-2556 - Uninitialized Memory Corruption Vulnerability
o CVE-2010-2557 - Uninitialized Memory Corruption Vulnerability
o CVE-2010-2558 - Race Condition Memory Corruption Vulnerability
o CVE-2010-2559 - Uninitialized Memory Corruption Vulnerability
o CVE-2010-2560 - HTML Layout Memory Corruption Vulnerability
o CVE-2009-3555 - TLS/SSL Renegotiation Vulnerability