Security Advisories | Cloud-Sicherheitslösungen | Zscaler
https://www.zscaler.de/
Die Security Advisories von Zscaler informieren über identifizierte Sicherheitslücken sowie ihren jeweiligen Schweregrad.deZscaler protects against 1 new vulnerability for Adobe Acrobat and Reader
https://www.zscaler.de/security-advisories/zscaler-protects-against-1-new-vulnerability-for-adobe-september-2023
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 1 vulnerability included in the September 2023 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary.
APSB23-34 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution.
Affected Software
Acrobat DC Continuous 23.003.20284 (Win), 23.003.20284 (Mac) and earlier versions for Windows & macOS
Acrobat Reader DC Continuous 23.003.20244 (Win), 23.003.20284 (Mac) and earlier versions for Windows & macOS
Acrobat 2020 Classic 2020 20.005.30516 (Mac), 20.005.30514 (Win) and earlier versions for Windows & macOS
Acrobat Reader 2020 Classic 2020 20.005.30516 (Mac), 20.005.30514 (Win) and earlier versions for Windows & macOS
CVE-2023-26369 – Out-of-bounds Write vulnerability leading to Arbitrary code execution.
Severity: Critical
Tue, 12 Sept 2023 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-1-new-vulnerability-for-adobe-september-2023Zscaler protects against 3 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-windows-september-2023
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the September 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary.
CVE-2023-38144 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 22H2 for 32bit Systems
Windows 10 Version 22H2 for ARM64based Systems
Windows 10 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for ARM64based Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 version 21H2 for ARM64based Systems
Windows 11 version 21H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 22H2 for 32bit Systems
Windows 10 Version 22H2 for ARM64based Systems
Windows 10 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for ARM64based Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 version 21H2 for ARM64based Systems
Windows 11 version 21H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2023-38143 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 22H2 for 32bit Systems
Windows 10 Version 22H2 for ARM64based Systems
Windows 10 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for ARM64based Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 version 21H2 for ARM64based Systems
Windows 11 version 21H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
Tue, 12 Sept 2023 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-windows-september-2023Zscaler protects against 26 new vulnerabilities for Adobe Acrobat and Reader
https://www.zscaler.de/security-advisories/zscaler-protects-against-26-new-vulnerabilities-for-adobe-august-2023
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 26 vulnerabilities included in the August 2023 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary.
APSB23-30 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation, security feature bypass and memory leak.
Affected Software
Acrobat DC Continuous 23.003.20244 (Win), 23.003.20244 (Mac) and earlier versions for Windows & macOS
Acrobat Reader DC Continuous 23.003.20244 (Win), 23.003.20244 (Mac) and earlier versions for Windows & macOS
Acrobat 2020 Classic 2020 20.005.30467 and earlier versions for Windows & macOS
Acrobat Reader 2020 Classic 20.005.30467 and earlier versions for Windows & macOS
CVE-2023-38235 – Out-of-bounds Read vulnerability leading to Memory Leak.
Severity: Critical
CVE-2023-38236 – Out-of-bounds Read vulnerability leading to Memory leak.
Severity: Important
CVE-2023-38237 – Out-of-bounds Read vulnerability leading to Memory leak.
Severity: Important
CVE-2023-38238 – Use After Free vulnerability leading to Memory leak.
Severity: Moderate
CVE-2023-38240 – Out-of-bounds Read vulnerability leading to Memory leak.
Severity: Important
CVE-2023-38239 – Out-of-bounds Read vulnerability leading to Memory leak.
Severity: Important
CVE-2023-38241 – Out-of-bounds Read vulnerability leading to Memory leak.
Severity: Important
CVE-2023-38234 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-38242 – Out-of-bounds Read vulnerability leading to Memory leak.
Severity: Important
CVE-2023-38233 – Out-of-bounds write vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-38244 – Out-of-bounds Read vulnerability leading to Memory leak.
Severity: Important
CVE-2023-38247 – Out-of-bounds Read vulnerability leading to Memory leak.
Severity: Moderate
CVE-2023-38248 – Out-of-bounds Read vulnerability leading to Memory leak.
Severity: Moderate
CVE-2023-38232 – Out-of-bounds Read vulnerability leading to Memory Leak.
Severity: Critical
CVE-2023-38231 – Out-of-bounds Write vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-38230 – Use After Free vulnerability leading to Memory Leak.
Severity: Critical
CVE-2023-38229 – Out-of-bounds Read vulnerability leading to Memory Leak.
Severity: Critical
CVE-2023-29303 – Use After Free vulnerability leading to Memory leak.
Severity: Important
CVE-2023-38222 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-38228 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-38227 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-38226 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-38225 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-38224 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-38246 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-38223 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution.
Severity: Critical
Tue, 08 Aug 2023 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-26-new-vulnerabilities-for-adobe-august-2023Zscaler protects against 2 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-windows-august-2023
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the August 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary.
CVE-2023-35384 – Windows HTML Platforms Security Feature Bypass Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2023-36900 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Tue, 08 Aug 2023 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-windows-august-2023Zscaler protects against 2 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-windows-july-2023
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the July 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections, as necessary.
CVE-2023-33157 – Microsoft SharePoint Remote Code Execution Vulnerability
Severity: Critical
Affected Software
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016
CVE-2023-35311 – Microsoft Outlook Security Feature Bypass Vulnerability
Severity: Important
Affected Software
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 (64-bit editions)
Microsoft Outlook 2013 (32-bit editions)
Microsoft Outlook 2016 (64-bit edition)
Microsoft Office 2019 for 64-bit editions
Microsoft Outlook 2016 (32-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Tue, 11 Juli 2023 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-windows-july-2023Zscaler protects against 6 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-6-new-vulnerabilities-windows-june-2023
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 6 vulnerabilities included in the June 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections, as necessary.
CVE-2023-29360 – Windows TPM Device Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
CVE-2023-29358 – Windows GDI Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
CVE-2023-29357 – Microsoft SharePoint Server Elevation of Privilege Vulnerability
Severity: Critical
Affected Software
Microsoft SharePoint Server 2019
CVE-2023-28310 – Microsoft Exchange Server Remote Code Execution Vulnerability
Severity: Important
Affected Software
Microsoft Exchange Server 2019 Cumulative Update 13
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2016 Cumulative Update 23
CVE-2023-29361 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
CVE-2023-29371 – Windows GDI Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Tue, 13 Juni 2023 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-6-new-vulnerabilities-windows-june-2023Zscaler protects against 14 new vulnerabilities for Adobe Acrobat and Reader
https://www.zscaler.de/security-advisories/zscaler-protects-against-14-new-vulnerabilities-for-adobe-april-2023
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 14 vulnerabilities included in the April 2023 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary.
APSB23-24 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation, security feature bypass and memory leak.
Affected Software
Acrobat DC Continuous 23.001.200932 (Win), 23.001.200932 (Mac) and earlier versions for Windows & macOS
Acrobat Reader DC Continuous 23.001.200932 (Win), 23.001.200932 (Mac) and earlier versions for Windows & macOS
Acrobat 2020 Classic 2020 20.005.30441 and earlier versions for Windows & macOS
Acrobat Reader 2020 Classic 20.005.30441 and earlier versions for Windows & macOS
CVE-2023-26420 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26419 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26418 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26417 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26395 – Out-of-bounds Write vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26421 – Integer Underflow vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26422 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26423 – Use after free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26424 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26425 – Out-of-bounds write vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26397 – Out-of-bounds Read vulnerability leading to Memory leak.
Severity: Important
CVE-2023-26405 – Improper Input validation vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26406 – Improper Access Control leading to Security Feature Bypass
Severity: Critical
CVE-2023-26408 – Improper Access Control vulnerability leading to Security Feature bypass.
Severity: Important
Tue, 11 Apr 2023 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-14-new-vulnerabilities-for-adobe-april-2023Zscaler protects against 5 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-april-2023
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the April 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary.
CVE-2023-28274 – Windows Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2023-28285 – Windows Graphics Component Remote Code Execution Vulnerability
Severity: Important
Affected Software
Microsoft Office LTSC for Mac 2021
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2019 for Mac
CVE-2023-24912 – Windows Graphics Component Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2023-28218 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2023-28220 – Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
Severity: Critical
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Tue, 11 Apr 2023 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-april-2023Zscaler protects against 2 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-march-2023
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the March 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the March release and deploy additional protections, as necessary.
CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability
Severity: Moderate
Affected Software
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
CVE-2023-23410 – Windows HTTP.sys Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Tue, 14 März 2023 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-march-2023Zscaler protects against 2 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-february-2023
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the February 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections, as necessary.
CVE-2023-23376 – Windows Common Log File System Driver Elevation of Privilege Vulnerability.
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 22H2 for 32bit Systems
Windows 10 Version 22H2 for ARM64based Systems
Windows 10 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for ARM64based Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 version 21H2 for ARM64based Systems
Windows 11 version 21H2 for x64based Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2023-21823 – Windows Graphics Component Remote Code Execution Vulnerability
Severity: Important
Affected Software
Windows Microsoft Office for Android
Microsoft Office for iOS
Microsoft Office for Universal
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Tue, 14 Feb 2023 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-february-2023Zscaler protects against 15 new vulnerabilities for Adobe Acrobat and Reader
https://www.zscaler.de/security-advisories/zscaler-protects-against-15-new-vulnerabilities-for-adobe-january-2023
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 15 vulnerabilities included in the January 2023 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary.
APSB23-01 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to denial-of-service, arbitrary code execution, privilege escalation and memory leak.
Affected Software
Acrobat DC Continuous 22.003.20282 (Win), 22.003.20281 (Mac) and earlier versions for Windows & macOS
Acrobat Reader DC Continuous 22.003.20282 (Win), 22.003.20281 (Mac) and earlier versions for Windows & macOS
Acrobat 2020 Classic 2020 20.005.30418 and earlier versions for Windows & macOS
Acrobat Reader 2020 Classic 20.005.30418 and earlier versions for Windows & macOS
CVE-2023-21579 – Integer Overflow or Wraparound vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2023-21581 – Out-of-bounds Read vulnerability leading to memory leak
Severity: Important
CVE-2023-21585 – Out-of-bounds Read vulnerability leading to memory leak
Severity: Important
CVE-2023-21586 – NULL Pointer Dereference vulnerability leading to Application denial of service
Severity: Important
CVE-2023-21604 – Stack-based Buffer Overflow vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2023-21605 – Heap-based Buffer Overflow vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2023-21606 – Out-of-bounds Write vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2023-21607 – Improper Input Validation vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2023-21608 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2023-21609 – Out-of-bounds write vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2023-21610 – Stack-based Buffer Overflow vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2023-21611 – Violation of Secure Design Principles leading to Privilege escalation
Severity: Important
CVE-2023-21612 – Violation of Secure Design Principles leading to Privilege escalation
Severity: Important
CVE-2023-21613 – Out-of-bounds Read vulnerability leading to memory leak
Severity: Important
CVE-2022-35691 – Out-of-bounds Read vulnerability leading to memory leak
Severity: Important
Wed, 11 Jan 2023 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-15-new-vulnerabilities-for-adobe-january-2023Zscaler protects against 2 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-january-2023
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the January 2023 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary.
CVE-2023-21674 – Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability.
Severity: Important
Affected Software
Windows 11 Version 22H2 for ARM64based Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 version 21H2 for ARM64based Systems
Windows 11 version 21H2 for x64based Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2023-21552 – Windows GDI Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 22H2 for 32bit Systems
Windows 10 Version 22H2 for ARM64based Systems
Windows 10 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for ARM64based Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 version 21H2 for ARM64based Systems
Windows 11 version 21H2 for x64based Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
Wed, 11 Jan 2023 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-january-2023Zscaler protects against 2 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-december-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the December 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the December release and deploy additional protections, as necessary.
CVE-2022-44675 – Windows Bluetooth Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 22H2 for 32bit Systems
Windows 10 Version 22H2 for ARM64based Systems
Windows 10 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for ARM64based Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 Datacenter: Azure Edition
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2022-44698 – Windows Win32k Elevation of Privilege Vulnerability
Severity: Moderate
Affected Software
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 Version 22H2 for 32bit Systems
Windows 10 Version 22H2 for ARM64based Systems
Windows 10 Version 22H2 for x64based Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 Datacenter: Azure Edition
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
Tue, 13 Dez 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-december-2022Zscaler protects against 3 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-windows-november-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the November 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections, as necessary.
CVE-2022-41113 – Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 22H2 for 32bit Systems
Windows 10 Version 22H2 for ARM64based Systems
Windows 10 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for ARM64based Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 Datacenter: Azure Edition (Hotpatch)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2022-41109 – Windows Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 22H2 for 32bit Systems
Windows 10 Version 22H2 for ARM64based Systems
Windows 10 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for ARM64based Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 Datacenter: Azure Edition (Hotpatch)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
CVE-2022-41096 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 22H2 for 32bit Systems
Windows 10 Version 22H2 for ARM64based Systems
Windows 10 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for ARM64based Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
Tue, 08 Nov 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-windows-november-2022Zscaler protects against 5 new vulnerabilities for Adobe Acrobat and Reader
https://www.zscaler.de/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-adobe-october-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 5 vulnerabilities included in the October 2022 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary.
APSB22-46 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service and memory leak.
Affected Software
Acrobat DC Continuous 22.002.20212 and earlier versions for Windows & macOS
Acrobat Reader DC Continuous 22.002.20212 and earlier versions for Windows & macOS
Acrobat 2020 Classic 2020 20.005.30381 and earlier versions for Windows & macOS
Acrobat Reader 2020 Classic 20.005.30381 and earlier versions for Windows & macOS
CVE-2022-35691 – NULL Pointer Dereference vulnerability leading to Application denial-of-service
Severity: Important
CVE-2022-38437 – Use After Free vulnerability leading to Memory leak
Severity: Important
CVE-2022-38449 – Out-of-bounds Read vulnerability leading to Memory leak
Severity: Important
CVE-2022-38450 – Stack-Based Buffer Overflow vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-42339 – Stack-Based Buffer Overflow vulnerability leading to Arbitrary code execution
Severity: Critical
Tue, 11 Okt 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-adobe-october-2022Zscaler protects against 5 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-october-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the October 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary.
CVE-2022-38051 – Windows Graphics Component Elevation of Privilege Vulnerability
Severity: Important
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 11 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for ARM64based Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2022-37970 – Windows DWM Core Library Elevation of Privilege Vulnerability
Severity: Important
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
Affected Software
Windows 11 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for ARM64based Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2022-38050 – Win32k Elevation of Privilege Vulnerability
Severity: Important
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
Affected Software
Windows 11 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for ARM64based Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2022-37989 – Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
Severity: Important
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 11 Version 22H2 for x64based Systems
Windows 11 Version 22H2 for ARM64based Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2022-38053 – Microsoft SharePoint Server Remote Code Execution Vulnerability
Severity: Important
Subscriptions Required
Advanced Threat Protection
Affected Software
Windows Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Tue, 11 Okt 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-october-2022Zscaler protects against 3 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-windows-september-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the September 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary.
CVE-2022-35803 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows RT 8.1
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2016
Windows 10 Version 1607 for 32bit Systems
Windows Server 2012 (Server Core installation)
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32bit Systems
Windows 7 for x64based Systems Service Pack 1
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2019
Windows 10 Version 1607 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows 10 Version 1809 for x64based Systems
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows 7 for 32bit Systems Service Pack 1
Windows 10 Version 1809 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows 10 Version 21H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows 10 Version 20H2 for ARM64based Systems
Windows 11 for ARM64based Systems
Windows Server 2022
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 1809 for ARM64based Systems
Windows 11 for x64based Systems
Windows 10 Version 21H1 for 32bit Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows 10 Version 21H1 for x64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 10 Version 21H2 for ARM64based Systems
CVE-2022-37957 – Windows Kernel Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2022-34729 – Windows GDI Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
Tue, 13 Sept 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-windows-september-2022Zscaler protects against 7 new vulnerabilities for Adobe Acrobat and Reader
https://www.zscaler.de/security-advisories/zscaler-protects-against-7-new-vulnerabilities-for-adobe-august-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 7 vulnerabilities included in the August 2022 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary.
APSB22-39 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak.
Affected Software
Acrobat DC Continuous 22.001.20169 and earlier versions for Windows & macOS
Acrobat Reader DC Continuous 22.001.20169 and earlier versions for Windows & macOS
Acrobat 2020 Classic 2020 20.005.30362 and earlier versions for Windows & macOS
Acrobat Reader 2020 Classic 20.005.30362 and earlier versions for Windows & macOS
Acrobat 2017 Classic 2017 17.012.30249 and earlier versions for Windows & macOS
Acrobat Reader 2017 Classic 2017 17.012.30249 and earlier versions for Windows & macOS
CVE-2022-35665 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-35666 – Improper Input Validation vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-35667 – Out-of-bounds Write vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-35668 – Improper Input Validation vulnerability leading to Memory leak
Severity: Important
CVE-2022-35670 – Use After Free vulnerability leading to Memory leak
Severity: Important
CVE-2022-35671 – Out-of-bounds read vulnerability leading to Memory leak
Severity: Important
CVE-2022-35678 – Out-of-bounds read vulnerability leading to Memory leak
Severity: Important
Wed, 10 Aug 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-7-new-vulnerabilities-for-adobe-august-2022Zscaler protects against 5 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-august-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the August 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary.
CVE-2022-35793 – Windows Print Spooler Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
CVE-2022-35750 – Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2022-34713 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2022-35755 – Windows Print Spooler Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2022-34699 – Windows Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Wed, 10 Aug 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-august-2022Zscaler protects against 20 new vulnerabilities for Adobe Acrobat and Reader
https://www.zscaler.de/security-advisories/zscaler-protects-against-20-new-vulnerabilities-for-adobe-july-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 20 vulnerabilities included in the July 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections, as necessary.
APSB22-32 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak.
Affected Software
Acrobat DC Continuous 22.001.20142 and earlier versions for Windows & macOS
Acrobat Reader DC Continuous 22.001.20142 and earlier versions for Windows & macOS
Acrobat 2020 Classic 2020 20.005.30334 and earlier versions for Windows & 20.005.30331 for macOS
Acrobat Reader 2020 Classic 20.005.30334 and earlier versions for Windows & 20.005.30331 for macOS
Acrobat 2017 Classic 2017 17.012.30229 and earlier versions for Windows & 17.012.30227 for macOS
Acrobat Reader 2017 Classic 2017 17.012.30229 and earlier versions for Windows & 17.012.30227 for macOS
CVE-2022-34230 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-34229 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-34228 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-34227 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-34226 – Out-of-bounds Read vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-34225 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-34224 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-34223 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-34222 – Out-of-bounds Read vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-34237 – Use After Free vulnerability leading to Memory leak
Severity: Important
CVE-2022-34239 – Out-of-bounds Read vulnerability leading to Memory leak
Severity: Important
CVE-2022-34236 – Out-of-bounds Read vulnerability leading to Memory leak
Severity: Important
CVE-2022-34221 – Access of Resource Using Incompatible Type ('Type Confusion') vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-34234 – Use After Free vulnerability leading to Memory leak
Severity: Important
CVE-2022-34220 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-34219 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-34217 – Out-of-bounds Write vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-34216 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-34233 – Use After Free vulnerability leading to Memory leak
Severity: Important
CVE-2022-34215 – Out-of-bounds Read vulnerability leading to Arbitrary code execution
Severity: Critical
Tue, 12 Juli 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-20-new-vulnerabilities-for-adobe-july-2022Zscaler protects against 4 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-windows-july-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 4 vulnerabilities included in the July 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections, as necessary.
CVE-2022-22047 – Windows CSRSS Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2022-30220 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2022-22034 – Windows Graphics Component Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2022-30202 – Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
Tue, 12 Juli 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-windows-july-2022Zscaler protects against 2 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-june-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the June 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections, as necessary.
CVE-2022-30147 – Windows Installer Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2022-30160 – Windows Kernel Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
Wed, 15 Juni 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-june-2022Zscaler protects against 4 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-windows-may-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 4 vulnerabilities included in the May 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections, as necessary.
CVE-2022-29104 – Windows Print Spooler Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2022-29142 – Windows Kernel Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
CVE-2022-23279 – Windows ALPC Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
CVE-2022-23270 – Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Severity: Critical
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Tue, 10 Mai 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-windows-may-2022Zscaler protects against 61 new vulnerabilities for Adobe Acrobat and Reader
https://www.zscaler.de/security-advisories/zscaler-protects-against-61-new-vulnerabilities-for-adobe-acrobat-and-reader-april-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 61 vulnerabilities included in the April 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary.
APSB22-16 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical, important, and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak, security feature bypass and privilege escalation.
Affected Software
Acrobat DC Continuous 22.001.20085 and earlier versions for Windows
Acrobat Reader DC Continuous 22.001.20085 and earlier versions for Windows
Acrobat 2020 Classic 2020 20.005.30314 and earlier versions for Windows & 20.005.30311 for macOS
Acrobat Reader 2020 Classic 20.005.30311 and earlier versions for Windows & 20.005.30311 macOS
Acrobat 2017 Classic 2017 17.012.30205 and earlier versions for Windows & macOS
Acrobat Reader 2017 Classic 2017 17.012.30205 and earlier versions for Windows & macOS
CVE-2022-24101 – Use After Free vulnerability leading to Memory Leak
Severity: Moderate
CVE-2022-24103 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-24104 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27785 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-24102 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27786 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27787 – Out-of-bounds Write vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27788 – Out-of-bounds Write vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27789 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27790 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27791 – Stack-based Buffer Overflow vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27792 – Out-of-bounds Write vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27793 – Out-of-bounds Write vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27794 – Access Uninitialized Pointer vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27795 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27796 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27797 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27798 – Out-of-bounds Write vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27799 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27800 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27801 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-27802 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-28230 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-28231 – Out-of-bounds Read vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-28232 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-28233 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-28234 – Heap-based Buffer Overflow vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-28235 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-28236 – Out-of-bounds Write vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-28237 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-28238 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-28239 – Out-of-bounds Read vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-28240 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-28241 – Out-of-bounds Read vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-28242 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-28243 – Out-of-bounds Read vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2022-28244 – Violation of Secure Design Principles leading to Arbitrary code execution
Severity: Important
CVE-2022-28245 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Critical
CVE-2022-28246 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28248 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28249 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28250 – Use After Free vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28251 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28252 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28253 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28254 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28255 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28256 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28257 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28258 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28259 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28260 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28261 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28262 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28263 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28264 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28265 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28266 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28267 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28268 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
CVE-2022-28269 – Out-of-bounds Read vulnerability leading to Memory Leak
Severity: Important
Tue, 12 Apr 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-61-new-vulnerabilities-for-adobe-acrobat-and-reader-april-2022Zscaler protects against 8 new vulnerabilities for Windows Log File System Driver, Win32k, Windows DWM Core Library, Windows Common Log System Driver, User Profile Service and Windows Digital Media Receiver
https://www.zscaler.de/security-advisories/zscaler-protects-against-8-new-vulnerabilities-for-windows-april-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 8 vulnerabilities included in the April 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary.
CVE-2022-24481 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Severity: Important
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2022-24542 – Windows Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2022-24546 – Windows DWM Core Library Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2022-26914 – Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2022-24521 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
CVE-2022-26904 – Windows User Profile Service Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
CVE-2022-24547 – Windows Digital Media Receiver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2022-24474 – Windows Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Tue, 12 Apr 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-8-new-vulnerabilities-for-windows-april-2022Zscaler protects against 5 new vulnerabilities for Windows Ancillary Function Driver, Remote Desktop Client, Windows PDEV and Windows Cloud Files Mini Filter driver.
https://www.zscaler.de/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-march-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the March 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the March release and deploy additional protections, as necessary.
CVE-2022-24507 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
CVE-2022-23299 – Windows PDEV Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
CVE-2022-23285 – Remote Desktop Client Remote Code Execution Vulnerability
Severity: Important
Affected Software
Windows RT 8.1
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
CVE-2022-24502 – Windows HTML Platforms Security Feature Bypass Vulnerability
Severity: Important
Affected Software
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2022 Azure Edition Core Hotpatch
CVE-2022-23286 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Wed, 09 März 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-march-2022Zscaler protects against 5 new vulnerabilities for Windows, Windows Common Log File System Driver and Windows DWM Core Library
https://www.zscaler.de/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-feb-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the February 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections, as necessary.
CVE-2022-21989 – Windows Kernel Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2022-21994 – Windows DWM Core Library Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2022-21996 – Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
CVE-2022-22000 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2022-22715 – Named Pipe File System Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Tue, 08 Feb 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-windows-feb-2022Zscaler protects against 25 new vulnerabilities for Adobe Acrobat and Reader
https://www.zscaler.de/security-advisories/zscaler-protects-against-25-new-adobe-vulnerabilities-jan-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 25 vulnerabilities included in the January 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary.
APSB22-01 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical, important, and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak, application denial of service, security feature bypass and privilege escalation.
Affected Software
Acrobat DC Continuous 21.007.20099and earlier versions for Windows
Acrobat Reader DC Continuous 21.007.20099 and earlier versions for Windows
Acrobat DC Continuous 21.007.20099 and earlier versions for macOS
Acrobat Reader DC Continuous 21.007.20099 and earlier versions for macOS
Acrobat 2020 Classic 2020 20.004.30017 and earlier versions for Windows & macOS
Acrobat Reader 2020 Classic 20.004.30017 and earlier versions for Windows & macOS
Acrobat 2017 Classic 2017 17.011.30204 and earlier versions for Windows & macOS
Acrobat Reader 2017 Classic 2017 17.011.30204 and earlier versions for Windows & macOS
CVE-2021-44701 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2021-44702 – Improper Access Control vulnerability leading to Privilege escalation
Severity: Critical
CVE-2021-44703 – Stack-based Buffer Overflow vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2021-44704 – Use After Free vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2021-44705 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2021-44706 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2021-44707 – Out-of-bounds Write vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2021-44708 – Heap-based Buffer Overflow vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2021-44709 – Heap-based Buffer Overflow vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2021-44710 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2021-44712 – Improper Input Validation vulnerability leading to Application denial-of-service.
Severity: Important
CVE-2021-44713 – Use After Free vulnerability leading to Application denial-of-service.
Severity: Important
CVE-2021-44714 – Violation of Secure Design Principles vulnerability leading to Security feature bypass.
Severity: Moderate
CVE-2021-44715 – Out-of-bounds Read vulnerability leading to Memory Leak.
Severity: Moderate
CVE-2021-44739 – Improper Input Validation vulnerability leading to Security feature bypass
Severity: Moderate
CVE-2021-44740 – NULL Pointer Dereference vulnerability leading to Application denial-of-service.
Severity: Moderate
CVE-2021-44741 – NULL Pointer Dereference vulnerability leading to Application denial-of-service.
Severity: Moderate
CVE-2021-44742 – Out-of-bounds Read vulnerability leading to Memory Leak.
Severity: Moderate
CVE-2021-45060 – Out-of-bounds Read vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2021-45061 – Out-of-bounds Write vulnerability leading to Arbitrary code execution
Severity: Critical
CVE-2021-45062 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2021-45063 – Use After Free vulnerability leading to Privilege escalation
Severity: Moderate
CVE-2021-45064 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2021-45067 – Access of Memory Location After End of Buffer vulnerability leading to Memory Leak.
Severity: Important
CVE-2021-45068 – Out-of-bounds Write vulnerability leading to Arbitrary code execution
Severity: Critical
Wed, 12 Jan 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-25-new-adobe-vulnerabilities-jan-2022Zscaler protects against 6 new vulnerabilities for Windows, Windows Common Log File System Driver and Windows Installer
https://www.zscaler.de/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-windows-jan-2022
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 6 vulnerabilities included in the January 2022 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary.
CVE-2022-21881 – Windows Kernel Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows Server 2016 (Server Core installation)
Windows 10 Version 1809 for 32bit Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows 10 Version 1909 for ARM64based Systems
Windows 10 Version 1909 for x64based Systems
Windows 10 Version 1909 for 32bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
CVE-2022-21882 – Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows 10 Version 1909 for ARM64based Systems
Windows 10 Version 1909 for x64based Systems
Windows 10 Version 1909 for 32bit Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
CVE-2022-21887 – Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
CVE-2022-21897 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows RT 8.1
Windows 8.1 for x64based systems
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 1909 for ARM64based Systems
Windows 10 Version 1909 for x64based Systems
Windows 10 Version 1909 for 32bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
CVE-2022-21908 – Windows Installer Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows 10 Version 1909 for ARM64based Systems
Windows 10 Version 1909 for x64based Systems
Windows 10 Version 1909 for 32bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2022-21916 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 21H2 for x64based Systems
Windows 10 Version 21H2 for ARM64based Systems
Windows 10 Version 21H2 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows 10 Version 1909 for ARM64based Systems
Windows 10 Version 1909 for x64based Systems
Windows 10 Version 1909 for 32bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
Wed, 12 Jan 2022 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-windows-jan-2022Zscaler protects against 3 new vulnerabilities for Windows Print Spooler Components, Windows Common Log File System Driver and Windows Installer
https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-microsoft-windows-december-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the December 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the December release and deploy additional protections, as necessary.
CVE-2021-41333 – Windows Print Spooler Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2021-43226 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2021-43883 – Windows Installer Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Tue, 14 Dez 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-microsoft-windows-december-2021Zscaler protects against 3 new vulnerabilities for Microsoft Windows, Office, and Malware Protection Engine
https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-microsoft-windows-november-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the November 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections, as necessary.
CVE-2021-42292 – Microsoft Excel Security Feature Bypass Vulnerability.
Severity: Important
Affected Software
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2016 (32-bit edition)
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2019 for Mac
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for 32-bit editions
CVE-2021-42298 – Microsoft Defender Remote Code Execution Vulnerability.
Severity: Critical
Affected Software
Microsoft Malware Protection Engine
CVE-2021-38666 – Remote Desktop Client Remote Code Execution Vulnerability.
Severity: Critical
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Remote Desktop client for Windows Desktop
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Tue, 09 Nov 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-microsoft-windows-november-2021Zscaler protects against 3 new vulnerabilities for Adobe Acrobat and Reader
https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-adobe-vulnerabilities-october-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 3 vulnerabilities included in the October 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary.
APSB21-104 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Affected Software
Acrobat DC Continuous 2021.007.20095 and earlier versions for Windows
Acrobat Reader DC Continuous 2021.007.20095 and earlier versions for Windows
Acrobat DC Continuous 2021.007.20096 and earlier versions for macOS
Acrobat Reader DC Continuous 2021.007.20096 and earlier versions for macOS
Acrobat 2020 Classic 2020 2020.004.30015 and earlier versions for Windows & macOS
Acrobat Reader 2020 Classic 2020 2020.004.30015 and earlier versions for Windows & macOS
Acrobat 2017 Classic 2017 17.011.30202 and earlier versions for Windows & macOS
Acrobat Reader 2017 Classic 2017 17.011.30202 and earlier versions for Windows & macOS
CVE-2021-40729 – Out-of-bounds Read vulnerability leading to Privilege escalation.
Severity: Moderate
CVE-2021-40730 – Use After Free vulnerability leading to Privilege escalation.
Severity: Moderate
CVE-2021-40731 – Out-of-bounds Write leading to Arbitrary code execution.
Severity: Critical
Tue, 12 Okt 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-adobe-vulnerabilities-october-2021Zscaler protects against 6 new vulnerabilities for Microsoft Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-microsoft-windows-october-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 6 vulnerabilities included in the October 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary.
CVE-2021-41357 – Win32k elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64based Systems
Windows 10 Version 2004 for ARM64based Systems
Windows 10 Version 2004 for 32bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
CVE-2021-40487 – Microsoft SharePoint Server Remote Code Execution Vulnerability.
Severity: Important
Affected Software
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016
CVE-2021-40450 – Win32k Elevation of Privilege Vulnerability.
Severity: Important
Affected Software
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64based Systems
Windows 10 Version 2004 for ARM64based Systems
Windows 10 Version 2004 for 32bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows 10 Version 1909 for ARM64based Systems
Windows 10 Version 1909 for x64based Systems
Windows 10 Version 1909 for 32bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2021-40467 – Windows Common Log File System Driver Elevation of Privilege Vulnerability.
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64based Systems
Windows 10 Version 2004 for ARM64based Systems
Windows 10 Version 2004 for 32bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows 10 Version 1909 for ARM64based Systems
Windows 10 Version 1909 for x64based Systems
Windows 10 Version 1909 for 32bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2021-40470 – DirectX Graphics Kernel Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64based Systems
Windows 10 Version 2004 for ARM64based Systems
Windows 10 Version 2004 for 32bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows 10 Version 1909 for ARM64based Systems
Windows 10 Version 1909 for x64based Systems
Windows 10 Version 1909 for 32bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2021-40449 – Win32k Elevation of Privilege Vulnerability.
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows Server 2008 for x64based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64based Systems Service Pack 2
Windows Server 2008 for 32bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 11 for ARM64based Systems
Windows 11 for x64based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64based Systems
Windows 10 Version 2004 for ARM64based Systems
Windows 10 Version 2004 for 32bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows 10 Version 1909 for ARM64based Systems
Windows 10 Version 1909 for x64based Systems
Windows 10 Version 1909 for 32bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
Tue, 12 Okt 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-microsoft-windows-october-2021Zscaler protects against 4 new vulnerabilities for Adobe Acrobat and Reader
https://www.zscaler.de/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-adobe-september-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 4 vulnerabilities included in the September 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary.
APSB21-55 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical, important, and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Affected Software
Acrobat DC Continuous 2021.005.20060 and earlier versions for Windows
Acrobat Reader DC Continuous 2021.005.20060 and earlier versions for Windows
Acrobat DC Continuous 2021.005.20058 and earlier versions for macOS
Acrobat Reader DC Continuous 2021.005.20058 and earlier versions for macOS
Acrobat 2020 Classic 2020 2020.004.30006 and earlier versions for Windows & macOS
Acrobat Reader 2020 Classic 2020 2020.004.30006 and earlier versions for Windows & macOS
Acrobat 2017 Classic 2017 2017.011.30199 and earlier versions for Windows & macOS
Acrobat Reader 2017 Classic 2017 2017.011.30199 and earlier versions for Windows & macOS
CVE-2021-39836 – Use After Free leading to Arbitrary code execution.
Severity: Critical
CVE-2021-39842 – Use After Free leading to Arbitrary code execution.
Severity: Critical
CVE-2021-39843 – Out-of-bounds Write leading to Memory leak.
Severity: Critical
CVE-2021-39845 – Stack-based Buffer Overflow leading to Arbitrary code execution.
Severity: Critical
Tue, 14 Sept 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-adobe-september-2021Zscaler protects against 3 new vulnerabilities for Windows Common Log File System Driver and Windows MSHTML Platform.
https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-september-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the September 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary.
CVE-2021-38633 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
CVE-2021-40444 – Microsoft MSHTML Remote Code Execution Vulnerability
Severity: Important
Affected Software
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for x64-based systems
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 8.1 for 32-bit systems
Windows 8.1 for 32-bit systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2021-36955 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Tue, 14 Sept 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-windows-september-2021Zscaler protects against 2 new vulnerabilities for Microsoft Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-microsoft-windows-august-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the August 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary.
CVE-2021-34480 – Scripting Engine Memory Corruption Vulnerability
Severity: Critical
Affected Software
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows 10 Version 2004 for x64based Systems
Windows 10 Version 2004 for ARM64based Systems
Windows 10 Version 2004 for 32bit Systems
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Windows 10 Version 1909 for ARM64based Systems
Windows 10 Version 1909 for x64based Systems
Windows 10 Version 1909 for 32bit Systems
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
CVE-2021-34535 – Remote Desktop Client Remote Code Execution Vulnerability
Severity: Critical
Affected Software
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2 for x64based Systems Service Pack 1
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 7 for x64based Systems Service Pack 1
Windows 7 for 32bit Systems Service Pack 1
Windows Server 2016
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows 10 Version 2004 for x64based Systems
Windows 10 Version 2004 for ARM64based Systems
Windows 10 Version 2004 for 32bit Systems
Windows 10 Version 21H1 for 32bit Systems
Windows 10 Version 21H1 for ARM64based Systems
Windows 10 Version 21H1 for x64based Systems
Remote Desktop client for Windows Desktop
Windows 10 Version 1909 for ARM64based Systems
Windows 10 Version 1909 for x64based Systems
Windows 10 Version 1909 for 32bit Systems
Windows Server 2019
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for 32bit Systems
Tue, 10 Aug 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-microsoft-windows-august-2021Zscaler protects against 2 new vulnerabilities for Adobe Acrobat and Reader.
https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-adobe-july-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 2 vulnerabilities included in the July 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections, as necessary.
APSB21-51 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Affected Software
Acrobat DC Continuous 2021.005.20054 and earlier versions for Windows and macOS
Acrobat Reader DC Continuous 2021.005.20054 and earlier versions for Windows and macOS
Acrobat 2020 Classic 2020 2020.004.30005 and earlier versions for Windows & macOS
Acrobat Reader 2020 Classic 2020 2020.004.30005 and earlier versions for Windows & macOS
Acrobat 2017 Classic 2017 2017.011.30197 and earlier versions for Windows & macOS
Acrobat Reader 2017 Classic 2017 2017.011.30197 and earlier versions for Windows & macOS
CVE-2021-28635 – Use After Free leading to Arbitrary code execution.
Severity: Critical
CVE-2021-28640 – Use After Free leading to Arbitrary code execution.
Severity: Critical
Tue, 13 Juli 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-for-adobe-july-2021Zscaler protects against 5 new vulnerabilities for Microsoft Scripting Engine, Windows Kernel, Windows Win32K & Windows Print Spooler Components.
https://www.zscaler.de/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-microsoft-windows-july-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 5 vulnerabilities included in the July 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the July release and deploy additional protections, as necessary.
CVE-2021-31979 – Windows Kernel Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
CVE-2021-33771 – Windows Kernel Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability
Severity: Critical
Affected Software
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2
CVE-2021-34449 – Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability
Severity: Critical
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Tue, 13 Juli 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-5-new-vulnerabilities-for-microsoft-windows-july-2021Zscaler protects against 6 new vulnerabilities for Microsoft Windows.
https://www.zscaler.de/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-microsoft-windows-june-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 6 vulnerabilities included in the June 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections, as necessary.
CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability
Severity: Important
Affected Software
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2021-31201 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2021-31199 – Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2021-31952 – Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2021-31954 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2021-31959 – Scripting Engine Memory Corruption Vulnerability
Severity: Critical
Affected Software
Windows RT 8.1
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows 10 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 8.1 for x64-based systems
Windows Server 2019
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Tue, 08 Juni 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-6-new-vulnerabilities-for-microsoft-windows-june-2021Zscaler protects against 1 new vulnerability for Adobe Acrobat and Reader.
https://www.zscaler.de/security-advisories/zscaler-protects-against-1-new-adobe-vulnerability-june-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 1 vulnerability included in the June 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections, as necessary.
APSB21-37 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Affected Software
Acrobat DC Continuous 2021.001.20155 and earlier versions for Windows
Acrobat Reader DC Continuous 2021.001.20155 and earlier versions for Windows
Acrobat DC Continuous 2021.001.20155 and earlier versions for macOS
Acrobat Reader DC Continuous 2021.001.20155 and earlier versions for macOS
Acrobat 2020 Classic 2020 2020.001.30025 and earlier versions for Windows & macOS
Acrobat Reader 2020 Classic 2020 2020.001.30025 and earlier versions for Windows & macOS
Acrobat 2017 Classic 2017 2017.011.30196 and earlier versions for Windows & macOS
Acrobat Reader 2017 Classic 2017 2017.011.30196 and earlier versions for Windows & macOS
CVE-2021-28554 – Out-of-bounds read leading to Arbitrary code execution.
Severity: Critical
Tue, 08 Juni 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-1-new-adobe-vulnerability-june-2021Zscaler protects against 3 new vulnerabilities for Internet Explorer and Microsoft Windows.
https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-internet-explorer-microsoft-may-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the May 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections, as necessary.
CVE-2021-26419 – Scripting Engine Memory Corruption Vulnerability
Severity: Critical
Affected Software
Internet Explorer 11 on Windows Server 2016
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems
Internet Explorer 11 on Windows Server 2019
Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems
Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems
Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 20H2 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 20H2 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 20H2 for ARM64-based Systems
Internet Explorer 11 on Windows 10 for 32-bit Systems
Internet Explorer 11 on Windows 10 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1
Internet Explorer 11 on Windows 8.1 for 32-bit systems
Internet Explorer 11 on Windows 8.1 for x64-based systems
Internet Explorer 11 on Windows RT 8.1
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Internet Explorer 11 on Windows Server 2012
Internet Explorer 11 on Windows Server 2012 R2
CVE-2021-31170 – Windows Graphics Component Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
CVE-2021-31188 – Windows Graphics Component Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Wed, 12 Mai 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-internet-explorer-microsoft-may-2021Zscaler protects against 3 new vulnerabilities for Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-windows-april-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the April 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary.
CVE-2021-28310 – Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
CVE-2021-28319 – Windows TCP/IP Driver Denial of Service Vulnerability
Severity: Important
Affected Software
Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
CVE-2021-28442 – Windows TCP/IP Information Disclosure Vulnerability
Severity: Important
Affected Software
Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Wed, 14 Apr 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-windows-april-2021Zscaler protects against 7 new vulnerabilities for Windows DirectX, Internet Explorer, Microsoft Exchange Server, Microsoft Graphics Component and Windows DNS Server.
https://www.zscaler.de/security-advisories/zscaler-protects-against-7-new-vulnerabilities-for-microsoft-windows-march-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 7 vulnerabilities included in the March 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the March release and deploy additional protections, as necessary. Zscaler has published an advisory last week regarding the coverage for exploits related to Microsoft Exchange Servers. Zscaler has also published a blog on how to Disrupt the Microsoft Exchange Attacks with Zero Trust Architecture.
CVE-2021-24095 – DirectX Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
CVE-2021-26411 – Internet Explorer Memory Corruption Vulnerability
Severity: Critical
Affected Software
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems
Internet Explorer 11 on Windows Server 2019
Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems
Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems
Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 20H2 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 20H2 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 20H2 for ARM64-based Systems
Internet Explorer 11 on Windows 10 for 32-bit Systems
Internet Explorer 11 on Windows 10 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1
Internet Explorer 11 on Windows 8.1 for 32-bit systems
Internet Explorer 11 on Windows 8.1 for x64-based systems
Internet Explorer 11 on Windows RT 8.1
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Internet Explorer 11 on Windows Server 2012
Internet Explorer 11 on Windows Server 2012 R2
Internet Explorer 11 on Windows Server 2016
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems.
Microsoft Edge (EdgeHTML-based) on Windows Server 2019
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for 32-bit Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for ARM64-based Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for x64-based Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 20H2 for x64-based Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 20H2 for 32-bit Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 20H2 for ARM64-based Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems.
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems.
Microsoft Edge (EdgeHTML-based) on Windows Server 2016
CVE-2021-26855 – Microsoft Exchange Server Remote Code Execution Vulnerability
Severity: Critical
Affected Software
Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 7
Microsoft Exchange Server 2016 Cumulative Update 18
CVE-2021-26863 – Windows Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
CVE-2021-26868 – Windows Graphics Component Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
CVE-2021-26877 – Windows DNS Server Remote Code Execution Vulnerability
Severity: Important
Affected Software
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
CVE-2021-26897 – Windows DNS Server Remote Code Execution Vulnerability
Severity: Critical
Affected Software
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Wed, 10 März 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-7-new-vulnerabilities-for-microsoft-windows-march-2021Zscaler protects against 4 new vulnerabilities for Microsoft Windows and Microsoft Office SharePoint
https://www.zscaler.de/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-microsoft-windows-february-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 4 vulnerabilities included in the February 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections, as necessary.
CVE-2021-1698 – Windows Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
CVE-2021-1732 – Windows Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
CVE-2021-24072 – Microsoft SharePoint Server Remote Code Execution Vulnerability
Severity: Important
Affected Software
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Foundation 2013 Service Pack 1
CVE-2021-24078 – Windows DNS Server Remote Code Execution Vulnerability
Severity: Critical
Affected Software
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
Windows Server, version 20H2 (Server Core Installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Wed, 10 Feb 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-microsoft-windows-february-2021Zscaler protects against 13 new vulnerabilities for Adobe Acrobat and Reader
https://www.zscaler.de/security-advisories/zscaler-protects-against-13-new-adobe-vulnerabilities-february-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 13 vulnerabilities included in the February 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections, as necessary.
APSB21-09 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Affected Software
Acrobat DC Continuous 2020.013.20074 and earlier versions for Windows & macOS
Acrobat Reader DC Continuous 2020.013.20074 and earlier versions for Windows & macOS
Acrobat 2020 Classic 2020 2020.001.30018 and earlier versions for Windows & macOS
Acrobat Reader 2020 Classic 2020 2020.001.30018 and earlier versions for Windows & macOS
Acrobat 2017 Classic 2017 2017.011.30188 and earlier versions for Windows & macOS
Acrobat Reader 2017 Classic 2017 2017.011.30188 and earlier versions for Windows & macOS
CVE-2021-21017 – Heap-based Buffer Overflow leading to Arbitrary code execution.
Severity: Critical
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
CVE-2021-21021 – Use After Free leading to Arbitrary code execution.
Severity: Critical
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
CVE-2021-21028 – Use After Free leading to Arbitrary code execution.
Severity: Critical
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
CVE-2021-21035 – Use After Free leading to Arbitrary code execution.
Severity: Critical
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
CVE-2021-21039 – Use After Free leading to Arbitrary code execution.
Severity: Critical
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
CVE-2021-21040 – Use After Free leading to Arbitrary code execution.
Severity: Critical
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
CVE-2021-21041 – Use After Free leading to Arbitrary code execution.
Severity: Critical
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
CVE-2021-21042 – Out-of-bounds Read leading to Privilege escalation.
Severity: Important
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
CVE-2021-21057 – NULL Pointer Dereference leading to Information Disclosure.
Severity: Important
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
CVE-2021-21058 – Buffer overflow leading to Arbitrary code execution.
Severity: Critical
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
CVE-2021-21059 – Buffer overflow leading to Arbitrary code execution.
Severity: Critical
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
CVE-2021-21062 – Buffer overflow leading to Arbitrary code execution.
Severity: Critical
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
CVE-2021-21063 – Buffer overflow leading to Arbitrary code execution.
Severity: Critical
Subscriptions Required
Advanced Threat Protection
Advanced Cloud Sandbox
Tue, 09 Feb 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-13-new-adobe-vulnerabilities-february-2021Zscaler protects against 3 new vulnerabilities for Microsoft Defender, Microsoft SharePoint, and Microsoft Windows.
https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-microsoft-windows-january-2021
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the January 2021 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary.
CVE-2021-1647 – Microsoft Defender Remote Code Execution Vulnerability
Severity: Critical
Affected Software
Microsoft System Center Endpoint Protection
Microsoft System Center 2012 R2 Endpoint Protection
Microsoft Security Essentials
Microsoft System Center 2012 Endpoint Protection
Windows Defender on Windows 10 Version 1803 for 32-bit Systems
Windows Defender on Windows 10 Version 1803 for x64-based Systems
Windows Defender on Windows 10 Version 1803 for ARM64-based Systems
Windows Defender on Windows 10 Version 1809 for 32-bit Systems
Windows Defender on Windows 10 Version 1809 for x64-based Systems
Windows Defender on Windows 10 Version 1809 for ARM64-based Systems
Windows Defender on Windows Server 2019
Windows Defender on Windows Server 2019 (Server Core installation)
Windows Defender on Windows 10 Version 1909 for 32-bit Systems
Windows Defender on Windows 10 Version 1909 for x64-based Systems
Windows Defender on Windows 10 Version 1909 for ARM64-based Systems
Windows Defender on Windows Server, version 1909 (Server Core installation)
Windows Defender on Windows 10 Version 1903 for 32-bit Systems
Windows Defender on Windows 10 Version 1903 for x64-based Systems
Windows Defender on Windows 10 Version 1903 for ARM64-based Systems
Windows Defender on Windows Server, version 1903 (Server Core installation)
Windows Defender on Windows 10 Version 2004 for 32-bit Systems
Windows Defender on Windows 10 Version 2004 for ARM64-based Systems
Windows Defender on Windows 10 Version 2004 for x64-based Systems
Windows Defender on Windows Server, version 2004 (Server Core installation)
Windows Defender on Windows 10 Version 20H2 for x64-based Systems
Windows Defender on Windows 10 Version 20H2 for 32-bit Systems
Windows Defender on Windows 10 Version 20H2 for ARM64-based Systems
Windows Defender on Windows Server, version 20H2 (Server Core Installation)
Windows Defender on Windows 10 for 32-bit Systems
Windows Defender on Windows 10 for x64-based Systems
Windows Defender on Windows 10 Version 1607 for 32-bit Systems
Windows Defender on Windows 10 Version 1607 for x64-based Systems
Windows Defender on Windows Server 2016
Windows Defender on Windows Server 2016 (Server Core installation)
Windows Defender on Windows 7 for 32-bit Systems Service Pack 1
Windows Defender on Windows 7 for x64-based Systems Service Pack 1
Windows Defender on Windows 8.1 for 32-bit systems
Windows Defender on Windows 8.1 for x64-based systems
Windows Defender on Windows RT 8.1
Windows Defender on Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Defender on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Defender on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Defender on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Defender on Windows Server 2012
Windows Defender on Windows Server 2012 (Server Core installation)
Windows Defender on Windows Server 2012 R2
Windows Defender on Windows Server 2012 R2 (Server Core installation)
CVE-2021-1707 – Microsoft SharePoint Server Remote Code Execution Vulnerability
Severity: Important
Affected Software
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Foundation 2013 Service Pack 1
CVE-2021-1709 – Windows Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Tue, 12 Jan 2021 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-microsoft-windows-january-2021Zscaler protects against 2 new vulnerabilities for Microsoft Windows.
https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-microsoft-windows-december-2020
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the December 2020 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the December release and deploy additional protections, as necessary.
CVE-2020-17144 – Microsoft Exchange Remote Code Execution Vulnerability
Severity: Important
Affected Software
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 31
A remote code execution vulnerability exists in Microsoft Exchange server. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.
CVE-2020-17096 – Windows NTFS Remote Code Execution Vulnerability
Severity: Important
Affected Software
Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows RT 8.1
Windows 8.1 for x64based systems
Windows 8.1 for 32bit systems
Windows 10 for x64based Systems
Windows 10 for 32bit Systems
Windows 10 Version 20H2 for x64based Systems
Windows 10 Version 20H2 for ARM64based Systems
Windows 10 Version 20H2 for 32bit Systems
Windows 10 Version 2004 for x64based Systems
Windows 10 Version 2004 for ARM64based Systems
Windows 10 Version 2004 for 32bit Systems
Windows 10 Version 1909 for x64based Systems
Windows 10 Version 1909 for ARM64based Systems
Windows 10 Version 1909 for 32bit Systems
Windows 10 Version 1903 for x64based Systems
Windows 10 Version 1903 for ARM64based Systems
Windows 10 Version 1903 for 32bit Systems
Windows 10 Version 1809 for x64based Systems
Windows 10 Version 1809 for ARM64based Systems
Windows 10 Version 1809 for 32bit Systems
Windows 10 Version 1803 for x64based Systems
Windows 10 Version 1803 for ARM64based Systems
Windows 10 Version 1803 for 32bit Systems
Windows 10 Version 1607 for x64based Systems
Windows 10 Version 1607 for 32bit Systems
An elevation of privilege vulnerability exists in Windows NTFS system. A local attacker could run a specially crafted application that would elevate the attacker's privileges. A remote attacker with SMBv2 access to a vulnerable system could send specially crafted requests over a network to exploit this vulnerability and execute code on the target system.
Tue, 08 Dez 2020 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-2-new-vulnerabilities-microsoft-windows-december-2020Zscaler protects against 9 new vulnerabilities for Microsoft Windows.
https://www.zscaler.de/security-advisories/zscaler-protects-against-9-new-vulnerabilities-microsoft-windows-november-2020
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 9 vulnerabilities included in the November 2020 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections, as necessary.
CVE-2020-17061 – Microsoft SharePoint Remote Code Execution Vulnerability
Severity: Important
Affected Software
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016
A remote code execution vulnerability exists in Microsoft SharePoint Service. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.
CVE-2020-17057 – Windows Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server, version 1903 (Server Core installation)
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
An elevation of privilege vulnerability exists in Windows. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE-2020-17051 – Windows Network File System Remote Code Execution Vulnerability
Severity: Critical
Affected Software
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server, version 1903 (Server Core installation)
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
A remote code execution vulnerability exists in Windows Network File System. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.
CVE-2020-17053 – Internet Explorer Memory Corruption Vulnerability
Severity: Critical
Affected Software
Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems
Internet Explorer 11 on Windows Server 2019
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 20H2 for ARM64-based Systems
Internet Explorer 11 on Windows 10 Version 20H2 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 20H2 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems
Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems
A memory corruption vulnerability exists in the way Internet Explorer handles objects in memory.
CVE-2020-17010 – Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
An elevation of privilege vulnerability exists in Windows. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE-2020-17038 – Win32k Elevation of Privilege Vulnerability
Severity: Critical
Affected Software
Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
An elevation of privilege vulnerability exists in Windows. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE-2020-16998 – DirectX Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE-2020-17087 – Windows Kernel Local Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
An elevation of privilege vulnerability exists in Windows. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE-2020-17047 – Windows Network File System Denial of Service Vulnerability
Severity: Important
Affected Software
Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
A denial of service vulnerability exists when the Windows NFS server. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding.
Tue, 10 Nov 2020 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-9-new-vulnerabilities-microsoft-windows-november-2020Zscaler protects against 4 new vulnerabilities for Microsoft Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-microsoft-windows-october-2020
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 4 vulnerabilities included in the October 2020 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary.
CVE-2020-16898 – Windows TCP/IP Remote Code Execution Vulnerability
Severity: Critical
Affected Software
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer.
CVE-2020-16899 – Windows TCP/IP Denial of Service Vulnerability
Severity: Important
Affected Software
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. The vulnerability would not allow an attacker to execute code or to elevate user rights directly.
CVE-2020-16907 – Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
CVE-2020-16913 – Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
Tue, 13 Okt 2020 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-4-new-vulnerabilities-for-microsoft-windows-october-2020Zscaler protects against 3 new vulnerabilities for Microsoft Windows
https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-microsoft-windows-september-2020
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 3 vulnerabilities included in the September 2020 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections, as necessary.
CVE-2020-0856 – Active Directory Information Disclosure Vulnerability
Severity: Important
Affected Software
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system. To exploit this condition, an authenticated attacker would need to send a specially crafted request to the AD|DNS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system.
CVE-2020-1152 – Windows Win32k Elevation of Privilege Vulnerability
Severity: Important
Affected Software
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.
CVE-2020-0664 – Active Directory Information Disclosure Vulnerability
Severity: Important
Affected Software
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system. To exploit this condition, an authenticated attacker would need to send a specially crafted request to the AD|DNS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system.
Thu, 10 Sept 2020 12:00:00 +0000[email protected]https://www.zscaler.de/security-advisories/zscaler-protects-against-3-new-vulnerabilities-for-microsoft-windows-september-2020