Security Advisory - April 09, 2013

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following 2 vulnerabilities included in the April 2013 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the March release and deploy additional protections as necessary.

MS13-029 – Vulnerability in Remote Desktop Client Could Allow Remote Code Execution

Severity: Critical

Affected Software

• Microsoft XP
• Microsoft Server 2003
• Windows Vista
• Windows Server 2008
• Windows 7

CVE-2013-1296 - RDP ActiveX Control Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists when the Remote Desktop ActiveX control, mstscax.dll, attempts to access an object in memory that has been deleted. An attacker could exploit the vulnerability by convincing the user to visit a specially crafted webpage. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

MS13-035 – Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege

Severity: Important
Affected Software

• Microsoft InfoPath 2010 Service Pack 1
• Microsoft Sharepoint Server 2010 Service Pack 1
• Microsoft Groove Server 2010 Service Pack 1
• Microsoft Sharepoint Foundation 2010 Service Pack 1
• Microsoft Office Web Apps 2010 Service Pack 1

CVE-2013-1289 - HTML Sanitization Vulnerability

Description: An elevation of privilege vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks on affected systems and run script in the security context of the current user.