Palo Alto Networks researchers discovered 15 new critical Internet Explorer (IE) vulnerabilities covering IE versions 6, 7, 8, 9, 10 and 11.
Each of these discoveries allows full remote code execution using memory corruption vulnerabilities in IE. They have been documented in Microsoft Security Bulletin MS14-052 and part of the September 2014 Security Bulletin. Palo Alto Networks researcher Bo Qu is credited with these 15 vulnerabilities.
Palo Alto Networks customers are protected from these vulnerabilities through our regular Vulnerability Protection updates, and we recommend Internet Explorer users upgrade to the latest patch from Microsoft.
In our continuing commitment to the security research community, these vulnerabilities were disclosed to Microsoft through our participation in the Microsoft Active Protections Program (MAPP) program, which ensures the timely, responsible disclosure of new vulnerabilities and creation of protections from security vendors.
Throughout 2014, Palo Alto Networks has discovered many critical Internet Explorer vulnerabilities, including 3 in August 2014, 10 in July 2014, 22 in June 2014 (revised from 21) and four in February 2014.
By proactively identifying these vulnerabilities, developing protections for our customers, and sharing them with Microsoft for patching, we are removing one weapon used by Advanced Persistent Threats to compromise enterprise networks.
If you are interested in hearing more about how our team discovers so many IE vulnerabilities, Bo Qu and Royce Lu will be presenting on that subject at at Black Hat Europe 2014 next month.