Palo Alto Networks Identifies 3 Critical Internet Explorer Vulnerabilities

Palo Alto Networks researcher Bo Qu discovered three new critical Internet Explorer (IE) vulnerabilities impacting IE versions 8, 9, 10 and 11. The discoveries include two IE Memory Corruption Vulnerability and an IE ASLR Bypass Vulnerability. All three are part of the November 2014 Security Bulletin and documented in Microsoft Security Bulletin MS14-065

In our continuing commitment to the security research community, these vulnerabilities were disclosed to Microsoft through our participation in the Microsoft Active Protections Program (MAPP), which ensures the timely, responsible disclosure of new vulnerabilities and creation of protections from security vendors.

Throughout 2014, Palo Alto Networks has discovered many critical Internet Explorer vulnerabilities, including one in October 201415 in September 2014,  three in August 201410 in July 2014, and 22 in June 2014 (revised from 21).

By proactively identifying these vulnerabilities, developing protections for our customers, and sharing them with Microsoft for patching, we are removing one weapon used by Advanced Persistent Threats to compromise enterprise networks.