Palo Alto Networks researcher Bo Qu discovered a new critical Internet Explorer (IE) vulnerability impacting IE versions 6, 7, 8, 9 and 10. The vulnerability allows for full remote code execution using a memory corruption flaw. The vulnerability is documented in Microsoft Security Bulletin MS14-056 and is part of the October 2014 Security Bulletin.
In our continuing commitment to the security research community, these vulnerabilities were disclosed to Microsoft through our participation in the Microsoft Active Protections Program (MAPP), which ensures the timely, responsible disclosure of new vulnerabilities and creation of protections from security vendors.
Throughout 2014, Palo Alto Networks has discovered many critical Internet Explorer vulnerabilities, including 15 in September 2014, 3 in August 2014, 10 in July 2014, and 22 in June 2014 (revised from 21.)
By proactively identifying these vulnerabilities, developing protections for our customers, and sharing them with Microsoft for patching, we are removing one weapon used by Advanced Persistent Threats to compromise enterprise networks.
If you are interested in hearing more about how our team discovers so many IE vulnerabilities, Palo Alto networks researchers will be presenting on that subject at Black Hat Europe 2014 on Thursday, October 16.