Palo Alto Networks Researchers Discover Two Critical Internet Explorer Vulnerabilities

Palo Alto Networks researchers discovered two new critical Internet Explorer (IE) vulnerabilities affecting IE versions 9, 10, and 11. Both are included in Microsoft’s July 2016 Security Bulletin, and documented in Microsoft Security Bulletin MS16-084. In our continued commitment to the security research community, these vulnerabilities were disclosed to Microsoft through our participation in the Microsoft Active Protections Program

Palo Alto Networks Researcher Discovers Critical IE Vulnerability

Palo Alto Networks researcher Hui Gao was credited with the discovery of a new critical Microsoft vulnerability affecting Internet Explorer (IE) versions 9, 10 and 11. This vulnerability is covered in Microsoft’s March 2016 Security Bulletin and documented in Microsoft Security Bulletin MS16-023.

Palo Alto Networks Researchers Discover Critical Vulnerabilities in Internet Explorer and Microsoft Edge

Palo Alto Networks researchers Bo Qu and Hui Gao were credited with the discovery of three new critical Microsoft vulnerabilities affecting Internet Explorer (IE) versions 7, 8, 9, 10 and 11 and Microsoft Edge. These vulnerabilities are covered in Microsoft’s December 2015 Security Bulletin and documented in Microsoft Security Bulletins MS15-125 and MS15-124. 

Palo Alto Networks Researcher Discovers Critical Vulnerabilities in Internet Explorer and Microsoft Edge

Palo Alto Networks researcher Bo Qu was credited with discovery of six new critical Microsoft vulnerabilities affecting Internet Explorer (IE) versions 7, 8, 9, 10 and 11 and Microsoft Edge. These vulnerabilities are covered in Microsoft’s November 2015 Security Bulletin and documented in Microsoft Security Bulletins MS15-112 and MS15-113. In our continuing commitment to the security

Palo Alto Networks Researcher Discovers Critical IE Vulnerability

Palo Alto Networks researcher Hui Gao was credited with discovery of a new critical Internet Explorer (IE) vulnerability affecting IE versions 6, 7, 8, 9, 10 and 11. CVE-2015-2548 is included in Microsoft’s October 2015 Security Bulletin and documented in Microsoft Security Bulletin MS15-109.

Palo Alto Networks Researchers Discover Critical Vulnerabilities in Internet Explorer and Adobe Shockwave Player

Palo Alto Networks researchers have been credited with discovery of new vulnerabilities affecting Adobe Shockwave Player and Microsoft Internet Explorer. Palo Alto Networks researcher Tongbo Luo discovered a critical vulnerability in Adobe Shockwave Player affecting Shockwave versions 12.1.9.160 and earlier for Windows. The vulnerability and upgrade instructions are detailed by Adobe in a Security Bulletin

Palo Alto Networks Researcher Discovers 3 Critical Internet Explorer Vulnerabilities

Palo Alto Networks researcher Bo Qu discovered three new critical Internet Explorer (IE) vulnerabilities affecting IE versions 6, 7, 8, 9, 10 and 11. All three are included in Microsoft’s June 2015 Security Bulletin, and documented in Microsoft Security Bulletin MS15-056. In our continuing commitment to the security research community, these vulnerabilities were disclosed to Microsoft through our

DTLS Vulnerabilities in CVE-2014-6321

Microsoft recently released a patch for a critical vulnerability in Microsoft Secure Channel (aka Schannel).  This vulnerability is being referred to as MS14-066.  The patch addressing CVE-2014-6321 fixed many areas within schannel.dll, including at least two vulnerabilities related to the handling of the Datagram Transport Layer Security (DTLS) protocol. DTLS is used by Microsoft Remote

Code to Trigger MS14-066 ECDSA Server BOF Vulnerability

Microsoft recently released a patch for a critical vulnerability in Microsoft Secure Channel (aka Schannel).  This vulnerability is being referred to as MS14-066. A description of how to trigger the MS14-066 ECDSA Heap Buffer Overflow vulnerability was posted by BeyondTrust, which also explained the research method used in narrowing down where this vulnerability presented itself. 

Palo Alto Networks Identifies 3 Critical Internet Explorer Vulnerabilities

Palo Alto Networks researcher Bo Qu discovered three new critical Internet Explorer (IE) vulnerabilities impacting IE versions 8, 9, 10 and 11. The discoveries include two IE Memory Corruption Vulnerability and an IE ASLR Bypass Vulnerability. All three are part of the November 2014 Security Bulletin and documented in Microsoft Security Bulletin MS14-065. 

Super Tuesday: A Patch Tuesday We Won’t Forget

Sometimes “Patch Tuesday” comes and goes with little excitement or fanfare; yesterday was not one of those days. In just one day, Oracle released patches for 154 new vulnerabilities, Adobe issued updates for Flash and ColdFusion, and Microsoft released 24 patches of their own. On top of the sheer volume of patches, we learned that