As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 researchers have discovered four vulnerabilities addressed by the Microsoft Security Response Center as part of their November 2017 security update release.
|CVE||Vulnerability Name||Affected Products||Maximum Severity Rating||Impact||Researcher(s)|
|CVE-2017-11855||Internet Explorer Memory Corruption Vulnerability||Internet Explorer 9, 10, 11||Critical||Remote Code Execution (RCE)||Hui Gao|
|CVE-2017-11856||Internet Explorer Memory Corruption Vulnerability||Internet Explorer 11||Critical||Remote Code Execution (RCE)||Hui Gao and Zhanglin He|
|CVE-2017-11791||Scripting Engine Information Disclosure Vulnerability||Internet Explorer 9, 10, 11; Microsoft Edge||Important||Information Disclosure||Hui Gao|
|CVE-2017-11834||Scripting Engine Information Disclosure Vulnerability||Internet Explorer 9, 10, 11||Important||Information Disclosure||Hui Gao|
For current customers with a Threat Prevention subscription, Palo Alto Networks has also released IPS signatures providing proactive protection from these vulnerabilities. Traps, Palo Alto Networks advanced endpoint solution, can block memory corruption based exploits of this nature.
Palo Alto Networks is a regular contributor to vulnerability research in Microsoft, Adobe, Apple, Google Android and other ecosystems. By proactively identifying these vulnerabilities, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users, and compromise enterprise, government, and service provider networks.