Palo Alto Networks researchers discovered 10 new critical Internet Explorer (IE) vulnerabilities covering IE versions 6, 7, 8, 9, 10 and 11.
Each of these discoveries allows full remote code execution using a memory corruption vulnerability in IE. They have been documented in Microsoft Security Bulletin MS14-037 and part of the July 2014 Security Bulletin. Palo Alto Networks researcher Bo Qu is credited with 8 vulnerabilities, and Palo Alto Networks researchers Hui Gao and Royce Lu are each credited with one.
Palo Alto Networks customers are protected from these vulnerabilities through our regular Vulnerability Protection updates, and we recommend Internet Explorer users upgrade to the latest patch from Microsoft.
In our continuing commitment to the security research community, these vulnerabilities were disclosed to Microsoft through our participation in the Microsoft Active Protections Program (MAPP) program, which ensures the timely, responsible disclosure of new vulnerabilities and creation of protections from security vendors.
In the past six months, Palo Alto Networks has discovered many critical Internet Explorer vulnerabilities, including 22 in June 2014 (revised from 21), four in February 2014, one in December 2013, and three in November 2013.
By proactively identifying these vulnerabilities, developing protections for our customers, and sharing them with Microsoft for patching, we are removing one weapon used by Advanced Persistent Threats to compromise enterprise networks.
You can also read an eWeek article covering today’s Patch Tuesday news.