Palo Alto Networks researcher Bo Qu was credited with discovery of six new critical Microsoft vulnerabilities affecting Internet Explorer (IE) versions 7, 8, 9, 10 and 11 and Microsoft Edge. These vulnerabilities are covered in Microsoft’s November 2015 Security Bulletin and documented in Microsoft Security Bulletins MS15-112 and MS15-113.
In our continuing commitment to the security research community, these vulnerabilities were disclosed to Microsoft through our participation in the Microsoft Active Protections Program (MAPP) program, which ensures the timely, responsible disclosure of new vulnerabilities and creation of protections from security vendors.
Palo Alto Networks is a regular contributor to vulnerability research. Previous critical Microsoft vulnerability discoveries from the past 18 months included:
- 1 in October
- 3 in September
- 1 in August
- 3 in July (revised from 2)
- 3 in June
- 3 in May
- 1 in March
- 5 in February (revised from 3)
- 3 in November 2014
- 1 in October 2014
- 15 in September 2014
- 3 in August 2014
- 10 in July 2014
- 22 in June 2014 (revised from 21)
By proactively identifying these vulnerabilities, developing protections for our customers, and sharing them with Microsoft for patching, we are removing weapons used by attackers to compromise enterprise, government and service provider networks.