Palo Alto Networks researcher Tao Yan is credited with the discovery of three new critical Microsoft vulnerabilities in June‘s bulletin — CVE-2016-3205, CVE-2016-3206 and CVE-2016-3207 — affecting VBScript engine versions 5.7 and 5.8. These vulnerabilities are documented in Microsoft Security Bulletin MS16-069 and MS16-063.
In our continued commitment to the security research community, these vulnerabilities were disclosed to Microsoft through our participation in the Microsoft Active Protections Program (MAPP) program, which ensures the timely, responsible disclosure of new vulnerabilities and creation of protections from security vendors.
For current customers with a Threat Prevention subscription, Palo Alto Networks has also released IPS signatures providing proactive protection for these vulnerabilities.
Palo Alto Networks is a regular contributor to vulnerability research and has discovered more than 100 critical vulnerabilities over the past two years in the Microsoft, Apple, Android and other ecosystems. By proactively identifying these vulnerabilities, developing protections for our customers, and sharing them with Microsoft for patching, we are removing weapons used by attackers to compromise enterprise, government and service provider networks.