Palo Alto Networks Unit 42 Vulnerability Research November 2017 Disclosures

As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 researchers have discovered four vulnerabilities addressed by the Microsoft Security Response Center as part of their November 2017 security update release.

CVE Vulnerability Name Affected Products Maximum Severity Rating Impact Researcher(s)
CVE-2017-11855 Internet Explorer Memory Corruption Vulnerability Internet Explorer 9, 10, 11 Critical Remote Code Execution (RCE)  Hui Gao
CVE-2017-11856 Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Critical Remote Code Execution (RCE)  Hui Gao and Zhanglin He
CVE-2017-11791 Scripting Engine Information Disclosure Vulnerability Internet Explorer 9, 10, 11; Microsoft Edge Important Information Disclosure  Hui Gao
CVE-2017-11834 Scripting Engine Information Disclosure Vulnerability Internet Explorer 9, 10, 11 Important Information Disclosure  Hui Gao

 

For current customers with a Threat Prevention subscription, Palo Alto Networks has also released IPS signatures providing proactive protection from these vulnerabilities. Traps, Palo Alto Networks advanced endpoint solution, can block memory corruption based exploits of this nature.

Palo Alto Networks is a regular contributor to vulnerability research in Microsoft, Adobe, Apple, Google Android and other ecosystems. By proactively identifying these vulnerabilities, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users, and compromise enterprise, government, and service provider networks.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS