Advanced Persistent Threats (APTs) and today’s sophisticated attackers require a deep understanding of how applications are actively exploited in the real world to compromise users and their networks. In order for attackers to exploit commonly used software, such as Microsoft Internet Explorer (IE), they must take advantage of vulnerabilities in the software itself. Once discovered, attackers can develop zero-day exploits against these vulnerabilities, which can bypass traditional security controls and carry the attack forward – escalating privileges, delivering malware, and much more.
Discovering these vulnerabilities can be a difficult and time-intensive process, often combining techniques such as fuzzing with application-specific knowledge, all to answer the basic question, “How would an attacker go about this?”
In addition to providing automated detection and prevention of known and unknown threats, Palo Alto Networks has a leading threat research team that proactively discovers new critical vulnerabilities in the common software our customers use.
Today our threat team has more discoveries to share. Palo Alto Networks researchers Bo Qu and Hui Gao have discovered 5 new critical vulnerabilities in Internet Explorer, which could allow attackers to remotely execute malicious code on a user’s systems through memory corruption vulnerabilities. These critical IE vulnerabilities have been documented in Microsoft Security Bulletin (MS14-012) and are part of the March 2014 Security Bulletin, also released today.
The discoveries:
- CVE-2014-0302: Critical memory corruption vulnerability in IE 6, 7 and 8.
- CVE-2014-0303: Critical memory corruption vulnerability in IE 6, 7 and 8.
- CVE-2014-0304: Critical memory corruption vulnerability in IE 11.
- CVE-2014-0314: Critical memory corruption vulnerability in IE 9 and 10.
- CVE-2014-0321: Critical memory corruption vulnerability in IE 10 and 11
In our continuing commitment to the security research community, these vulnerabilities were disclosed to Microsoft through our participation in the Microsoft Active Protections Program (MAPP) program, which ensures the timely, responsible disclosure of new vulnerabilities and creation of protections from security vendors.
Palo Alto Networks customers are protected from these vulnerabilities through our regular Vulnerability Protection updates, and we recommend Internet Explorer users upgrade to the latest patch from Microsoft.
In the past 6 months, Palo Alto Networks has discovered many critical Internet Explorer vulnerabilities, including four in February 2014, one in December 2013, and three in November 2013. By proactively identifying these vulnerabilities, developing protections for our customers, and sharing them with Microsoft for patching, we are removing one weapon used by Advanced Persistent Threats to compromise enterprise networks.