{"id":14670,"date":"2016-06-14T13:15:15","date_gmt":"2016-06-14T20:15:15","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=14670"},"modified":"2016-06-14T13:14:48","modified_gmt":"2016-06-14T20:14:48","slug":"palo-alto-networks-researcher-discovers-3-new-critical-ie-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2016\/06\/palo-alto-networks-researcher-discovers-3-new-critical-ie-vulnerabilities\/","title":{"rendered":"Palo Alto Networks Researcher Discovers 3 New Critical IE Vulnerabilities"},"content":{"rendered":"<p class=\"p1\"><span class=\"s1\">Palo Alto Networks researcher Tao Yan is <a href=\"https:\/\/urldefense.proofpoint.com\/v2\/url?u=https-3A__technet.microsoft.com_library_security_mt674627.aspx&amp;d=CwMGaQ&amp;c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&amp;r=zxiJ4lKi_yqBlltsgmOrWP6wUpF41KhDygsr86C9Pn4&amp;m=hgy0pHrbP5StOXXkdBvtf2rpF4CVnIsrRFtDNRkb7oM&amp;s=uynQ1iHCIWlJ9y0Mz5-St9lBDMHAKN0Wt07Qqq_f1TI&amp;e=\" rel=\"nofollow,noopener\" ><span class=\"s2\">credited with the discovery<\/span><\/a> of three new critical Microsoft vulnerabilities in <a href=\"https:\/\/urldefense.proofpoint.com\/v2\/url?u=https-3A__technet.microsoft.com_en-2Dus_library_security_mt733206.aspx&amp;d=CwMGaQ&amp;c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&amp;r=zxiJ4lKi_yqBlltsgmOrWP6wUpF41KhDygsr86C9Pn4&amp;m=hgy0pHrbP5StOXXkdBvtf2rpF4CVnIsrRFtDNRkb7oM&amp;s=6TvYXnyXVAe_r8RLvv-Uwei2PGeqcs-5Sz-osyHly-Y&amp;e=\" rel=\"nofollow,noopener\" ><span class=\"s2\">June\u2018s bulletin<\/span><\/a> -- <a href=\"https:\/\/urldefense.proofpoint.com\/v2\/url?u=http-3A__www.cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2016-2D3205&amp;d=CwMGaQ&amp;c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&amp;r=zxiJ4lKi_yqBlltsgmOrWP6wUpF41KhDygsr86C9Pn4&amp;m=hgy0pHrbP5StOXXkdBvtf2rpF4CVnIsrRFtDNRkb7oM&amp;s=QO3o7_95_KeZTYpzyRNkVuyGa6atPpPfMoz4AGfAQ4E&amp;e=\" rel=\"nofollow,noopener\" ><span class=\"s2\">CVE-2016-3205<\/span><\/a>, <a href=\"https:\/\/urldefense.proofpoint.com\/v2\/url?u=http-3A__www.cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2016-2D3206&amp;d=CwMGaQ&amp;c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&amp;r=zxiJ4lKi_yqBlltsgmOrWP6wUpF41KhDygsr86C9Pn4&amp;m=hgy0pHrbP5StOXXkdBvtf2rpF4CVnIsrRFtDNRkb7oM&amp;s=YcRRH5dV2izZ0VQb7yMB0Kq4AT6K22jWfIV16YYZLoI&amp;e=\" rel=\"nofollow,noopener\" ><span class=\"s2\">CVE-2016-3206<\/span><\/a> and <a href=\"https:\/\/urldefense.proofpoint.com\/v2\/url?u=http-3A__www.cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2016-2D3207&amp;d=CwMGaQ&amp;c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&amp;r=zxiJ4lKi_yqBlltsgmOrWP6wUpF41KhDygsr86C9Pn4&amp;m=hgy0pHrbP5StOXXkdBvtf2rpF4CVnIsrRFtDNRkb7oM&amp;s=U4l6qXjjFl1I9R0drFAu3bMp56v-g6PWlt1a-GwVCRs&amp;e=\" rel=\"nofollow,noopener\" ><span class=\"s2\">CVE-2016-3207<\/span><\/a> -- affecting VBScript engine versions 5.7 and 5.8. These vulnerabilities are documented in <a href=\"https:\/\/urldefense.proofpoint.com\/v2\/url?u=https-3A__technet.microsoft.com_library_security_MS16-2D069&amp;d=CwMGaQ&amp;c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&amp;r=zxiJ4lKi_yqBlltsgmOrWP6wUpF41KhDygsr86C9Pn4&amp;m=hgy0pHrbP5StOXXkdBvtf2rpF4CVnIsrRFtDNRkb7oM&amp;s=EmxjuK-E4tZMzE_j5QbpROttOTXpvK2xFxWvulQyfsI&amp;e=\" rel=\"nofollow,noopener\" ><span class=\"s2\">Microsoft Security Bulletin MS16-069<\/span><\/a>\u00a0 and <a href=\"https:\/\/urldefense.proofpoint.com\/v2\/url?u=https-3A__technet.microsoft.com_library_security_MS16-2D063&amp;d=CwMGaQ&amp;c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&amp;r=zxiJ4lKi_yqBlltsgmOrWP6wUpF41KhDygsr86C9Pn4&amp;m=hgy0pHrbP5StOXXkdBvtf2rpF4CVnIsrRFtDNRkb7oM&amp;s=91iPqdbnwzmpRic6VKMOgdMbTyJAd1HWlq_GSymVcbA&amp;e=\" rel=\"nofollow,noopener\" ><span class=\"s2\">MS16-063<\/span><\/a>.<\/span><!--more--><\/p>\n<p class=\"p1\"><span class=\"s1\">In our continued commitment to the security research community, these vulnerabilities were disclosed to Microsoft through our participation in the Microsoft Active Protections Program (MAPP) program, which ensures the timely, responsible disclosure of new vulnerabilities and creation of protections from security vendors.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">For current customers <\/span><span class=\"s3\">with a Threat Prevention subscription<\/span><span class=\"s1\">, Palo Alto Networks has also released <\/span><span class=\"s3\">IPS<\/span><span class=\"s1\"> signatures <\/span><span class=\"s3\">providing proactive protection for these<\/span><span class=\"s1\"> vulnerabilities.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Palo Alto Networks is a regular contributor to vulnerability research and has discovered more than 100 critical vulnerabilities over the past two years in the Microsoft, Apple, Android and other ecosystems. By proactively identifying these vulnerabilities, developing protections for our customers, and sharing them with Microsoft for patching, we are removing weapons used by attackers to compromise enterprise, government and service provider networks.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Palo Alto Networks researcher Tao Yan is credited with the discovery of three new critical Microsoft vulnerabilities in June\u2018s bulletin -- CVE-2016-3205, CVE-2016-3206 and CVE-2016-3207 -- affecting VBScript engine versions 5.7 and &hellip;<\/p>\n","protected":false},"author":65,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[155,35],"tags":[2118,2121,2124,46,2115,515],"coauthors":[704],"class_list":["post-14670","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-2","category-threat-advisories-advisories","tag-cve-2016-3205","tag-cve-2016-3206","tag-cve-2016-3207","tag-microsoft","tag-microsoft-active-protections-program","tag-vulnerabilities"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/14670","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=14670"}],"version-history":[{"count":1,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/14670\/revisions"}],"predecessor-version":[{"id":14673,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/14670\/revisions\/14673"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=14670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=14670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=14670"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=14670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}