Palo Alto Networks Discovers Critical Vulnerabilities Addressed In Week's Microsoft Security Bulletin

Threat Research Team discovered three vulnerabilities, two of which Microsoft rated as 'critical'

October 14, 2009

SUNNYVALE, Calif., Oct. 13, 2009 " Palo Alto Networks, the leader in next-generation firewalls, today announced that its Threat Research Team discovered three vulnerabilities, two of which are rated as "critical," that Microsoft has published in its Patch Tuesday security bulletin today. Vulnerable systems are susceptible to an attacker taking complete control of them.

Microsoft credits Palo Alto Networks' Threat Research Team for identifying the following three vulnerabilities published today. All threats allow a successful attacker to execute code remotely, and take complete control of the vulnerable system.

WMP Heap Overflow Vulnerability (Critical; MS09-052, CVE-2009-2527). An attacker could exploit the vulnerability by constructing a specially crafted ASF file that could allow remote code execution when played using Windows Media Player 6.4.

GDI+ WMF Integer Overflow Vulnerability (Critical; MS09-062, CVE-2009-2500). The vulnerability could allow remote code execution if a user opens a specially crafted WMF image file or browses to a Web site that contains specially crafted content.

Memory Corruption in Indexing Service Vulnerability (Important; MS09-057, CVE-2009-2507). The vulnerability could allow remote code execution if an attacker set up a malicious Web page that invokes the Indexing Service through a call to its ActiveX component.

The Palo Alto Networks Threat Research Team is active in the research community, aggressively pursuing both new vulnerability research and mitigation of all types of threats. Leveraging its expert understanding of today's applications, threats and how vulnerabilities get exploited, the team is a consistent contributor in support of Microsoft's Patch Tuesday releases, including discovering six Microsoft vulnerabilities in the past six months.

Enterprises using legacy security technology increasingly lack visibility into and control of application traffic. Palo Alto Networks' next-generation firewalls are unique in the industry in their ability to see and control applications, users and content " not just ports, IP addresses and packets. Traditional port-blocking firewalls do not have the content intelligence to identify application vulnerabilities such as these, which attackers could exploit to take complete control of affected systems.

About Palo Alto Networks Palo Alto Networks is the leader in next-generation firewalls, enabling unprecedented visibility and granular policy control of applications and content " by user, not just IP address " at up to 10Gbps with no performance degradation. Based on patent-pending App-ID technology, Palo Alto Networks firewalls accurately identify and control applications " regardless of port, protocol, evasive tactic or SSL encryption " and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. For more information, please visit www.paloaltonetworks.com.