How to check whether Palo Alto Networks can create a signature against the vulnerabilities of Microsoft's products

How to check whether Palo Alto Networks can create a signature against the vulnerabilities of Microsoft's products

615
Created On 10/21/25 07:30 AM - Last Modified 12/15/25 07:03 AM


Symptom


Microsoft periodically publishes their vulnerability information.
For example, the following is a page about the vulnerabilities published in Oct 2025.

 

October 2025 Security Updates
https://msrc.microsoft.com/update-guide/releaseNote/2025-Oct

 

Customer wants to know if Palo Alto Networks releases vulnerability signatures for each Microsoft vulnerabilities.

Environment


* NGFW

Cause


N/A

Resolution


The most generic guideline about the signature creation is described in the following KB.

 

In case of Microsoft vulnerabilities, the value "Publicly disclosed" is "No" almost always.
However, the values "Exploited" or "Exploitability assessment" are case by case.
Please read the following page about the detail of these values.

 

Microsoft Exploitability Index:
https://www.microsoft.com/en-us/msrc/exploitability-index

  • 0 – Exploitation Detected
  • 1 – Exploitation More Likely
  • 2 – Exploitation Less Likely
  • 3 – Exploitation Unlikely

 

Only the value "Exploitation Detected" means that this vulnerability has been used as an attack target.
Other values mean that there is a possibility to be exploited.

 

  • (0) Exploitation Detected

Somebody used this vulnerability for attack. So the PoC is likely to be found somewhere.
Please note that this does not mean that anyone can find the PoC easily.

 

  • (1 ~ 3) Exploitation More Likely and others

Microsoft is not aware of the PoC or exploit code at the time when the advisory is published at least. (Please note that the PoC might be found in the future.)
From our perspective, we can not create a signature without finding the PoC by ourselves.

 

If the CVE's Exploitability is not "Exploitation Detected" and if the PoC is not found, it is highly unlikely Palo Alto Networks can create a signature even if the signature is requested through a support case.

 

 

Here is an example of where a signature was created.

 

This CVE was declared as "Exploited: Yes" and "Exploitability assessment: Exploitation Detected".
Thus, Palo Alto Networks could create a signature against this CVE.

https://threatvault.paloaltonetworks.com?query=CVE-2025-53770

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000fyMsKAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail