Microsoft Tuesday and Security Wrapup for November 2009

Microsoft Tuesday for November was lighter than previous months on average, especially compared to October 2009, which ended up with 13 bulletins and 34 vulnerabilities disclosed.  Several bulletins were disclosed for both client and server side vulnerabilities.  There were three critical bulletins with five vulnerabilities and another three important bulletins with 10 vulnerabilities, bringing the total to six bulletins and 15 vulnerabilities. 

Our DVLabs security research team released coverage for all of the bulletins on November 11th moments after the bulletins were disclosed by Microsoft. Our own Cody Pierce is credited with disclosing a critical flaw in the License Logging service.  In addition, our Zero Day Initiative program is credited for responsibly disclosing two important vulnerabilities to Microsoft this month.

Overall, this month in the security world saw an average number of critical vulnerabilities disclosed by various vendors:

  • Oracle disclosed 38 vulnerabilities this month ranging from remote command execution vulnerabilities, denial of service issues, information disclosure vulnerabilities, SQL injection vulnerabilities, security restrictions bypass issues, and certain data manipulation errors.
  • Adobe disclosed five vulnerabilities for memory corruption errors, improper usage of invalid pointers and invalid index.
  • Sun disclosed 21 vulnerabilities in the Java Runtime Environment for arbitrary code execution issues, as well as denial-of-service and security restriction bypass flaws.
  • Mozilla disclosed 10 vulnerabilities in Firefox and SeaMonkey for flaws resulting in a security restriction bypass, sensitive information access and arbitrary code execution.
  • Opera disclosed two vulnerabilities in their popular Web browser for flaws resulting in a security restriction bypass, sensitive information access and arbitrary code execution.

Stay tuned for an update next month on Microsoft Tuesday and the state of vulnerability disclosures.

This entry was posted on Sunday, November 15th, 2009 at 12:59 PM and is filed under Microsoft Tuesday, Security Vulnerability Update, Vendor Vulnerability Disclosures. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.