navigation bar left navigation bar right

Secunia CSI7
navigation left tab About us navigation right tab
navigation left tab Careers navigation right tab
navigation left tab Memberships navigation right tab
navigation left tab Newsroom navigation right tab
navigation left tab Contact us navigation right tab

An Interesting Microsoft Tuesday

Get this blog as an RSS Feed
Microsoft only issued two security bulletins and an advisory, but the Microsoft Tuesday release was far from uneventful and boring.
16:24 CET on the 10th March 2010
Entry written by Carsten Eiram.

Microsoft only issued two security bulletins and an advisory, but the Microsoft Tuesday release was far from uneventful and boring.

The whole release started off in a rushed manner as a security site, which claims that it "follows a responsible disclosure policy", leaked technical details from the security bulletins hours ahead of time. This stunt forced others to publish information earlier than expected instead of waiting for the usual coordinated disclosure time.

It's very unfortunate when events like these occur as it could easily ruin the good relationships that have been created between researchers and software vendors like Microsoft where the parties are sharing information with each other more readily. We hope this occurrence won't cause Microsoft or other software vendors to have second thoughts and, hopefully, Microsoft will take proper measures to prevent such a leak from occurring again in the future.

One of the security bulletins, MS10-016, fixed a single vulnerability in Movie Maker - an application bundled with most versions of Windows to, as the application name suggests, create movies. The application apparently lost its virginity with the release of this security bulletin as it seems like it's the first vulnerability reported in it. The vulnerability is a logic error as it erroneously copies data into the wrong buffer when reading in data from a project file, causing a buffer overflow.

The other security bulletin, MS10-017, addressed a number of vulnerabilities in various versions of Microsoft Office Excel. Interestingly, Microsoft Office Excel 2007 is the application affected by most of the reported vulnerabilities (5 out of 7). The vulnerabilities are caused by various types of errors that allow execution of arbitrary code. Only two vulnerabilities received a rating of "2" in Microsoft's exploitability index; all other vulnerabilities were rated "1" (i.e. consistent exploit code likely).

To finish off the release, was a security advisory for a new 0-day vulnerability in Internet Explorer 6 and 7 that Microsoft states is currently being exploited in targeted attacks.

An interesting monthly release...

Stay Secure,

Carsten Eiram
Chief Security Specialist

Discuss this blog entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.
Subject: An Interesting Microsoft Tuesday
No posts yet


You must be logged in to post a comment.

 Products Solutions Customers Partner Resources Company
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
Technology Partners
 About us

Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
Secunia © 2002-2015 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+