Monday, 20 October 2014

Is Application Compatibility (App-Compat) over?

Just a quick post today, and a great (re)start to the application compatibility conversation. As we have learned over the past (almost) seven years, application compatibility was a big challenge for organizations moving from Windows XP to Windows 7 and even now Windows 8.x

Watch Chris Jackson present his views on the "Last App-Compat Session" at TechEd 2013 in North America.



You can download the high-quality video here:

As always to you can tune into Chris Jackson's latest thinking at his blog: The App Compat Guy

Application Compatibility may not be quite as important as it was during the past few years due to all the "heavy lifting" required to get some pretty old applications on to Windows 7.  However, my current thinking is that application compatibility is now simply part of the application management "fabric" in most organisations and is part of the many challenges in getting applications to work.

You will hear more from me on this topic -soon....

Thursday, 16 October 2014

October Patch Tuesday on Computer World


It looks like a massive Patch Tuesday update for this month, as we see updates from Microsoft, Apple, Oracle and Adobe.

You can read more about some of the details and concerns for each patch on my Computer World blog posting here:

Each month I post a review of the recent updates and the releases from Microsoft. You can find my other, past posting here

See you next Patch Tuesday!


Monday, 13 October 2014

Application Management Event 2014

I was worried that no one would show-up, but show up they did. The annual AppManagement Event (organised by PDS) in the Netherlands was a great success.

Fortunately, I was able to present on one of the technical break-out sessions on virtualization with summary of the past few years of application virtualization titled, "The Rise and Fall and Rise of Virtualization". 

Here are some quick photos from the session:

Greg Lambert presenting at the Application Management Event
If you are interested in the slides from this presentation, please have at this SlideShare link:


We also had a stand at the exhibition, and had a chance to get some feedback on our cloud-based Assessment, Remediation and Conversion service.

Qompat Demoes at Application Management Event
You can view the virtualization presentation via Slide Share here.

Overall, we had a great response to our planned products, services and pricing.

If you would like to find out more about how we can assist with your migration or business as usual application management efforts, please join our BETA program, listed below.

Tuesday, 7 October 2014

Join us at the Application Management Event 2014



Join us the Application Management (and Packaging) Event.

I will be presenting one of the technical break-out sessions at the Application Packaging event in the Netherlands.

The delights and frustrations of technology are such that with each wave of progress, a new set of issues come to light. In this session, I will reflect on the early history and technical challenges encountered in the process of migrating desktop, and sometimes server environments, to virtualised platforms  

Time, October 9th, 13:40 – 14:20

It would be great to see you, and if you have time, please stop by the Qompat stand to see a demo.




Thursday, 12 December 2013

December Patch Tuesday Update


Application Compatibility Update with Dell Software's ChangeBASE
Executive Summary
With this December Microsoft Patch Tuesday update, there are 11 updates; 5 of which are marked as “Critical” and 6 rated as “Important”.

The Patch Tuesday Security Update analysis was performed by the Dell ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed amber issues.

Of the eleven patches, 4 "require a restart to load correctly", and 5 "may require a restart", and 2 indicate they "do not need a re-start" so until we see all patches in the "do not require a restart" our advice is that it is probably best to assume all require a restart to be installed correctly.

Sample Results
Here are two sample results showing amber warnings generated as a result of patches MS-096 & MS-099.





Here is a Sample Summary report


Testing Summary

MS13-096
Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution(KB2908005)
MS13-097
Cumulative Security Update for Internet Explorer (KB2898785)
MS13-098
Vulnerability in Windows Could Allow Remote Code Execution (KB2893294)
MS13-099
Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Executio(KB2909158)
MS13-100
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution(KB2904244)
MS13-101
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege(KB2880430)
MS13-102
Vulnerability in LRPC Client Could Allow Elevation of Privilege (KB2898715)
MS13-103
Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (KB2905244)
MS13-104
Vulnerability in Microsoft Office Could Allow Information Disclosure (KB2909976)
MS13-105
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution(KB2915705)
MS13-106
Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass (KB2905238)






Security Update Detailed Summary

MS13-096
Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution(KB2908005)
Description
This security update resolves a publicly disclosed vulnerability in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerability could allow remote code execution if a user views content that contains specially crafted TIFF files.
Payload
Gdiplus.dll
Impact
Critical - Remote Code Execution

MS13-097
Cumulative Security Update for Internet Explorer (KB2898785)
Description
This security update resolves seven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
Browseui.dll, Html.iec, Ieencode.dll, Iepeers.dll, Mshtml.dll, Mshtmled.dll, Mstime.dll, Shdocvw.dll, Tdc.ocx, Url.dll, Urlmon.dll, Vgx.dll, Wininet.dll
Impact
Critical - Remote Code Execution

MS13-098
Vulnerability in Windows Could Allow Remote Code Execution (KB2893294)
Description
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system.
Payload
Imagehlp.dll
Impact
Critical - Remote Code Execution

MS13-099
Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (KB2909158)
Description
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker convinces a user to visit a specially crafted website or a website that hosts specially crafted content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
Cscript.exe, Dispex.dll, Scrobj.dll, Scrrun.dll, Wscript.exe, Wshcon.dll, Wshom.ocx
Impact
Critical - Remote Code Execution

MS13-100
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (KB2904244)
Description
This security update resolves multiple privately reported vulnerabilities in Microsoft Office server software. These vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site.
Payload
No specific file payload
Impact
Important - Remote Code Execution

MS13-101
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (KB2880430)
Description
This security update resolves five privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Payload
Win32k.sys
Impact
Important - Elevation of Privilege

MS13-102
Vulnerability in LRPC Client Could Allow Elevation of Privilege (KB2898715)
Description
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker spoofs an LRPC server and sends a specially crafted LPC port message to any LRPC client. An attacker who successfully exploited the vulnerability could then install programs; view, change, or delete data; or create new accounts with full administrator rights. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Payload
Rpcrt4.dll, W03a3409.dll, Wrpcrt4.dll, Ww03a3409.dll
Impact
Important - Elevation of Privilege

MS13-103
Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (KB2905244)
Description
This security update resolves a privately reported vulnerability in ASP.NET SignalR. The vulnerability could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user.
Payload
Microsoft.AspNet.SignalR.Core.dll
Impact
Important - Elevation of Privilege

MS13-104
Vulnerability in Microsoft Office Could Allow Information Disclosure (KB2909976)
Description
This security update resolves one privately reported vulnerability in Microsoft Office that could allow information disclosure if a user attempts to open an Office file hosted on a malicious website. An attacker who successfully exploited this vulnerability could ascertain access tokens used to authenticate the current user on a targeted SharePoint or other Microsoft Office server site.
Payload
Mso.dll.x86, Msores.dll, Msosqm.exe, Office.dll, Msointl.dll.x86.1025, Msointl.rest.idx_dll.x86.1025, Msointl.dll.idx_dll.x86.1026, Msointl.dll.x86.1026, Msointl.rest.idx_dll.x86.1026, Msointl.dll.idx_dll.x86.1027, Msointl.dll.x86.1027, Msointl.rest.idx_dll.x86.1027, Msointl.dll.idx_dll.x86.1029, Msointl.dll.x86.1029, Msointl.rest.idx_dll.x86.1029, Msointl.dll.idx_dll.x86.1030, Msointl.dll.x86.1030, Msointl.rest.idx_dll.x86.1030, Msointl.dll.x86.1031, Msointl.rest.idx_dll.x86.1031, Msointl.dll.idx_dll.x86.1032, Msointl.dll.x86.1032, Msointl.rest.idx_dll.x86.1032, Msointl.dll.x86.1033, Msointl.rest.idx_dll.x86.1033, Msointl.dll.x86.3082, Msointl.rest.idx_dll.x86.3082, Msointl.dll.idx_dll.x86.1061, Msointl.dll.x86.1061, Msointl.rest.idx_dll.x86.1061, Msointl.dll.idx_dll.x86.1069, Msointl.dll.x86.1069, Msointl.rest.idx_dll.x86.1069, Msointl.dll.idx_dll.x86.1035, Msointl.dll.x86.1035, Msointl.rest.idx_dll.x86.1035, Msointl.dll.x86.1036, Msointl.rest.idx_dll.x86.1036, Msointl.dll.idx_dll.x86.1110, Msointl.dll.x86.1110, Msointl.rest.idx_dll.x86.1110, Msointl.dll.idx_dll.x86.1095, Msointl.dll.x86.1095, Msointl.rest.idx_dll.x86.1095, Msointl.dll.x86.1037, Msointl.rest.idx_dll.x86.1037, Msointl.dll.idx_dll.x86.1081, Msointl.dll.x86.1081, Msointl.rest.idx_dll.x86.1081, Msointl.dll.idx_dll.x86.1050, Msointl.dll.x86.1050, Msointl.rest.idx_dll.x86.1050, Msointl.dll.idx_dll.x86.1038, Msointl.dll.x86.1038, Msointl.rest.idx_dll.x86.1038, Msointl.dll.idx_dll.x86.1057, Msointl.dll.x86.1057, Msointl.rest.idx_dll.x86.1057, Msointl.dll.x86.1040, Msointl.rest.idx_dll.x86.1040, Msointl.dll.x86.1041, Msointl.rest.idx_dll.x86.1041, Msointl.dll.idx_dll.x86.1087, Msointl.dll.x86.1087, Msointl.rest.idx_dll.x86.1087, Msointl.dll.idx_dll.x86.1099, Msointl.dll.x86.1099, Msointl.rest.idx_dll.x86.1099, Msointl.dll.x86.1042, Msointl.rest.idx_dll.x86.1042, Msointl.dll.idx_dll.x86.1063, Msointl.dll.x86.1063, Msointl.rest.idx_dll.x86.1063, Msointl.dll.idx_dll.x86.1062, Msointl.dll.x86.1062, Msointl.rest.idx_dll.x86.1062, Msointl.dll.idx_dll.x86.1086, Msointl.dll.x86.1086, Msointl.rest.idx_dll.x86.1086, Msointl.dll.idx_dll.x86.1044, Msointl.dll.x86.1044, Msointl.rest.idx_dll.x86.1044, Msointl.dll.x86.1043, Msointl.rest.idx_dll.x86.1043, Msointl.dll.idx_dll.x86.1045, Msointl.dll.x86.1045, Msointl.rest.idx_dll.x86.1045, Msointl.dll.x86.1046, Msointl.rest.idx_dll.x86.1046, Msointl.dll.idx_dll.x86.2070, Msointl.dll.x86.2070, Msointl.rest.idx_dll.x86.2070, Msointl.dll.idx_dll.x86.1048, Msointl.dll.x86.1048, Msointl.rest.idx_dll.x86.1048, Msointl.dll.x86.1049, Msointl.rest.idx_dll.x86.1049, Msointl.dll.idx_dll.x86.1051, Msointl.dll.x86.1051, Msointl.rest.idx_dll.x86.1051, Msointl.dll.idx_dll.x86.1060, Msointl.dll.x86.1060, Msointl.rest.idx_dll.x86.1060, Msointl.dll.idx_dll.x86.2074, Msointl.dll.x86.2074, Msointl.rest.idx_dll.x86.2074, Msointl.dll.idx_dll.x86.1053, Msointl.dll.x86.1053, Msointl.rest.idx_dll.x86.1053, Msointl.dll.idx_dll.x86.1054, Msointl.dll.x86.1054, Msointl.rest.idx_dll.x86.1054, Msointl.dll.idx_dll.x86.1055, Msointl.dll.x86.1055, Msointl.rest.idx_dll.x86.1055, Msointl.dll.idx_dll.x86.1058, Msointl.dll.x86.1058, Msointl.rest.idx_dll.x86.1058, Msointl.dll.idx_dll.x86.1066, Msointl.dll.x86.1066, Msointl.rest.idx_dll.x86.1066, Msointl.dll.x86.2052, Msointl.rest.idx_dll.x86.2052, Msointl.dll.x86.1028, Msointl.rest.idx_dll.x86.1028
Impact
Important - Information Disclosure

MS13-105
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (KB2915705)
Description
This security update resolves three publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server. The most severe of these vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. These vulnerabilities could allow remote code execution in the security context of the LocalService account if an attacker sends an email message containing a specially crafted file to a user on an affected Exchange server. The LocalService account has minimum privileges on the local system and presents anonymous credentials on the network.
Payload
No specific file payload
Impact
Critical - Remote Code Execution

MS13-106
Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature (KB2905238)
Description
This security update resolves one publicly disclosed vulnerability in a Microsoft Office shared component that is currently being exploited. The vulnerability could allow security feature bypass if a user views a specially crafted webpage in a web browser capable of instantiating COM components, such as Internet Explorer. In a web-browsing attack scenario, an attacker who successfully exploited this vulnerability could bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability that could take advantage of the ASLR bypass to run arbitrary code.
Payload
No specific file payload
Impact
Important - Security Feature Bypass

* All results are based on the ChangeBASE Application Compatibility Lab's test portfolio of over 3000 applications.