The updates MS08-055 and MS08-053 relate to Windows Media player which has a minimal impact on the Operating system and few applications have a direct dependency on Windows Media player. More importantly, MS08-052 includes an update to a core element of the operating system (GDIPLUS.DLL). This file is part of the graphics library for Window XP. Several applications we ran through AOK can load a version of this file from their source media/download process when they are installed and so there is a danger that if this happens the installation will result in an out of date version of this file being loaded and overwriting the version in the patch update this month.
IT departments need to identify which applications can do this and have a process in place which stops this happening. 3% of the applications we tested have this capacity including Microsoft Messenger and Macromedia Dreamweaver. Here is a sample of the AOK Workbench analysis which illustrates that Messenger both includes this key file in its installation package and has a key dependency on GDIPLUS.DLL.
In terms of which applications use or have a dependency on this component, we found that 30% of the applications we tested fall into this category. We recommend organisations test all applications with such dependencies.
Specific reboot Information
Also it should be noted that all machines (servers and desktops) with this patch update will need to be rebooted for the update to take affect as per the table below.
Testing Summary
- MS08-052: updates key components of Microsoft Messenger and Digital Imager
- MS08-055: Updates key Microsoft Office components - full application test required
- MS08-053: Marginal impact and negligible testing profile
- MS08-054: Marginal impact and negligible testing profile
| Patch Name | Issues | % Affected (with dependencies) | Reboot | RAG |
| MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution | 237 | 30% | YES |  |
| MS08-053 Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution | <1% | <1% | YES |  |
| MS08-054 Vulnerability in Windows Media Player Could Allow Remote Code Execution | <1% | <1% | NO | |
| MS08-055 Vulnerability in Microsoft Office Could Allow Remote Code Execution | 9 | 1% | NO |  |
Legend:
|  |
Security Update Detailed Summary
| MS08-052 | Vulnerabilities in GDI+ Could Allow Remote Code Execution |
| Description | Vulnerabilities in GDI+ Could Allow Remote Code Execution This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | gdiplus.dll |
| Impact | MS08-052 updates a core OS level DLL that is responsible for Windows XP/2000 graphics interface. A number of applications contain this file in their application installation routine including; Reuters Messaging, Microsoft Messenger, Macromedia Dreamweaver and Microsoft Digital Image which could cause application compatibility issues when these packages are deployed. In addition, a significant portion of our testing portfolio had a file level dependency on this updated DLL. |
| MS08-053 | Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution |
| Description | This security update resolves a privately reported vulnerability in Windows Media Encoder 9 Series. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | The following file is updated in this security update; Wmex.dll |
| Impact | This update had a marginal impact on the AOK Workbench application package portfolio through direct file and configuration overlaps with the update payload and the portfolio packages. |
| MS08-054 | Vulnerability in Windows Media Player Could Allow Remote Code Execution |
| Description | This security update resolves a privately reported vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | The following file is updated in this security update; Wmpeffects.dll |
| Impact | This update had a marginal impact on the AOK Workbench application package portfolio through direct file and configuration overlaps with the update payload and the portfolio packages. |
| MS08-055 | Vulnerability in Microsoft Office Could Allow Remote Code Execution |
| Description | This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | The following files are updated in this security update; Onbttnie.dll, Onenote.exe, Onenotem.exe, Onfilter.dll, Onlibs.dll, Onmain.dll, Mso.dll, Mso.dll, Ietag.dll |
| Impact | This Microsoft security update, while not affecting a large portion of the AOK application portfolio did directly affect a number of Microsoft application packages including Office 2003 (standard and professional), Microsoft Visual Basic, and Microsoft Project. |
Details of Lab process
c. 800 applications were tested against these patches using the ChangeBASE ACL (Application Compatibility Lab)
No comments:
Post a Comment