ChangeBASE have announced their findings of Microsoft's Patch Tuesday update of November, 2008. There were two patch releases this week (MS08-068 and MS08-069) and one last week (MSO8-067).
MS067 and MS068 were critical releases as they addressed potential serious security issues. However from an application compatibility perspective they will have minimal impact on an organisation's application portfolio. This comes as good news for enterprises as it gives them a month off the full testing cycle with patch updates. In recent months the impact of patches on applications has been significant and has required a huge amount of testing to ensure business critical applications continue to work.
From our discussions with larger companies their testing activity generally falls into one of three camps:
- Light sample testing of a small number of business critical applications - This requires limited testing resource but leaves organisations vulnerable to applications problems/failures
- Medium testing - This takes significant resource and time but means that a wider portfolio of applications can be tested
- Heavy testing - Many organisations do not have the resource to do this on a monthly basis and we have come across examples of corporates who only release new patches to their live environment twice a year as a result of this. The plus side of this approach is that applications are likely to be unaffected by the patch updates. The downside is that critical patches are not deployed, leaving organisations vulnerable to, for example, security breaches
ChangeBASE AOK Patch Impact Monitor identifies in minutes applications that are affected by new Microsoft releases and provides detailed information on potential compatibility issues. This can cut the testing time down to the point that heavy testing can be done on a greater number of applications in a short period of time.
Thankfully November should be a quiet time for testing as the new patches will have minimal impact on an organisation's applications.
Testing Summary
MS08-68: Marginal impact with low numbers of applications affected
MS08-69: Marginal impact with low numbers of applications affected
| Patch Name | Total Issues | % of apps
Affected | Reboot | Rating | RAG |
|---|
| MS08-067 | <1% | <1% | YES | C |  | | MS08-068 | <1% | <1% | YES | C | | | MS08-069 | <1% | <1% | YES | I | |
Legend:
| No Issues Detected |  | Potentially fixable application Impact |  | Serious Compatibility Issue |
M = Moderate
I = Important
C = Critical
c. 800 applications were tested against these patches using the ChangeBASE ACL (Application Compatibility Lab)
Security Update Detailed Summary
| MS08-067 | Vulnerability in Server Service Could Allow Remote Code Execution (958644) | | Description | This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. | | Payload | Netapi.dll | | Impact | Remote Code Execution |
| MS08-068 | Vulnerability in SMB Could Allow Remote Code Execution (957097) | | Description | This security update resolves a publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | | Payload | Mrxsmb.sys | | Impact | Information Disclosure |
| MS08-069 | Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) | | Description | This security update resolves several vulnerabilities in Microsoft XML Core Services. The most severe vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | | Payload | Msxml5.dll | | Impact | Remote Code Execution |
|
No comments:
Post a Comment