After loading the ChangeBASE AOK application testing portfolio into an AOK Patch Impact database, all six patches were tested for application level issues and in addition; application dependencies. For this month, all of the six Microsoft Security Updates (MS09-028 to MS09-033) raised very few or no application level or dependency level issues with the AOK Application Test portfolio. Thus, these six patches were rated as Green.
Given the very low numbers of issues for these six security updates, the ChangeBASE AOK team recommends that all these patches are rapidly deployed to a staging environment and then subsequently into Production.
The ChangeBASE AOK team recommends that with all changes to an environment basic UAT testing is performed on all business critical applications. However, for the six July Microsoft Security updates marked as Green, only marginal build level testing should be required.
Here is a sample report extract from one of the few applications in the AOK ChangeBASE Application Test Portfolio that raised a number of dependency level issues with the MS09-032 Security Update.
Testing Summary
- MS09-028: Marginal Impact (both Package level and dependencies) detected across portfolio
- MS09-029: Marginal Impact (both Package level and dependencies) detected across portfolio
- MS09-030: Marginal Impact (both Package level and dependencies) detected across portfolio
- MS09-031: Marginal Impact (both Package level and dependencies) detected across portfolio
- MS09-032: Marginal Impact (both Package level and dependencies) detected across portfolio
- MS09-033: Marginal Impact (both Package level and dependencies) detected across portfolio
| Patch Name | Total Issues | Matches Affected | Reboot | Rating | RAG |
|---|---|---|---|---|---|
| Microsoft Security Bulletin MS09-028 | 0 | <1% | YES | Critical |  |
| Microsoft Security Bulletin MS09-029 | 3 | <1% | YES | Critical | |
| Microsoft Security Bulletin MS09-030 | 2 | <1% | YES | Critical | |
| Microsoft Security Bulletin MS09-031 | 0 | <1% | YES | Important | |
| Microsoft Security Bulletin MS09-032 | 16 | <1% | YES | Important | |
| Microsoft Security Bulletin MS09-033 | 0 | <1% | YES | Important | |
Legend:
|
Security Update Detailed Summary
| MS09-028 | Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) |
| Description | This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | Quartz.dll |
| Impact | Critical |
| MS09-029 | Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) |
| Description | This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | Fontsub.dll, T2embed.dll |
| Impact | Critical |
| MS09-030 | Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (969516). |
| Description | This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | Morph9.dll, Mspub.exe, Prtf9.dll, Ptxt9.dll, Pubconv.dll, Pubtrap.dll |
| Impact | Critical |
| MS09-031 | Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953). |
| Description | This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation. |
| Payload | Authdflt.dll, Comphp.dll, Complp.dll, Cookieauthfilter.dll, Diffserv.dll, Fweng.sys, Httpfilter.dll, Linktranslation.dll, Msfpc.dll, Msfpccom.dll, Msfpcsnp.dll, Msfpcui.dll, Mspadmin.exe, Ratlib.dll, Socksflt.dll, W3filter.dll, W3prefch.exe, Wploadbalancer.dll, Wspsrv.exe. |
| Impact | Important |
| MS09-032 | Cumulative Security Update of ActiveX Kill Bits (973346). |
| Description | This security update resolves a privately reported vulnerability in Microsoft Video ActiveX Control. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer that uses the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | No binary files included. Only CLSID kill bits for specific COM objects. |
| Impact | Important |
| MS09-033 | Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856). |
| Description | This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.. |
| Payload | VMM.sys. |
| Impact | Important |
c. 800 applications were tested against these patches using the ChangeBASE ACL (Application Compatibility Lab)
No comments:
Post a Comment