Wednesday, 14 July 2010

Microsoft Patch Tuesday: July 2010


With this July Microsoft Patch Tuesday Security Update, we see a moderate number of security updates with 4 updates to Windows XP, Windows 7 and Office including 3 updates rated as Critical, 1 rated as Important. Unfortunately, all patches released this month will most likely require a reboot of the target system. In addition, all of these Microsoft Security Updates relate to Remote Code Execution vulnerabilities.

The ChangeBase AOK Patch Impact team has updated the sample application database to now more than 2000 unique application packages. All of the applications in this large sample application portfolio are analyzed for application level conflicts with Microsoft Security Updates and potential dependencies.
Based on the results of our AOK Application Compatibility Lab only one of the July Patch Tuesday updates is likely to require significant application level testing;


  • MS10-044 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

We have included a brief snap-shot of some of the results from our AOK Software that demonstrates some of the potential impacts on the OSP application package with the following image. In addition, this high level summary, we have also included a small sample of one of the AOK Summary reports from a smaller sample database (second image).









Testing Summary
  • MS10-042 : "MS10-042 Cumulative Security Update of ActiveX Kill Bits "
  • MS10-043 : "MS10-043 Cumulative Security Update for Internet Explorer "
  • MS10-044 : "MS10-044 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege "
  • MS10-045 : "MS10-045 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege "


Patch NameTotal
Issues
Matches
Affected
RebootRatingRAG
Microsoft Security Bulletin MS10-042<1%<1%YESGreen
Microsoft Security Bulletin MS10-043<1%<1%YESGreen
Microsoft Security Bulletin MS10-044<0.15%<1%YESAmber
Microsoft Security Bulletin MS10-045<1%<1%YESGreen

Legend:
No IssueNo Issues Detected
FixablePotentially fixable application Impact
SeriousSerious Compatibility Issue

Security Update Detailed Summary
MS10-042Vulnerability in Help and Support Center Could Allow Remote Code Execution
DescriptionThis security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must click a link listed within an e-mail message.
PayloadHelpsvc.exe
ImpactCritical – Remote Code Execution

MS10-043Vulnerability in Canonical Display Driver Could Allow Remote Code Execution
DescriptionThis security update resolves a publicly disclosed vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.
PayloadCdd.dll, Dxgkrnl.sys, Dxgmms1.sys, Lddmcore.ptxml, Cdd.dll, Dxgkrnl.sys, Dxgmms1.sys
ImpactCritical – Remote Code Execution

MS10-044Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution
DescriptionThis security update resolves two privately reported vulnerabilities in Microsoft Office Access ActiveX Controls. The vulnerabilities could allow remote code execution if a user opened a specially crafted Office file or viewed a Web page that instantiated Access ActiveX controls. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadAccwiz.dll, Acwzlib.accde, Msaccess.exe, Soa.dll, Acwzdat12.accdu, Acwzmain.accde, Acwztool.accde, Acwzusr12.accdu, Utility.accda
ImpactCritical – Remote Code Execution

MS10-045Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution
DescriptionThis security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user opened an attachment in a specially crafted e-mail message using an affected version of Microsoft Office Outlook. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadCnfnot32.exe_0004, Contab32.dll, Dlgsetp.dll, Dumpster.dll, Emablt32.dll, Emsmdb32.dll_0005, Envelope.dll, Exsec32.dll_0001, Impmail.dll, Mimedir.dll, Mlcfg32.cpl_0001, Mlshext.dll, Mspst32.dll_0004, Oladd.fae, Olappt.fae, Oljrnl.fae, Olkfstub.dll, Olmail.fae, Olmapi32.dll, Olnote.fae, Oltask.fae, Omsmain.dll, Omsxp32.dll, Outlctl.dll, Outlmime.dll, Outlook.exe, Outlph.dll, Outlrpc.dll, Outlvba.dll, Outlvbs.dll_0001, Pstprx32.dll, Recall.dll, Rm.dll, Rtfhtml.dll, Scanost.exe, Scanpst.exe_0002, Scnpst32.dll, Scnpst64.dll
ImpactImportant - Remote Code Execution


*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.

No comments: