Executive Summary
With this November release of the Microsoft Patch Tuesday update we see a very light update after last month’s massive patch of security bulletins. With one “critical”, and two “important” updates, we see the MS10-087 patch raised a number of issues which warrant an AOK Amber grading. Given the extent of the testing of package level and dependency analysis the ChangeBASE impact analysis team recommend further analysis and extensive testing of the patch (MS10-087 – highlighted below) against their client’s application portfolio.
MS10-087 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
- MS10-087 : "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)"
- MS10-088 : "Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)"
- MS10-089 : "Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)"
| Patch Name | Total Issues | Matches Affected | Reboot | Rating | RAG |
|---|---|---|---|---|---|
| Microsoft Security Bulletin MS10-087 | 2% | 2% | YES |  | |
| Microsoft Security Bulletin MS10-088 | <1% | <1% | YES |  | |
| Microsoft Security Bulletin MS10-089 | <1% | <1% | YES | |
Legend:
| No Issues Detected |
| Potentially fixable application Impact |
 | Serious Compatibility Issue |
Security Update Detailed Summary
| MS10-087 | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) |
| Description | This security update resolves one publicly disclosed vulnerability and four privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | Ietag.dll, Mso.dll |
| Impact | Critical - Remote Code Execution |
| MS10-088 | Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386) |
| Description | This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | Powerpnt.exe, Powerpnt.exe_1033, Powerpnt.exe_1049, Pp7x32.dll |
| Impact | Important - Remote Code Execution |
| MS10-089 | Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074) |
| Description | This security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. |
| Payload | Adfs.internalerror.inc, Adfs.internalsite.de_de.xml, Adfs.internalsite.en_us.xml, Adfs.internalsite.es_es.xml, Adfs.internalsite.fr_fr.xml, Adfs.internalsite.it_it.xml, Adfs.internalsite.ja_jp.xml, Adfs.internalsite.ko_kr.xml, Adfs.internalsite.pt_br.xml, Adfs.internalsite.ru_ru.xml, Adfs.internalsite.zh_cn.xml, Adfs.internalsite.zh_tw.xml, Internalerror.inc, Internalsite.de_de.xml, Internalsite.en_us.xml, Internalsite.es_es.xml, Internalsite.fr_fr.xml, Internalsite.it_it.xml, Internalsite.ja_jp.xml, Internalsite.ko_kr.xml, Internalsite.pt_br.xml, Internalsite.ru_ru.xml, Internalsite.zh_cn.xml, Internalsite.zh_tw.xml, Mobileinternalsite.microsoft.uag.mobilebrowsing.dll, Monitor.sessionparameters.asp, Signurl.asp, Whlfilter.dll, Whlfiltsecureremote.dll |
| Impact | Important - Elevation of Privilege |
*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.
No comments:
Post a Comment