With this June Microsoft Patch Tuesday update, we see a very large set of updates in comparison to those lists of updates released by Microsoft for the months of March, April and May. In total there are 16 Microsoft Security Updates with the following rating; 9 rated as Critical, and 7 rated as Important by Microsoft. Given the scope and nature of this month's update, the ChangeBase team expects to find a significant number of issues raised by the AOK Automated Patch Impact Assessment. In particular, Microsoft Security Update M11-045 will require careful testing prior to deployment due to the core operating system DLL's contained within this update.
Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this June Patch Tuesday release cycle.
Sample Results: MS11-045 Vulnerability in OLE Automation Could Allow Remote Code Execution
Below this is a snap-shot of the AOK Summary Results report from a sample AOK database and the potential issues raised with each Microsoft Security Update.
Testing Summary- MS11-037 : Vulnerability in MHTML Could Allow Information Disclosure (2544893)
- MS11-038 : Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
- MS11-039 : Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
- MS11-040 : Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
- MS11-041 : Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
- MS11-042 : Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
- MS11-043 : Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
- MS11-044 : Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
- MS11-045 : Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
- MS11-046 : Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
- MS11-047 : Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
- MS11-048 : Vulnerability in SMB Server Could Allow Denial of Service (2536275)
- MS11-049 : Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
- MS11-050 : Cumulative Security Update for Internet Explorer (2530548)
- MS11-051 : Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)
- MS11-052 : Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
| Patch Name | Total
Issues | Matches
Affected | Reboot | Rating | RAG |
|---|
| Microsoft Security Bulletin MS11-037 | <1% | <1% | YES | |  |
| Microsoft Security Bulletin MS11-038 | 5% | 5% | YES | |  |
| Microsoft Security Bulletin MS11-039 | <1% | <1% | YES | | |
| Microsoft Security Bulletin MS11-040 | <1% | <1% | YES | | |
| Microsoft Security Bulletin MS11-041 | <1% | <1% | YES | | |
| Microsoft Security Bulletin MS11-042 | <1% | <1% | YES | | |
| Microsoft Security Bulletin MS11-043 | <1% | <1% | YES | | |
| Microsoft Security Bulletin MS11-044 | <1% | <1% | YES | | |
| Microsoft Security Bulletin MS11-045 | <1% | <1% | YES | | |
| Microsoft Security Bulletin MS11-046 | <1% | <1% | YES | | |
| Microsoft Security Bulletin MS11-047 | <1% | <1% | YES | | |
| Microsoft Security Bulletin MS11-048 | <1% | <1% | YES | | |
| Microsoft Security Bulletin MS11-049 | <1% | <1% | YES | | |
| Microsoft Security Bulletin MS11-050 | <1% | <1% | YES | | |
| Microsoft Security Bulletin MS11-051 | <1% | <1% | YES | | |
| Microsoft Security Bulletin MS11-052 | <1% | <1% | YES | | |
Legend:
| No Issues Detected |
| Potentially fixable application Impact |
 | Serious Compatibility Issue |
Security Update Detailed Summary
| MS11-037 | Vulnerability in MHTML Could Allow Information Disclosure (2544893) |
| Description | This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker's Web site. An attacker would have to convince the user to visit the Web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message. |
| Payload | Inetcomm.dll |
| Impact | Important - Information Disclosure |
| MS11-038 | Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490) |
| Description | This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user visits a Web site containing a specially crafted Windows Metafile (WMF) image. In all cases, however, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to convince users to visit a malicious Web site, typically by getting them to click a link in an e-mail message or Instant Messenger request. |
| Payload | Oleaut32.dll |
| Impact | Critical - Remote Code Execution |
| MS11-039 | Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842) |
| Description | This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. |
| Payload | |
| Impact | Critical - Remote Code Execution |
| MS11-040 | Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426) |
| Description | This security update resolves a privately reported vulnerability in the Microsoft Forefront Threat Management Gateway (TMG) 2010 Client, formerly named the Microsoft Forefront Threat Management Gateway Firewall Client. The vulnerability could allow remote code execution if an attacker leveraged a client computer to make specific requests on a system where the TMG firewall client is used. |
| Payload | Fwcmgmt.exe, Fwcwsp.dll, Fwcwsp64.dll |
| Impact | Critical - Remote Code Execution |
| MS11-041 | Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694) |
| Description | This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a network share (or visits a web site that points to a network share) containing a specially crafted OpenType font (OTF). In all cases, however, an attacker would have no way to force a user to visit such a web site or network share. Instead, an attacker would have to convince a user to visit the web site or network share, typically by getting them to click a link in an e-mail message or Instant Messenger message. |
| Payload | Win32k.sys |
| Impact | Critical - Remote Code Execution |
| MS11-042 | Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512) |
| Description | This security update resolves two privately reported vulnerabilities in the Microsoft Distributed File System (DFS). The more severe of these vulnerabilities could allow remote code execution when an attacker sends a specially crafted DFS response to a client-initiated DFS request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. |
| Payload | Mup.sys |
| Impact | Critical - Remote Code Execution |
| MS11-043 | Vulnerability in SMB Client Could Allow Remote Code Execution (2536276) |
| Description | This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server. |
| Payload | Mrxsmb.sys |
| Impact | Critical - Remote Code Execution |
| MS11-044 | Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814) |
| Description | This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. |
| Payload | |
| Impact | Critical - Remote Code Execution |
| MS11-045 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146) |
| Description | This security update resolves eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279. Microsoft Excel 2010 is only affected by CVE-2011-1273 described in this bulletin. The automated Microsoft Fix it solution, "Disable Edit in Protected View for Excel 2010," available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting CVE-2011-1273. |
| Payload | Excel.exe |
| Impact | Important - Remote Code Execution |
| MS11-046 | Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665) |
| Description | This security update resolves a publicly disclosed vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability. |
| Payload | Afd.sys |
| Impact | Important - Elevation of Privilege |
| MS11-047 | Vulnerability in Hyper-V Could Allow Denial of Service (2525835) |
| Description | This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. |
| Payload | Hvax64.exe, Hvboot.sys, Hvix64.exe, Virtualization.events.xml, Blank.vfd, Vid.dll, Vmbuspipe.dll, Vmbusvdev.dll, Vmguest.iso, Vmprox.dll, Vmwpctrl.dll, Windowsvirtualization.mof, Windowsvirtualizationuninstall.mof, Isoparser.sys, Passthruparser.sys, Storvsp.sys, Vhdparser.sys, S3cap.sys, Storflt.sys, Vmbus.sys, Vmbuscoinstaller.dll, Winhv.sys, Vmsntfy.dll, Vmswitch.sys |
| Impact | Important - Denial of Service |
| MS11-048 | Vulnerability in SMB Server Could Allow Denial of Service (2536275) |
| Description | This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit this vulnerability. |
| Payload | Srvnet.sys, Srv2.sys |
| Impact | Important - Denial of Service |
| MS11-049 | Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) |
| Description | This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. |
| Payload | Fl_microsoft_xmleditor_dll_91889_ _ _ _ _x86.3643236f_fc70_11d3_a536_0090278a1bb8 |
| Impact | Important - Information Disclosure |
| MS11-050 | Cumulative Security Update for Internet Explorer (2530548) |
| Description | This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | Browseui.dll, Html.iec, Ieencode.dll, Iepeers.dll, Mshtml.dll, Mshtmled.dll, Mstime.dll, Shdocvw.dll, Tdc.ocx, Urlmon.dll, Wininet.dll |
| Impact | Critical - Remote Code Execution |
| MS11-051 | Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295) |
| Description | This security update resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploited this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site. |
| Payload | Certckpn.asp, Certrqbi.asp, Certrqma.asp, Certrqxt.asp, Certrsis.asp, Certrspn.asp, Checkcertweb.dll |
| Impact | Important - Elevation of Privilege |
| MS11-052 | Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521) |
| Description | This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability. |
| Payload | Vgx.dll |
| Impact | Critical - Remote Code Execution |
*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.
No comments:
Post a Comment