With this November Microsoft Patch Tuesday update, we see a set of 6 updates; 4 of which are marked as "Critical", 1 rated "Important" and 1 being a "Moderate" vulnerability.
The Patch Tuesday Security Update analysis was performed by the Quest ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed an Amber issue.
Of the six patches, 3 "require a restart to load correctly", and 3 "may require a restart", so it is probably best to assume all require a restart to be installed correctly
Here is a sample of the results for one package against the patch Tuesday updates:
MS12-071 - Cumulative Security Update for Internet Explorer (2761451)
Quest\ChangeBASE RAG Status Report Summary
Security Update Detailed Summary
|
MS12-071
|
Cumulative
Security Update for Internet Explorer (2761451)
|
|
Description
|
This security update resolves three
privately reported vulnerabilities in Internet Explorer. The vulnerabilities
could allow remote code execution if a user views a specially crafted webpage
using Internet Explorer. An attacker who successfully exploited these
vulnerabilities could gain the same user rights as the current user. Users
whose accounts are configured to have fewer user rights on the system could
be less impacted than users who operate with administrative user rights.
|
|
Payload
|
Urlmon.dll, Iexplore.exe, Inetcpl.cpl,
Jsproxy.dll, Wininet.dll, Wininetplugin.dll, Iedvtool.dll, Msfeeds.dll,
Msfeeds.mof, Mshtmled.dll, Mshtmled.dll, Mshtml.dll, Mshtml.tlb, Ieproxy.dll,
Ieshims.dll, Ieunatt.exe, Jsdbgui.dll, Iertutil.dll, Sqmapi.dll,
Mshtmled.dll, Mshtml.dll, Mshtml.tlb, Ieproxy.dll, Ieshims.dll, Url.dll,
Ieui.dll, Ieframe.dll, Jscript.dll, Jscript9.dll, Vbscript.dll
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS12-072
|
Vulnerabilities
in Windows Shell Could Allow Remote Code Execution (2727528)
|
|
Description
|
This security update resolves two
privately reported vulnerabilities in Microsoft Windows. The vulnerabilities
could allow remote code execution if a user browses to a specially crafted
briefcase in Windows Explorer. An attacker who successfully exploited this
vulnerability could run arbitrary code as the current user. If the current
user is logged on with administrative user rights, an attacker could take
complete control of the affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user
rights. Users whose accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with administrative user
rights.
|
|
Payload
|
Synceng.dll,
Wsynceng.dll
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS12-073
|
Vulnerabilities
in Microsoft Internet Information Services (IIS) Could Allow Information
Disclosure (2733829)
|
|
Description
|
This security update resolves one
publicly disclosed vulnerability and one privately reported vulnerability in
Microsoft Internet Information Services (IIS). The more severe vulnerability
could allow information disclosure if an attacker sends specially crafted FTP
commands to the server.
|
|
Payload
|
Ftpconfigext.dll, Ftpctrlps.dll,
Ftpmib.dll, Ftpres.dll, Ftpsvc.dll, Ftpsvc.mof
|
|
Impact
|
Moderate - Information Disclosure
|
|
MS12-074
|
Vulnerabilities
in .NET Framework Could Allow Remote Code Execution (2745030)
|
|
Description
|
This security update resolves five
privately reported vulnerabilities in the .NET Framework. The most severe of
these vulnerabilities could allow remote code execution if an attacker
convinces the user of a target system to use a malicious proxy auto
configuration file and then injects code into the currently running
application.
|
|
Payload
|
No Specific File Information
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS12-075
|
Vulnerabilities
in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
(2761226)
|
|
Description
|
This security update resolves three
privately reported vulnerabilities in Microsoft Windows. The most severe of
these vulnerabilities could allow remote code execution if a user opens a
specially crafted document or visits a malicious webpage that embeds TrueType
font files. An attacker would have to convince users to visit the website,
typically by getting them to click a link in an email message that takes them
to the attacker's website.
|
|
Payload
|
Win32k.sys
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS12-076
|
Vulnerabilities
in Microsoft Excel Could Allow Remote Code Execution (2720184)
|
|
Description
|
This security update resolves four
privately reported vulnerabilities in Microsoft Office. The vulnerabilities
could allow remote code execution if a user opens a specially crafted Excel
file with an affected version of Microsoft Excel. An attacker who
successfully exploited the vulnerabilities could gain the same user rights as
the current user. Users whose accounts are configured to have fewer user
rights on the system could be less impacted than users who operate with
administrative user rights.
|
|
Payload
|
Excel.Exe
|
|
Impact
|
Important - Remote Code Execution
|
*All results are based on an AOK
Application Compatibility Lab’s test portfolio of over 1,000 applications.
No comments:
Post a Comment