Application Compatibility Update with Quest® Workspace™ ChangeBASE
Executive Summary
With this May Microsoft Patch Tuesday update, we see a set of 10 updates; 2 of which are marked as “Critical” and 8 rated as “Important”.
The Patch Tuesday Security Update analysis was performed by the Quest ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed amber issues.
Of the ten patches, 3 "require a restart to load correctly", and 7 "may require a restart", so as usual, it is probably best to assume all require a restart to be installed correctly.
Sample Results
Here is a sample of an application found to be vulnerable to the issue fixed in the security patch for Microsoft Visio.
Executive Summary
With this May Microsoft Patch Tuesday update, we see a set of 10 updates; 2 of which are marked as “Critical” and 8 rated as “Important”.
The Patch Tuesday Security Update analysis was performed by the Quest ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed amber issues.
Of the ten patches, 3 "require a restart to load correctly", and 7 "may require a restart", so as usual, it is probably best to assume all require a restart to be installed correctly.
Sample Results
Here is a sample of an application found to be vulnerable to the issue fixed in the security patch for Microsoft Visio.
And, here is the ChangeBASE Patch Tuesday Red, Amber, Green (RAG) status for May 2013
Security Update Detailed Summary
|
MS13-037
|
Cumulative
Security Update for Internet Explorer (2829530)
|
|
Description
|
This security update resolves eleven
privately reported vulnerabilities in Internet Explorer. The most severe
vulnerabilities could allow remote code execution if a user views a specially
crafted webpage using Internet Explorer. An attacker who successfully
exploited the most severe of these vulnerabilities could gain the same user
rights as the current user. Users whose accounts are configured to have fewer
user rights on the system could be less impacted than users who operate with
administrative user rights.
|
|
Payload
|
Browseui.dll, Html.iec, Ieencode.dll, Iepeers.dll,
Mshtml.dll, Mshtmled.dll, Mstime.dll, Shdocvw.dll, Tdc.ocx, Url.dll,
Urlmon.dll, Vgx.dll, Wininet.dll, W03a3409.dll, Wbrowseui.dll, Wdxtmsft.dll,
Wdxtrans.dll, Whtml.iec, Wieencode.dll, Wiepeers.dll, Wmshtml.dll,
Wmshtmled.dll, Wmstime.dll, Wpngfilt.dll, Wshdocvw.dll, Wtdc.ocx, Wurl.dll,
Wurlmon.dll, Wvgx.dll, Advpack.dll, Corpol.dll, Dxtmsft.dll, Dxtrans.dll,
Extmgr.dll, Icardie.dll, e4uinit.exe, Ieakeng.dll, Ieaksie.dll, Ieakui.dll,
Ieapfltr.dat, Ieapfltr.dll, Iedkcs32.dll, Ieencode.dll, Ieframe.dll,
Iepeers.dll, Iernonce.dll, Iertutil.dll, Ieudinit.exe, Iexplore.exe,
Inetcpl.cpl, Jsproxy.dll, Msfeeds.dll, Msfeedsbs.dll, Mshtml.dll,
Mshtmled.dll, Msrating.dll, Mstime.dll, Occache.dll, Pngfilt.dll, Url.dll,
Urlmon.dll, Vgx.dll, Webcheck.dll, Wininet.dll
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS13-038
|
Security
Update for Internet Explorer (2847204)
|
|
Description
|
This security update resolves one
publicly disclosed vulnerability in Internet Explorer. The vulnerability
could allow remote code execution if a user views a specially crafted webpage
using Internet Explorer. An attacker who successfully exploited this
vulnerability could gain the same user rights as the current user. Users
whose accounts are configured to have fewer user rights on the system could
be less impacted than users who operate with administrative user rights.
|
|
Payload
|
Spuninst.exe, Mshtml.dll, Mshtml.tlb
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS13-039
|
Vulnerability
in HTTP.sys Could Allow Denial of Service (2829254)
|
|
Description
|
This security update resolves a privately
reported vulnerability in Microsoft Windows. The vulnerability could allow
denial of service if an attacker sends a specially crafted HTTP packet to an
affected Windows server or client.
|
|
Payload
|
No specific payload
|
|
Impact
|
Important - Denial of Service
|
|
MS13-040
|
Vulnerabilities
in .NET Framework Could Allow Spoofing (2836440)This security update resolves
one privately reported vulnerability and one publicly disclosed vulnerability
|
|
Description
|
in the .NET Framework. The more severe of
the vulnerabilities could allow spoofing if a .NET application receives a
specially crafted XML file. An attacker who successfully exploited the vulnerabilities
could modify the contents of an XML file without invalidating the file's
signature and could gain access to endpoint functions as if they were an
authenticated user.
|
|
Payload
|
No specific payload
|
|
Impact
|
Important – Spoofing
|
|
MS13-041
|
Vulnerability
in Lync Could Allow Remote Code Execution (2834695)
|
|
Description
|
This security update resolves a privately
reported vulnerability in Microsoft Lync. The vulnerability could allow
remote code execution if an attacker shares specially crafted content, such
as a file or program, as a presentation in Lync or Communicator and then
convinces a user to accept an invitation to view or share the presentable content.
In all cases, an attacker would have no way to force users to view or share
the attacker-controlled file or program. Instead, an attacker would have to
convince users to take action, typically by getting them to accept an
invitation in Lync or Communicator to view or share the presentable content.
|
|
Payload
|
Appshapi.dll, Appshcom.dll, Appshvw.dll,
Communicator.exe, Lcwabext.dll, Ocapi.dll, Ocoffice.dll, Privacypolicy.rtf,
Rtmpltfm.dll, Uccp.dll, Uc.dll
|
|
Impact
|
Important - Remote Code Execution
|
|
MS13-042
|
Vulnerabilities
in Microsoft Publisher Could Allow Remote Code Execution (2830397)
|
|
Description
|
This security update resolves eleven
privately reported vulnerabilities in Microsoft Office. The vulnerabilities
could allow remote code execution if a user open a specially crafted
Publisher file with an affected version of Microsoft Publisher. An attacker
who successfully exploited these vulnerabilities could gain the same user
rights as the current user. Users whose accounts are configured to have fewer
user rights on the system could be less impacted than users who operate with
administrative user rights.
|
|
Payload
|
Mspub.exe, Prtf9.dll, Pubconv.dll
|
|
Impact
|
Important - Remote Code Execution
|
|
MS13-043
|
Vulnerability
in Microsoft Word Could Allow Remote Code Execution (2830399)
|
|
Description
|
This security update resolves one
privately reported vulnerability in Microsoft Office. The vulnerability could
allow code execution if a user opens a specially crafted file or previews a
specially crafted email message in an affected version of Microsoft Office
software. An attacker who successfully exploited this vulnerability could
gain the same user rights as the current user. Users whose accounts are
configured to have fewer user rights on the system could be less impacted
than users who operate with administrative user rights.
|
|
Payload
|
Winword.exe, Wordview.Exe, Wdvprtid.Xml
|
|
Impact
|
Important - Remote Code Execution
|
|
MS13-044
|
Vulnerability
in Microsoft Visio Could Allow Information Disclosure (2834692)
|
|
Description
|
This security update resolves a privately
reported vulnerability in Microsoft Office. The vulnerability could allow
information disclosure if a user opens a specially crafted Visio file. Note
that this vulnerability would not allow an attacker to execute code or to
elevate their user rights directly, but it could be used to produce
information that could be used to try to further compromise an affected
system.
|
|
Payload
|
No specific payload
|
|
Impact
|
Important - Information Disclosure
|
|
MS13-045
|
Vulnerability
in Windows Essentials Could Allow Information Disclosure (2813707)
|
|
Description
|
This security update resolves a privately
reported vulnerability in Windows Essentials. The vulnerability could allow information
disclosure if a user opens Windows Writer using a specially crafted URL. An
attacker who successfully exploited the vulnerability could override Windows
Writer proxy settings and overwrite files accessible to the user on the
target system. In a web-based attack scenario, a website could contain a
specially crafted link that is used to exploit this vulnerability. An
attacker would have to convince users to visit the website and open the
specially crafted link.
|
|
Payload
|
Win32k.sys
|
|
Impact
|
Important - Information Disclosure
|
|
MS13-046
|
Vulnerabilities
in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221)
|
|
Description
|
This security update resolves three
privately reported vulnerabilities in Microsoft Windows. The vulnerabilities
could allow elevation of privilege if an attacker logs on to the system and
runs a specially crafted application. An attacker must have valid logon
credentials and be able to log on locally to exploit these vulnerabilities.
|
|
Payload
|
Cdd.dll, Dxgkrnl.sys, Dxgmms1.sys,
Lddmcore.ptxml
|
|
Impact
|
Important - Elevation of Privilege
|
*All results are based on an AOK
Application Compatibility Lab’s test portfolio of over 1,000 applications.
No comments:
Post a Comment