With this July Microsoft Patch Tuesday update, we see a set of 7 updates; 6 of which are marked as “Critical” and 1 rated as “Important”.
The Patch Tuesday Security Update analysis was performed by the Quest ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed amber issues.
Of the seven patches, 2 "require a restart to load correctly", and 4 "may require a restart", whilst only one definitely doesn't need a restart (MS13-058), so as usual, it is probably best to assume all require a restart to be installed correctly.
The Patch Tuesday Security Update analysis was performed by the Quest ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed amber issues.
Of the seven patches, 2 "require a restart to load correctly", and 4 "may require a restart", whilst only one definitely doesn't need a restart (MS13-058), so as usual, it is probably best to assume all require a restart to be installed correctly.
Sample Results
Here
is a sample result showing an amber warning generated as a result of the MS
patch MS13-056
Here is a sample summary report:
Testing Summary
MS13-052
|
Vulnerabilities
in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
|
MS13-053
|
Vulnerabilities
in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)
|
MS13-054
|
Vulnerability
in GDI+ Could Allow Remote Code Execution (2848295)
|
MS13-055
|
Cumulative
Security Update for Internet Explorer (2846071)
|
MS13-056
|
Vulnerability
in Microsoft DirectShow Could Allow Remote Code Execution (2845187)
|
MS13-057
|
Vulnerability
in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)
|
MS13-058
|
Vulnerability
in Windows Defender Could Allow Elevation of Privilege (2847927)
|
Security
Updates Detail
MS13-052
|
Vulnerabilities
in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
|
Description
|
This
security update resolves five privately reported vulnerabilities and two
publicly disclosed vulnerabilities in Microsoft .NET Framework and Microsoft
Silverlight. The most severe of these vulnerabilities could allow remote code
execution if a trusted application uses a particular pattern of code. An
attacker who successfully exploited this vulnerability could gain the same
user rights as the logged-on user. Users whose accounts are configured to
have fewer user rights on the system could be less impacted than users who
operate with administrative user rights.
|
Payload
|
No
specific file information
|
Impact
|
Critical
- Remote Code Execution
|
MS13-053
|
Vulnerabilities
in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)
|
Description
|
This
security update resolves two publicly disclosed and six privately reported
vulnerabilities in Microsoft Windows. The most severe vulnerability could
allow remote code execution if a user views shared content that embeds
TrueType font files. An attacker who successfully exploited this
vulnerability could take complete control of an affected system.
|
Payload
|
Spuninst.exe,
Win32k.sys
|
Impact
|
Critical
- Remote Code Execution
|
MS13-054
|
Vulnerability
in GDI+ Could Allow Remote Code Execution (2848295)
|
Description
|
This
security update resolves a privately reported vulnerability in Microsoft
Windows, Microsoft Office, Microsoft Lync, and Microsoft Visual Studio. The
vulnerability could allow remote code execution if a user views shared
content that embeds TrueType font files.
|
Payload
|
D2d1.dll,
Fntcache.dll, Dwrite.dll, D3d10level9.dll, D3d10_1.dll, D3d10_1core.dll,
D3d10.dll, D3d10core.dll, D3d10warp.dll
|
Impact
|
Critical
- Remote Code Execution
|
MS13-055
|
Cumulative
Security Update for Internet Explorer (2846071)
|
Description
|
This
security update resolves seventeen privately reported vulnerabilities in
Internet Explorer. The most severe vulnerabilities could allow remote code
execution if a user views a specially crafted webpage using Internet
Explorer. An attacker who successfully exploited the most severe of these
vulnerabilities could gain the same user rights as the current user. Users
whose accounts are configured to have fewer user rights on the system could
be less impacted than users who operate with administrative user rights.
|
Payload
|
Spuninst.exe,
Browseui.dll, Html.iec, Ieencode.dll, Iepeers.dll, Mshtml.dll, Mshtmled.dll,
Mstime.dll, Shdocvw.dll, Tdc.ocx, Url.dll, Urlmon.dll, Vgx.dll, Wininet.dll
|
Impact
|
Critical
- Remote Code Execution
|
MS13-056
|
Vulnerability
in Microsoft DirectShow Could Allow Remote Code Execution (2845187)
|
Description
|
This
security update resolves a privately reported vulnerability in Microsoft
Windows. The vulnerability could allow remote code execution if a user opens
a specially crafted image file. An attacker who successfully exploited this
vulnerability could gain the same user rights as the local user. Users whose
accounts are configured to have fewer user rights on the system could be less
impacted than users who operate with administrative user rights.
|
Payload
|
Spuninst.exe,
Qedit.dll, Wqedit.dll
|
Impact
|
Critical
- Remote Code Execution
|
MS13-057
|
Vulnerability
in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)
|
Description
|
This
security update resolves a privately reported vulnerability in Microsoft
Windows. The vulnerability could allow remote code execution if a user opens
a specially crafted media file. An attacker who successfully exploited this
vulnerability could gain the same user rights as the local user. Users whose
accounts are configured to have fewer user rights on the system could be less
impacted than users who operate with administrative user rights.
|
Payload
|
No
specific file information
|
Impact
|
Critical
- Remote Code Execution
|
MS13-058
|
Vulnerability
in Windows Defender Could Allow Elevation of Privilege (2847927)
|
Description
|
This
security update resolves a privately reported vulnerability in Windows
Defender for Windows 7 and Windows Defender when installed on Windows Server
2008 R2. The vulnerability could allow elevation of privilege due to the
pathnames used by Windows Defender. An attacker who successfully exploited
this vulnerability could execute arbitrary code and take complete control of
an affected system. The attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights. An attacker
must have valid logon credentials to exploit this vulnerability. The
vulnerability could not be exploited by anonymous users.
|
Payload
|
No
specific file information
|
Impact
|
Important
- Elevation of Privilege
|
* All results are based on the ChangeBASE
Application Compatibility Lab’s test portfolio of over 1,000 applications
No comments:
Post a Comment