Thursday 15 January 2009

Microsoft Patch Tuesday for January 2009

As the first and only patch update from Microsoft for the start of the year 2009, we have not detected potential patch impact issues for our testing portfolio. This makes sense as the Microsoft patch relates to the network component SMP which is rarely (if ever used) by applications. As a result, very few applications in use today will ship components that neither affect the contents of the patch MS09-001, nor are applications likely to depend on the primary file updated by this patch (SRV.SYS).

In addition to the standard Microsoft Patch Tuesday, two previous patches were re-released a few hours after the initial Patch Tuesday updates were released. These releases included;

  • Microsoft Security Bulletin MS08-072
  • Microsoft Security Bulletin MS08-076

The expectations from the ChangeBASE team are that the Microsoft update MSO9-001 is very unlikely to cause OS level or application compatibility issues. In addition, the two update patches had marginal impact on the AOK Application portfolio.

A sample of these results includes;



Testing Summary
  • MS09-001: No Impact (both Package level and dependencies) detected across portfolio
  • MS08-072: Marginal impact for Office related applications
  • MS08-076: No Impact (both Package level and dependencies) detected across portfolio




Patch NameTotal Issues% of apps
Affected
RebootRatingRAG
Microsoft Security Bulletin MS09-001<1%<1%YESCCritical
Microsoft Security Bulletin MS08-072<1%<1%YESCCritical
Microsoft Security Bulletin MS08-076<1%<1%YESIImportant


Legend: 

M = Moderate 
I = Important 
C = Critical 
No IssueNo Issues Detected
FixablePotentially fixable application Impact
SeriousSerious Compatibility Issue


c. 800 applications were tested against these patches using the ChangeBASE ACL (Application Compatibility Lab)


Security Update Detailed Summary
MS09-001Vulnerabilities in SMB Could Allow Remote Code Execution (958687)
DescriptionThis security update resolves several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
PayloadSrv.sys
ImpactRemote Code Execution

MS08-072Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
DescriptionThis security update resolves eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook that could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadWinword.exe, Wwlib.dll, Msword.olb, Wrd12cnv.dll, Wordcnv.exe
ImpactRemote Code Execution

MS08-076Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
DescriptionThis security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadRegistry settings only
ImpactRemote Code Execution

No comments: