Wednesday 15 July 2009

Patch Tuesday: Microsoft Security Update for July

This is a moderate update from Microsoft for the July Microsoft Patch Tuesday Security release. This month includes six patches, three rated Critical, and three rated as Important.

After loading the ChangeBASE AOK application testing portfolio into an AOK Patch Impact database, all six patches were tested for application level issues and in addition; application dependencies. For this month, all of the six Microsoft Security Updates (MS09-028 to MS09-033) raised very few or no application level or dependency level issues with the AOK Application Test portfolio. Thus, these six patches were rated as Green.

Given the very low numbers of issues for these six security updates, the ChangeBASE AOK team recommends that all these patches are rapidly deployed to a staging environment and then subsequently into Production.

The ChangeBASE AOK team recommends that with all changes to an environment basic UAT testing is performed on all business critical applications. However, for the six July Microsoft Security updates marked as Green, only marginal build level testing should be required.

Here is a sample report extract from one of the few applications in the AOK ChangeBASE Application Test Portfolio that raised a number of dependency level issues with the MS09-032 Security Update.

img

Testing Summary
  • MS09-028: Marginal Impact (both Package level and dependencies) detected across portfolio
  • MS09-029: Marginal Impact (both Package level and dependencies) detected across portfolio
  • MS09-030: Marginal Impact (both Package level and dependencies) detected across portfolio
  • MS09-031: Marginal Impact (both Package level and dependencies) detected across portfolio
  • MS09-032: Marginal Impact (both Package level and dependencies) detected across portfolio
  • MS09-033: Marginal Impact (both Package level and dependencies) detected across portfolio


Patch NameTotal
Issues
Matches
Affected
RebootRatingRAG
Microsoft Security Bulletin MS09-028 0 <1%YESCritical Critical
Microsoft Security Bulletin MS09-029 3 <1%YESCritical Critical
Microsoft Security Bulletin MS09-030 2 <1%YESCritical Critical
Microsoft Security Bulletin MS09-031 0 <1%YESImportantImportant
Microsoft Security Bulletin MS09-03216 <1%YESImportantImportant
Microsoft Security Bulletin MS09-033 0 <1%YESImportantImportant


Legend:
No IssueNo Issues Detected
FixablePotentially fixable application Impact
SeriousSerious Compatibility Issue


Security Update Detailed Summary
MS09-028Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
Description This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload Quartz.dll
Impact Critical

MS09-029Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
Description This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload Fontsub.dll, T2embed.dll
Impact Critical

MS09-030Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (969516).
Description This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload Morph9.dll, Mspub.exe, Prtf9.dll, Ptxt9.dll, Pubconv.dll, Pubtrap.dll
ImpactCritical

MS09-031Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953).
Description This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation.
Payload Authdflt.dll, Comphp.dll, Complp.dll, Cookieauthfilter.dll, Diffserv.dll, Fweng.sys, Httpfilter.dll, Linktranslation.dll, Msfpc.dll, Msfpccom.dll, Msfpcsnp.dll, Msfpcui.dll, Mspadmin.exe, Ratlib.dll, Socksflt.dll, W3filter.dll, W3prefch.exe, Wploadbalancer.dll, Wspsrv.exe.
ImpactImportant

MS09-032Cumulative Security Update of ActiveX Kill Bits (973346).
Description This security update resolves a privately reported vulnerability in Microsoft Video ActiveX Control. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer that uses the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload No binary files included. Only CLSID kill bits for specific COM objects.
ImpactImportant

MS09-033Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856).
Description This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights..
Payload VMM.sys.
ImpactImportant

c. 800 applications were tested against these patches using the ChangeBASE ACL (Application Compatibility Lab)

No comments: