Thursday 13 August 2009

Patch Tuesday - August 2009

This AOK Patch Impact report deals with the August 11th Microsoft Patch Tuesday Security Update. This Microsoft security update includes nine patches; five rated Critical and the other four rated as Important by Microsoft.

After loading the ChangeBASE AOK application testing portfolio into the AOK Patch Impact database, the nine patches were tested for application level issues and in addition; application dependencies. For these nine Microsoft Security updates, only the Microsoft Office updates (MS09-043 and 039) raised a minor number of issues against the ChangeBASE AOK test application portfolio. All other updates did not raise any other patch impact related issues.

With these very low numbers of issues for these nine security updates, the ChangeBASE AOK team recommends that all these patches are rapidly deployed to a staging environment and then subsequently into Production.

The ChangeBASE AOK team recommends that with all changes to an environment basic UAT testing is performed on all business critical applications. However, for the Microsoft Security updates marked as Green, only marginal build level testing should be required.

Here is a sample report extract from one of the few applications in the AOK ChangeBASE Application Test Portfolio that raised a number of dependency level issues with the MS09-039 Security Update.

img

Testing Summary
  • MS09-036: Impact (both Package level and dependencies) detected across portfolio
  • MS09-037: Impact (both Package level and dependencies) detected across portfolio
  • MS09-038: Impact (both Package level and dependencies) detected across portfolio
  • MS09-039: Impact (both Package level and dependencies) detected across portfolio
  • MS09-040: Impact (both Package level and dependencies) detected across portfolio
  • MS09-041: Impact (both Package level and dependencies) detected across portfolio
  • MS09-042: Impact (both Package level and dependencies) detected across portfolio
  • MS09-043: Impact (both Package level and dependencies) detected across portfolio
  • MS09-044: Impact (both Package level and dependencies) detected across portfolio











Patch Name Total
Issues
Matches
Affected
Reboot Rating RAG
Microsoft Security Bulletin MS09-036 0 <1% YES Important Important
Microsoft Security Bulletin MS09-037 0 <1% YES Critical Critical
Microsoft Security Bulletin MS09-038 0 <1% YES Critical Critical
Microsoft Security Bulletin MS09-039 1 <1% YES Critical Critical
Microsoft Security Bulletin MS09-040 0 <1% YES Important Important
Microsoft Security Bulletin MS09-041 0 <1% YES Important Important
Microsoft Security Bulletin MS09-042 0 <1% YES Important Important
Microsoft Security Bulletin MS09-043 2 <1% YES Critical Critical
Microsoft Security Bulletin MS09-044 0 <1% YES Critical Critical


Legend:
No Issue No Issues Detected
Fixable Potentially fixable application Impact
Serious Serious Compatibility Issue


Security Update Detailed Summary
MS09-036 Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)
Description This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload Aspnet_wp.exe, Webengine.dll, System.web.dll
Impact Important

MS09-037 Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
Description This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload Spupdsvc.exe, Updspapi.dll, Wmp.dll, Wmpdxm.dll
Impact Critical

MS09-038 Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557).
Description This security update resolves two privately reported vulnerabilities in Windows Media file processing. Either vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload Avifil32.dll
Critical Critical

MS09-039 Vulnerabilities in WINS Could Allow Remote Code Execution (969883).
Description This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue.
Payload Sp3res.dll, Wins.exe, Winsevnt.dll.
Impact Critical

MS09-040 Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032).
Description This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually install the Message Queuing component are likely to be vulnerable to this issue.
Payload Mq1repl.dll, Mq1sync.exe, Mqac.sys, Mqads.dll, Mqbkup.exe, Mqcertui.dll, Mqclus.dll, Mqdbodbc.dll, Mqdscli.dll, Mqdssrv.dll, Mqlogmgr.dll, Mqmig.exe, Mqmigrat.dll, Mqoa.dll, Mqperf.dll, Mqqm.dll, Mqrperf.dll, Mqrt.dll, Mqsec.dll, Mqsnap.dll, Mqsvc.exe, Mqupgrd.dll, Mqutil.dll, Msmq.cpl, Msmqocm.dll.
Impact Critical

MS09-041 Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657).
Description This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users..
Payload Wkssvc.dll.
Impact Important

MS09-042 Vulnerability in Telnet Could Allow Remote Code Execution (960859).
Description This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights..
Payload tlntsess.exe, telnet.exe.
Impact Important

MS09-043 Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638).
Description This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload Owc11.dll, Owc11pia.dll, Atp.dll, Owc10.dll.
Impact Critical

MS09-044 Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927).
Description This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload Mstscax.dll, Msrdp.ocx, Msrdpcustom.dll, 2k3mstsc.exe, 2k3mstscax.dll, 2k3mstsc.exe, 2k3mstscax.dll.
Impact Critical

c. 800 applications were tested against these patches using the ChangeBASE ACL (Application Compatibility Lab)

No comments: