This AOK Patch Impact report deals with the August 11th Microsoft Patch Tuesday Security Update. This Microsoft security update includes nine patches; five rated Critical and the other four rated as Important by Microsoft.
After loading the ChangeBASE AOK application testing portfolio into the AOK Patch Impact database, the nine patches were tested for application level issues and in addition; application dependencies. For these nine Microsoft Security updates, only the Microsoft Office updates (MS09-043 and 039) raised a minor number of issues against the ChangeBASE AOK test application portfolio. All other updates did not raise any other patch impact related issues.
With these very low numbers of issues for these nine security updates, the ChangeBASE AOK team recommends that all these patches are rapidly deployed to a staging environment and then subsequently into Production.
The ChangeBASE AOK team recommends that with all changes to an environment basic UAT testing is performed on all business critical applications. However, for the Microsoft Security updates marked as Green, only marginal build level testing should be required.
Here is a sample report extract from one of the few applications in the AOK ChangeBASE Application Test Portfolio that raised a number of dependency level issues with the MS09-039 Security Update.
Testing Summary - MS09-036: Impact (both Package level and dependencies) detected across portfolio
- MS09-037: Impact (both Package level and dependencies) detected across portfolio
- MS09-038: Impact (both Package level and dependencies) detected across portfolio
- MS09-039: Impact (both Package level and dependencies) detected across portfolio
- MS09-040: Impact (both Package level and dependencies) detected across portfolio
- MS09-041: Impact (both Package level and dependencies) detected across portfolio
- MS09-042: Impact (both Package level and dependencies) detected across portfolio
- MS09-043: Impact (both Package level and dependencies) detected across portfolio
- MS09-044: Impact (both Package level and dependencies) detected across portfolio
| Patch Name | Total
Issues | Matches
Affected | Reboot | Rating | RAG |
| Microsoft Security Bulletin MS09-036 | 0 | <1% | YES | Important |  |
| Microsoft Security Bulletin MS09-037 | 0 | <1% | YES | Critical | |
| Microsoft Security Bulletin MS09-038 | 0 | <1% | YES | Critical | |
| Microsoft Security Bulletin MS09-039 | 1 | <1% | YES | Critical | |
| Microsoft Security Bulletin MS09-040 | 0 | <1% | YES | Important | |
| Microsoft Security Bulletin MS09-041 | 0 | <1% | YES | Important | |
| Microsoft Security Bulletin MS09-042 | 0 | <1% | YES | Important | |
| Microsoft Security Bulletin MS09-043 | 2 | <1% | YES | Critical | |
| Microsoft Security Bulletin MS09-044 | 0 | <1% | YES | Critical | |
Legend:
| No Issues Detected |
 | Potentially fixable application Impact |
 | Serious Compatibility Issue |
|
Security Update Detailed Summary
| MS09-036 | Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957) |
| Description | This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | Aspnet_wp.exe, Webengine.dll, System.web.dll |
| Impact | Important |
| MS09-037 | Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908) |
| Description | This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | Spupdsvc.exe, Updspapi.dll, Wmp.dll, Wmpdxm.dll |
| Impact | Critical |
| MS09-038 | Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557). |
| Description | This security update resolves two privately reported vulnerabilities in Windows Media file processing. Either vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | Avifil32.dll |
| Critical | Critical |
| MS09-039 | Vulnerabilities in WINS Could Allow Remote Code Execution (969883). |
| Description | This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue. |
| Payload | Sp3res.dll, Wins.exe, Winsevnt.dll. |
| Impact | Critical |
| MS09-040 | Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032). |
| Description | This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually install the Message Queuing component are likely to be vulnerable to this issue. |
| Payload | Mq1repl.dll, Mq1sync.exe, Mqac.sys, Mqads.dll, Mqbkup.exe, Mqcertui.dll, Mqclus.dll, Mqdbodbc.dll, Mqdscli.dll, Mqdssrv.dll, Mqlogmgr.dll, Mqmig.exe, Mqmigrat.dll, Mqoa.dll, Mqperf.dll, Mqqm.dll, Mqrperf.dll, Mqrt.dll, Mqsec.dll, Mqsnap.dll, Mqsvc.exe, Mqupgrd.dll, Mqutil.dll, Msmq.cpl, Msmqocm.dll. |
| Impact | Critical |
| MS09-041 | Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657). |
| Description | This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.. |
| Payload | Wkssvc.dll. |
| Impact | Important |
| MS09-042 | Vulnerability in Telnet Could Allow Remote Code Execution (960859). |
| Description | This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.. |
| Payload | tlntsess.exe, telnet.exe. |
| Impact | Important |
| MS09-043 | Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638). |
| Description | This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | Owc11.dll, Owc11pia.dll, Atp.dll, Owc10.dll. |
| Impact | Critical |
| MS09-044 | Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927). |
| Description | This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Payload | Mstscax.dll, Msrdp.ocx, Msrdpcustom.dll, 2k3mstsc.exe, 2k3mstscax.dll, 2k3mstsc.exe, 2k3mstscax.dll. |
| Impact | Critical |
c. 800 applications were tested against these patches using the ChangeBASE ACL (Application Compatibility Lab)
No comments:
Post a Comment