October 2009 saw the biggest Microsoft security update - both in terms of breadth and depth of patches delivered and bugs fixed.
However, we have seen three updates to this October Security update over the past few weeks.
On October 14, Microsoft offered up a workaround for a problem with MS09-056, then corrected several errors in MS09-062 last week.
The company also revised an August update, MS09-043, last week to correct a patch-detection error that may have left some corporate users who receive updates via Windows Server Update Services (WSUS) un-patched.
Now, the Internet Explorer (IE) 8 Patch MS09-054 was updated on November 3rd with a binary level revision of the security files.
From our last AOK Patch Tuesday assessment, here are the details for this patch.
MS09-054 | Cumulative Security Update for Internet Explorer (974455) |
Description | This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Payload | Iecustom.dll, Browseui.dll, Cdfview.dll, Danim.dll, Dxtmsft.dll, Dxtrans.dll, Iepeers.dll, Inseng.dll, Jsproxy.dll, Mshtml.dll, Msrating.dll, Mstime.dll, Pngfilt.dll, Shdocvw.dll, Shlwapi.dll, Urlmon.dll, Wininet.dll, Browseui.dll, Cdfview.dll, Danim.dll, Dxtmsft.dll, Dxtrans.dll, Iepeers.dll, Inseng.dll, Jsproxy.dll, Mshtml.dll, Msrating.dll, Mstime.dll, Pngfilt.dll, Shdocvw.dll, Shlwapi.dll, Urlmon.dll, Wininet.dll, Iecustom.dll |
Impact | Critical – Remote Code Execution |
We at the AOK Patch team were pretty concerned about this patch and rated it an AMBER due to the number of application overlaps and the potential for impacts on the target Operating system. We have re-run the reports for this patch and the updated BITS do not materially impact the results. However, the AOK team still recommends that this patch requires extensive testing prior to deployment.
For reference, I have included the RAG status for all of these patches in this blog posting;
| Patch Name | Total Issues | Matches Affected | Reboot | Rating | RAG |
|---|---|---|---|---|---|
| Security Bulletin MS09-050 | <1% | <1% | YES | Critical |  |
| Security Bulletin MS09-051 | <1% | <1% | YES | Critical | |
| Security Bulletin MS09-052 | <1% | <1% | YES | Critical | |
| Security Bulletin MS09-053 | <1% | <1% | YES | Critical | |
| Security Bulletin MS09-054 | 1% | 1% | YES | Critical |  |
| Security Bulletin MS09-055 | <1% | <1% | YES | Critical | |
| Security Bulletin MS09-056 | <1% | <1% | YES | Critical | |
| Security Bulletin MS09-057 | <1% | <1% | YES | Critical | |
| Security Bulletin MS09-058 | <1% | <1% | YES | Critical | |
| Security Bulletin MS09-059 | <1% | <1% | YES | Critical | |
| Security Bulletin MS09-060 | 1% | 1% | YES | Critical | |
| Security Bulletin MS09-061 | 1% | 1% | YES | Critical | |
| Security Bulletin MS09-062 | 11% | <1% | YES | Critical |  |
And, for all those not rabidly following the AOK "Language of Life", we use Red, Amber and Green to colour our world. So, here is a legend for these results.
Legend:
| No Issues Detected |
| Potentially fixable application Impact |
| Serious Compatibility Issue |
No comments:
Post a Comment