Wednesday, 18 August 2010

Office 2010 AOK Plugins Released

The launch of Windows 7 saw a flurry of new software releases for organisations looking to embrace its new functionality. Amongst them is Office 2010, and like its predecessors and the new OS, applications will need tested for compatibility prior to migration. Throughout our extensive testing process we found that a migration from Office 2000, XP or 2003 is likely to be more complex that originally expected and that’s when the pre-planning and testing the application estate really comes into its own.

Today we announced our Plug-In for Office 2010. On an in-depth analysis of 2,600 third party application packages we’ve been able to develop a Plug-in that will enable organisations to identify, analyse and automatically remediate their application portfolio to enable efficient planning and roll-out of Office 2010. Throughout our extensive testing process we found that a migration from Office 2000, XP or 2003 is likely to be more complex that originally expected and that’s when the pre-planning and testing the application estate really comes into its own.

Ultimately the AOK Plug-in for Office 2010 will give organisations the ability to speed up the entire migration process, saving time, reducing costs and promoting accurate business case planning for the project.

Friday, 13 August 2010

Patch Tuesday: August 2010


With this Microsoft Patch Tuesday update, we have the largest release of security and application updates that the ChangeBASE team has dealt with. Nine of the updates rates as Critical and the remaining 6 updates rated as Important this is a very significant release by Microsoft standards. As we have seen in many other Microsoft Patch Tuesday releases, all of these patches will require a system restart for both workstation and server environments.
We have also included a brief snap-shot image of some of the sample results from the AOK Workbench with a single application and Patch Impact Assessment result for MS10-053, the IE browser security update;





Testing Summary
  • MS10-046 : "Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)"
  • MS10-049 : "Vulnerabilities in SChannel Could Allow Remote Code Execution (980436)"
  • MS10-051 : "Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403)"
  • MS10-052 : "Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168)"
  • MS10-053 : "Cumulative Security Update for Internet Explorer (2183461)"
  • MS10-054 : "Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)"
  • MS10-055 : "Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665)"
  • MS10-056 : "Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)"
  • MS10-060 : "Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)"
  • MS10-047 : "Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)"
  • MS10-048 : "Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329)"
  • MS10-050 : "Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)"
  • MS10-057 : "Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)"
  • MS10-058 : "Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)"
  • MS10-059 : "Vulnerabilities in the Tracing Feature for Services Could Allow an Elevation of Privilege (982799)"


Patch NameTotal
Issues
Matches
Affected
RebootRatingRAG
Microsoft Security Bulletin MS10-046<1%<1%YESAmber
Microsoft Security Bulletin MS10-049<1%<1%YESGreen
Microsoft Security Bulletin MS10-05118%13%YESAmber
Microsoft Security Bulletin MS10-052<1%<1%YESGreen
Microsoft Security Bulletin MS10-053<6%<13%YESAmber
Microsoft Security Bulletin MS10-054<1%<1%YESGreen
Microsoft Security Bulletin MS10-055<1%<1%YESGreen
Microsoft Security Bulletin MS10-056<1%<1%YESGreen
Microsoft Security Bulletin MS10-060<1%<1%YESGreen
Microsoft Security Bulletin MS10-047<1%<1%YESGreen
Microsoft Security Bulletin MS10-048<1%<1%YESGreen
Microsoft Security Bulletin MS10-050<1%<1%YESGreen
Microsoft Security Bulletin MS10-0576%<6%YESAmber
Microsoft Security Bulletin MS10-058<1%<1%YESGreen
Microsoft Security Bulletin MS10-059<1%<1%YESGreen

Legend:
No IssueNo Issues Detected
FixablePotentially fixable application Impact
SeriousSerious Compatibility Issue

Security Update Detailed Summary
MS10-046Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)
DescriptionThis security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadShell32.dll, Updspapi.dll
ImpactCritical - Remote Code Execution

MS10-049Vulnerabilities in SChannel Could Allow Remote Code Execution (980436)
DescriptionThis security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site.
PayloadSchannel.dll
ImpactCritical - Remote Code Execution

MS10-051Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403)
DescriptionThis security update resolves a privately reported vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. An attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
PayloadMsxml3.dll
ImpactCritical - Remote Code Execution

MS10-052Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168)
DescriptionThis security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadL3codecx.ax
ImpactCritical - Remote Code Execution

MS10-053Cumulative Security Update for Internet Explorer (2183461)
DescriptionThis security update resolves six privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadBrowseui.dll, Html.iec, Ieencode.dll, Iepeers.dll, Mshtml.dll, Shdocvw.dll, Tdc.ocx, Urlmon.dll, Wininet.dll
ImpactCritical - Remote Code Execution

MS10-054Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)
DescriptionThis security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.
PayloadSrv.sys
ImpactCritical - Remote Code Execution

MS10-055Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665)
DescriptionThis security update resolves a privately reported vulnerability in Cinepak Codec. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadIccvid.dll
ImpactCritical - Remote Code Execution

MS10-056Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
DescriptionThis security update resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
ImpactCritical - Remote Code Execution

MS10-060Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)
DescriptionThis security update resolves two privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in convincing a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing the page, as could be the case in a Web hosting scenario.
Payload
ImpactCritical - Remote Code Execution

MS10-047Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)
DescriptionThis security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
PayloadNtkrnlmp.exe, Ntkrnlpa.exe, Ntkrpamp.exe, Ntoskrnl.exe
ImpactImportant - Elevation of Privilege

MS10-048Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329)
DescriptionThis security update resolves one publicly disclosed and four privately reported vulnerabilities in the Windows kernel-mode drivers. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
PayloadWin32k.sys
ImpactImportant - Elevation of Privilege

MS10-050Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)
DescriptionThis security update resolves a privately reported vulnerability in Windows Movie Maker. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadMoviemk.exe
ImpactImportant - Remote Code Execution

MS10-057Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)
DescriptionThis security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadExcel.exe
ImpactImportant - Remote Code Execution

MS10-058Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)
DescriptionThis security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege due to an error in the processing of a specific input buffer. An attacker who is able to log on to the target system could exploit this vulnerability and run arbitrary code with system-level privileges. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
PayloadTcpipreg.sys, Netio.sys, Bfe.dll, Fwpkclnt.sys, Fwpuclnt.dll, Ikeext.dll, Wfp.mof, Wfp.tmf, Tcpip.sys
ImpactImportant - Elevation of Privilege

MS10-059Vulnerabilities in the Tracing Feature for Services Could Allow an Elevation of Privilege (982799)
DescriptionThis security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Tracing Feature for Services. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
PayloadRtutils.dll
ImpactImportant - Elevation of Privilege


*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.

Monday, 9 August 2010

August Patch Tuesday - Wow, a busy time for the deployment team

Within the next 24 hours we'll get to see the latest security patch updates from Microsoft.

Those who find these Microsoft Security Update notifications of use will already know that this month, August,  is going to be a big one.  Looking at the list of 14  security patches being released tomorrow will mean alot of comapnies are going to have alot of work to do to ensure they maintain their stringent level levels of security to avoid opening up the gate of vulnerability. what's interesting to me is the fact that 8 out of the 14 patches are ranked as critical.

This further highlights the need for companies to be extra vigilent during the holiday session.Once again this is an area which organisations can't avoid to be complacent. With 8 critical patches being released it will be all hands to the pump  on Wednesday. I on the other hand will be off on my holidays but the ChangeBASE AOK Patch report will be out as usual.

To have a look at the pre-release information click here:


Monday, 2 August 2010

Microsoft Releases Emergency Update today

Later today Microsoft will issue an emergency patch later today to fix a critical flaw in Windows that enables hackers to run code and take over PCs. Outlined on Trusted Reviews site, there are several things that spring to mind.

The fact that this type of response from Microsoft is known as an OOB (Out OF Band) release and as such is an emergency release. Normal non-high risk patches are incorporated into the monthly Patch Tuesday report. But this one is gaining specific and immediate attention by MS, requiring a rapid response from them hence a quick testing turn around.

In light of the speed at which MS are addressing the issue, our advice would be to test, and deploy as fast as possible. With this one, organisations can’t afford to sit back and see what happens, they need to act fast. Waiting for next week’s Patch Tuesday updates is not an option for this security issue.

And, here is the link to the original site;
http://www.trustedreviews.com/software/news/2010/08/02/Microsoft-to-Release-Emergency-Security-Patch/p1?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TRVNews+%28TrustedReviews+News+only+Feed%29

To receive updates like these in the future, feel free to sign-up for the Security Update Advance Notification service found here:
http://www.microsoft.com/technet/security/bulletin/notify.mspx.