Wednesday 13 July 2011

Microsoft Patch Tuesday July 12th 2011

With this July Microsoft Patch Tuesday update, we see a moderate set of updates in comparison to those lists of updates released by Microsoft for the months of April, May and June. In total there are 4 Microsoft Security Updates with the following rating; 1 rated as Critical, and 3 rated as Important by Microsoft. Given the scope and nature of this month's update, the ChangeBASE team does not expect to find a significant number of issues raised by the AOK Automated Patch Impact Assessment. The Microsoft Security Update M11-055 will require moderate testing prior to deployment due to the core operating system DLL's contained within this update.
Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this July Patch Tuesday release cycle.
Sample Results for Microsoft Update MS11-055

Below this is a snap-shot of the AOK Summary Results report from a sample AOK database and the potential issues raised with each Microsoft Security Update.





Testing Summary
  • MS11-053 : Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)
  • MS11-054 : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
  • MS11-055 : Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)?
  • MS11-056 : Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)?


Patch NameTotal
Issues
Matches
Affected
RebootRatingRAG
Microsoft Security Bulletin MS11-053<1%<1%YESGreen
Microsoft Security Bulletin MS11-054<1%<1%YESGreen
Microsoft Security Bulletin MS11-055<1%<1%YESGreen
Microsoft Security Bulletin MS11-056<1%<1%YESGreen

Legend:
No IssueNo Issues Detected
FixablePotentially fixable application Impact
SeriousSerious Compatibility Issue

Security Update Detailed Summary
MS11-053Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)
DescriptionThis security update resolves a privately reported vulnerability in the Windows Bluetooth Stack. The vulnerability could allow remote code execution if an attacker sent a series of specially crafted Bluetooth packets to an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability only affects systems with Bluetooth capability.
PayloadBthenum.sys, Bthport.sys, Bthusb.sys, Fsquirt.exe
ImpactCritical - Remote Code Execution

MS11-054Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
DescriptionThis security update resolves 15 privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
PayloadWin32k.sys, W32ksign.dll
ImpactImportant - Elevation of Privilege

MS11-055Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)?
DescriptionThis security update resolves a publicly disclosed vulnerability in Microsoft Visio. The vulnerability could allow remote code execution if a user opens a legitimate Visio file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadOmfc.dll, Omfcu.dll_0001
ImpactImportant - Remote Code Execution

MS11-056Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)?
DescriptionThis security update resolves five privately reported vulnerabilities in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerabilities could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.
PayloadCsrsrv.dll, Winsrv.dll
ImpactImportant - Elevation of Privilege

1 comment:

lionelbob said...

My Win 7 machine, was shutdown/restarted with no warning. I'm glad I was only browsing the web. If I had been on an important conference call, or editing a big excel sheet, I had no chance.