Executive Summary
With this October Microsoft Patch Tuesday update, we see a set of 7 updates; 1 of which is Critical, and 6 with rating of Important.
The Patch Tuesday Security Update analysis was performed by the Quest ChangeBASE Patch Impact team identified a small percentage of applications from the thousands of applications included in testing for this release which showed an Amber issue.
Patches MS12-068 and MS12-069 both require a reboot for the patch to be installed correctly.
Sample Results
Here is a sample of the results for one package against the patch Tuesday updates:
And, here is a sample Summary Report of the potential impact of these Microsoft updates;
Testing Summary
Vulnerabilities in Microsoft Word Could
Allow Remote Code Execution (2742319)
|
|
MS12-065
|
Vulnerability in Microsoft Works Could
Allow Remote Code Execution (2754670)
|
MS12-066
|
Vulnerability in HTML Sanitization
Component Could Allow Elevation of Privilege (2741517)
|
MS12-067
|
Vulnerabilities in FAST Search Server
2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)
|
MS12-068
|
Vulnerability in Windows Kernel Could
Allow Elevation of Privilege (2724197)This security update resolves a
privately reported vulnerability in all supported releases of Microsoft
Windows except Windows 8 and Windows Server 2012. This security update is
rated Important for all supported editions of Windows XP, Windows Server
2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008
R2.
|
MS12-069
|
Vulnerability in Kerberos Could Allow
Denial of Service (2743555)
|
MS12-070
|
Vulnerability in SQL Server Could Allow
Elevation of Privilege (2754849)
|
Security Update Detailed Summary
MS12-064
|
Vulnerabilities
in Microsoft Word Could Allow Remote Code Execution (2742319)
|
Description
|
This security update resolves two
privately reported vulnerabilities in Microsoft Office. The more severe
vulnerability could allow remote code execution if a user opens or previews a
specially crafted RTF file. An attacker who successfully exploited this vulnerability
could gain the same user rights as the current user. Users whose accounts are
configured to have fewer user rights on the system could be less impacted
than users who operate with administrative user rights.
|
Payload
|
WinWord.exe, WordIcon.exe, WordCnv.dll,
Wwlib.dll
|
Impact
|
Critical - Remote Code Execution
|
MS12-065
|
Vulnerability
in Microsoft Works Could Allow Remote Code Execution (2754670)
|
Description
|
This security update resolves a privately
reported vulnerability in Microsoft Works. The vulnerability could allow
remote code execution if a user opens a specially crafted Microsoft Word file
using Microsoft Works. An attacker who successfully exploited this
vulnerability could gain the same user rights as the current user. Users
whose accounts are configured to have fewer user rights on the system could
be less impacted than users who operate with administrative user rights.
|
Payload
|
kwpqrtf.dll, kwpqd.dll, ksssdb.dll,
kimg90.dll, kcvqd01.dll, kcvqr01.dll, orks632.cnv, kproof.dll, kimgl90.dll,
orksup.dll
|
Impact
|
Important - Remote Code Execution
|
MS12-066
|
Vulnerability
in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)
|
Description
|
This security update resolves a publicly
disclosed vulnerability in Microsoft Office, Microsoft Communications
Platforms, Microsoft Server software, and Microsoft Office Web Apps. The
vulnerability could allow elevation of privilege if an attacker sends
specially crafted content to a user.
|
Payload
|
No Specific File Information
|
Impact
|
Important - Elevation of Privilege
|
MS12-067
|
Vulnerabilities
in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code
Execution (2742321)
|
Description
|
This security update resolves publicly
disclosed vulnerabilities in Microsoft FAST Search Server 2010 for
SharePoint. The vulnerabilities could allow remote code execution in the
security context of a user account with a restricted token. FAST Search
Server for SharePoint is only affected by this issue when Advanced Filter
Pack is enabled. By default, Advanced Filter Pack is disabled.
|
Payload
|
No Specific File Information
|
Impact
|
Important - Remote Code Execution
|
MS12-068
|
Vulnerability
in Windows Kernel Could Allow Elevation of Privilege (2724197)This security
update resolves a privately reported vulnerability in all supported releases
of Microsoft Windows except Windows 8 and Windows Server 2012. This security
update is rated Important for all supported editions of Windows XP, Windows
Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows
Server 2008 R2.
|
Description
|
The vulnerability could allow elevation
of privilege if an attacker logs on to the system and runs a specially
crafted application. An attacker must have valid logon credentials and be
able to log on locally to exploit this vulnerability.
|
Payload
|
Ntkrnlmp.exe, Ntkrnlpa.exe, Ntkrpamp.exe,
Ntoskrnl.exe
|
Impact
|
Important - Elevation of Privilege
|
MS12-069
|
Vulnerability
in Kerberos Could Allow Denial of Service (2743555)
|
Description
|
This security update resolves a privately
reported vulnerability in Microsoft Windows. The vulnerability could allow
denial of service if a remote attacker sends a specially crafted session
request to the Kerberos server. Firewall best practices and standard default
firewall configurations can help protect networks from attacks that originate
outside the enterprise perimeter. Best practices recommend that systems that
are connected to the Internet have a minimal number of ports exposed.
|
Payload
|
Kerberos.dll
|
Impact
|
Important - Denial of Service
|
MS12-070
|
Vulnerability
in SQL Server Could Allow Elevation of Privilege (2754849)
|
Description
|
This security update resolves a privately
reported vulnerability in Microsoft SQL Server on systems running SQL Server
Reporting Services (SSRS). The vulnerability is a cross-site-scripting (XSS)
vulnerability that could allow elevation of privilege, enabling an attacker
to execute arbitrary commands on the SSRS site in the context of the targeted
user. An attacker could exploit this vulnerability by sending a specially
crafted link to the user and convincing the user to click the link. An
attacker could also host a website that contains a webpage designed to
exploit the vulnerability. In addition, compromised websites and websites
that accept or host user-provided content or advertisements could contain
specially crafted content that could exploit this vulnerability.
|
Payload
|
Microsoft.reportingservices.diagnostics.dll,
Microsoft.reportingservices.nullrendering.dll, Ms.rs.dataextensions.dll, Ms.rs.designer.dll,
Ms.rs.designer.import.dll, Ms.rs.designer.wizards.dll, Ms.rs.diagnostics.dll,
Ms.rs.interfaces.dll, Ms.rs.library.dll, Ms.rs.nativeclient.dll,
Ms.rs.pabin.csvrendering.dll, Ms.rs.pabin.excelrendering.dll,
Ms.rs.pabin.htmlrendering.dll, Ms.rs.pabin.imagerendering.dll,
Ms.rs.pabin.webserver.dll, Ms.rs.pabin.xmlrendering.dll,
Ms.rs.processing.dll, Ms.rs.reportpreview.dll, Ms.rs.sqlsortwrapper.dll,
Reportingservices.authorization, Reportingservices.csvrendering.dll,
Reportingservices.dataextensions, Reportingservices.diagnostics.dll,
Reportingservices.excelrendering, Reportingservices.htmlrendering.dll,
Reportingservices.imagerendering, Reportingservices.interfaces.dll,
Reportingservices.processing.dll, Reportingservices.xmlrendering.dll, Reportingservicescompression.dll,
Reportingservicesemaildeliveryprovider.dll,
Reportingservicesfilesharedeliveryprovider.dll, Reportingserviceslibrary.dll,
Reportingservicesnativeclient.dll, Reportingservicesnativeserver.dll,
Reportingservicesnulldeliveryprovider.dll, Reportingservicesservice.exe,
Reportingservicessqlsortwrapper.dll, Reportingserviceswebserver.dll, Rs.exe,
Rsactivate.exe, Rsclientprint.cab, Rsconfig.exe, Rsemaildeliveryprovider.dll,
Rskeymgmt.exe, Rsreporthost.exe, Rswebuserinterface.dll
|
Impact
|
Important - Elevation of Privilege
|
*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.
No comments:
Post a Comment