Wednesday 12 June 2013

Microsoft Patch Tuesday - June 2013

With this June Microsoft Patch Tuesday update, we see a set of 5 updates; 1of which is  marked as “Critical” and 4 rated as “Important”.
 
The Patch Tuesday Security Update analysis was performed by the Quest ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed amber issues.
 
Of the five patches, all will  "require a restart to load correctly",   so as usual, it is probably best to assume all require a restart to be installed correctly.

Here is a quick snap-shot of the results from our ChangeBASE Patch Impact Assessment for June 2013. As you can see Security Updates MS13-047 and MS13-051 appear to have an overlap with a number of sample packages - potentially causing a compatibility impact upon application installation or during runtime.



In addition, we have supplied a Testing Overview for the sample database run by the ChangeBASE development team. Here you can see that again, patch 47 and 51 appear to raise a number of issues against the test portfolio for this Patch Tuesday update.














And, to add to some detail to the report, we have included the Patch Details for this June 2013 Patch Tuesday update. Most importantly, the following table includes all of payload or files updated or added by each Patch Tuesday update.

Patch Tuesday Security Update Details
MS13-047
Cumulative Security Update for Internet Explorer (2838727)
Description
This security update resolves nineteen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
Browseui.dll, Html.iec, Ieencode.dll, Iepeers.dll, Mshtml.dll, Mshtmled.dll, Mstime.dll, Shdocvw.dll, Tdc.ocx, Url.dll, Urlmon.dll, Vgx.dll, Wininet.dll, Ie4uinit.exe, Iedkcs32.dll, Iedvtool.dll, Ieframe.dll, Ieproxy.dll, Iertutil.dll, Inetcpl.cpl, Jsdbgui.dll, Jsproxy.dll, Licmgr10.dll, Msfeeds.dll, Msfeedsbs.dll,   Occache.dll, Xpshims.dll, Iexplore.exe, Wininetplugin.dll, Msfeeds.mof, Mshtml.tlb, Ieshims.dll, Ieunatt.exe, Sqmapi.dll, Ieui.dll, Jsdebuggeride.dll, Jscript.dll, Jscript9.dll, Vbscript.dll
Impact
Critical - Remote Code Execution

MS13-048
Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229)
Description
This security update resolves one privately reported vulnerability in Windows. The vulnerability could allow information disclosure if an attacker logs on to a system and runs a specially crafted application or convinces a local, logged-in user to run a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
Payload
Ntkrnlmp.exe, Ntkrnlpa.exe, Ntkrpamp.exe, Ntoskrnl.exe
Impact
Important - Information Disclosure

MS13-049
Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690)
Description
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends specially crafted packets to the server. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
Payload
Netio.sys, Fwpkclnt.sys, Tcpip.sys
Impact
Important - Denial of Service

MS13-050
Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894)
Description
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege when an authenticated attacker deletes a printer connection. An attacker must have valid logon credentials and be able to log on to exploit this vulnerability.
Payload
Printcom.dll, Win32spl.dll
Impact
Important - Elevation of privilege

MS13-051
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571)
Description
This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Office document using an affected version of Microsoft Office software, or previews or opens a specially crafted email message in Outlook while using Microsoft Word as the email reader. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
Ietag.dll, Mso.dll
Impact
Important - Remote Code Execution

*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications. 

No comments: