Wednesday 10 July 2013

Microsoft Patch Tuesday - July 2013

With this July Microsoft Patch Tuesday update, we see a set of 7 updates; 6 of which are marked as “Critical” and 1 rated as “Important”.

The Patch Tuesday Security Update analysis was performed by the Quest ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed amber issues.

Of the seven patches, 2 "require a restart to load correctly", and 4 "may require a restart", whilst only one definitely doesn't need a restart (MS13-058), so as usual, it is probably best to assume all require a restart to be installed correctly.
Sample Results 

Here is a sample result showing an amber warning generated as a result of the MS patch MS13-056

Here is a sample summary report:


Testing Summary

MS13-052
Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
MS13-053
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)
MS13-054
Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)
MS13-055
Cumulative Security Update for Internet Explorer (2846071)
MS13-056
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)
MS13-057
Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)
MS13-058
Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)


Security Updates Detail
MS13-052
Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
Description
This security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a trusted application uses a particular pattern of code. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
No specific file information
Impact
Critical - Remote Code Execution

MS13-053
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)
Description
This security update resolves two publicly disclosed and six privately reported vulnerabilities in Microsoft Windows. The most severe vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Payload
Spuninst.exe, Win32k.sys
Impact
Critical - Remote Code Execution

MS13-054
Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)
Description
This security update resolves a privately reported vulnerability in Microsoft Windows, Microsoft Office, Microsoft Lync, and Microsoft Visual Studio. The vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files.
Payload
D2d1.dll, Fntcache.dll, Dwrite.dll, D3d10level9.dll, D3d10_1.dll, D3d10_1core.dll, D3d10.dll, D3d10core.dll, D3d10warp.dll
Impact
Critical - Remote Code Execution

MS13-055
Cumulative Security Update for Internet Explorer (2846071)
Description
This security update resolves seventeen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
Spuninst.exe, Browseui.dll, Html.iec, Ieencode.dll, Iepeers.dll, Mshtml.dll, Mshtmled.dll, Mstime.dll, Shdocvw.dll, Tdc.ocx, Url.dll, Urlmon.dll, Vgx.dll, Wininet.dll
Impact
Critical - Remote Code Execution

MS13-056
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)
Description
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted image file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
Spuninst.exe, Qedit.dll, Wqedit.dll
Impact
Critical - Remote Code Execution

MS13-057
Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)
Description
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
No specific file information
Impact
Critical - Remote Code Execution

MS13-058
Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)
Description
This security update resolves a privately reported vulnerability in Windows Defender for Windows 7 and Windows Defender when installed on Windows Server 2008 R2. The vulnerability could allow elevation of privilege due to the pathnames used by Windows Defender. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
Payload
No specific file information
Impact
Important - Elevation of Privilege
  
* All results are based on the ChangeBASE Application Compatibility Lab’s test portfolio of over 1,000 applications

No comments: