With this August Microsoft Patch Tuesday update, we see a set of 8 updates; 3 of which are marked as “Critical” and 5 rated as “Important”.
The Patch Tuesday Security Update analysis was performed by the Dell ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed amber issues.
Of the eight patches, 5 "require a restart to load correctly", and 3 "may require a restart", so the usual advice is that it is probably best to assume all require a restart to be installed correctly.
The Patch Tuesday Security Update analysis was performed by the Dell ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed amber issues.
Of the eight patches, 5 "require a restart to load correctly", and 3 "may require a restart", so the usual advice is that it is probably best to assume all require a restart to be installed correctly.
Sample Results
Here are two sample results showing amber warnings generated as a result of patches MS13-059 and MS13-060
And, Here is a sample summary report:
Security Update Detailed Summary
Here are two sample results showing amber warnings generated as a result of patches MS13-059 and MS13-060
|
MS13-059
|
Cumulative Security Update for Internet Explorer (2862772)
|
|
Description
|
This security update resolves eleven privately reported
vulnerabilities in Internet Explorer. The most severe vulnerabilities could
allow remote code execution if a user views a specially crafted webpage using
Internet Explorer. An attacker who successfully exploited the most severe of
these vulnerabilities could gain the same user rights as the current user.
Users whose accounts are configured to have fewer user rights on the system
could be less impacted than users who operate with administrative user rights.
|
|
Payload
|
Browseui.dll, Html.iec, Ieencode.dll, Iepeers.dll,
Mshtml.dll, Mshtmled.dll, Mstime.dll, Shdocvw.dll, Tdc.ocx, Url.dll,
Urlmon.dll, Vgx.dll, Wininet.dll
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS13-060
|
Vulnerability in Unicode Scripts Processor Could Allow
Remote Code Execution (2850869)
|
|
Description
|
This security update resolves a privately reported
vulnerability in the Unicode Scripts Processor included in Microsoft Windows.
The vulnerability could allow remote code execution if a user viewed a
specially crafted document or webpage with an application that supports
embedded OpenType fonts. An attacker who successfully exploited this
vulnerability could gain the same user rights as the current user. Users
whose accounts are configured to have fewer user rights on the system could
be less impacted than users who operate with administrative user rights.
|
|
Payload
|
Usp10.dll, Wusp10.dll
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS13-061
|
Vulnerabilities in Microsoft Exchange Server Could Allow
Remote Code Execution (2876063)
|
|
Description
|
This security update resolves three publicly disclosed
vulnerabilities in Microsoft Exchange Server. The vulnerabilities exist in
the WebReady Document Viewing and Data Loss Prevention features of Microsoft
Exchange Server. The vulnerabilities could allow remote code execution in the
security context of the transcoding service on the Exchange server if a user
previews a specially crafted file using Outlook Web App (OWA). The
transcoding service in Exchange that is used for WebReady Document Viewing
uses the credentials of the LocalService account. The Data Loss Prevention
feature hosts code that could allow remote code execution in the security
context of the Filtering Management service if a specially crafted message is
received by the Exchange server. The Filtering Management service in Exchange
uses the credentials of the LocalService account. The LocalService account
has minimum privileges on the local system and presents anonymous credentials
on the network.
|
|
Payload
|
No file payload
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS13-062
|
Vulnerability in Remote Procedure Call Could Allow
Elevation of Privilege (2849470)
|
|
Description
|
This security update resolves a privately reported
vulnerability in Microsoft Windows. The vulnerability could allow elevation
of privilege if an attacker sends a specially crafted RPC request.
|
|
Payload
|
Rpcrt4.dll, Xpsp4res.dll
|
|
Impact
|
Important - Elevation of Privilege
|
|
MS13-063
|
Vulnerabilities in Windows Kernel Could Allow Elevation of
Privilege (2859537)
|
|
Description
|
This security update resolves one publicly disclosed
vulnerability and three privately reported vulnerabilities in Microsoft
Windows. The most severe vulnerabilities could allow elevation of privilege
if an attacker logged on locally and ran a specially crafted application. An
attacker must have valid logon credentials and be able to log on locally to
exploit these vulnerabilities. The vulnerabilities could not be exploited
remotely or by anonymous users.
|
|
Payload
|
Ntkrnlmp.exe, Ntkrnlpa.exe, Ntkrpamp.exe, Ntoskrnl.exe
|
|
Impact
|
Important - Elevation of Privilege
|
|
MS13-064
|
Vulnerability in Windows NAT Driver Could Allow Denial of
Service (2849568)
|
|
Description
|
This security update resolves a privately reported
vulnerability in the Windows NAT Driver in Microsoft Windows. The
vulnerability could allow denial of service if an attacker sends a specially
crafted ICMP packet to a target server that is running the Windows NAT Driver
service.
|
|
Payload
|
No file payload
|
|
Impact
|
Important - Denial of Service
|
|
MS13-065
|
Vulnerability in ICMPv6 could allow Denial of Service
(2868623)
|
|
Description
|
This security update resolves a privately reported
vulnerability in Microsoft Windows. The vulnerability could allow a denial of
service if the attacker sends a specially crafted ICMP packet to the target
system.
|
|
Payload
|
Tcpipreg.sys, Tcpip.sys
|
|
Impact
|
Important - Denial of Service
|
|
MS13-066
|
Vulnerability in Active Directory Federation Services
Could Allow Information Disclosure (2873872)
|
|
Description
|
This security update resolves a privately reported
vulnerability in Active Directory Federation Services (AD FS). The
vulnerability could reveal information pertaining to the service account used
by AD FS. An attacker could then attempt logons from outside the corporate
network, which would result in account lockout of the service account used by
AD FS if an account lockout policy has been configured. This would result in
denial of service for all applications relying on the AD FS instance.
|
|
Payload
|
Microsoft.identityserver.dll
|
|
Impact
|
Important - Information Disclosure
|
* All results are based on the ChangeBASE Application
Compatibility Lab’s test portfolio of over 3,000 applications
No comments:
Post a Comment