Executive Summary
With this
October Microsoft Patch Tuesday update, we see a set of 8 updates; 4 of which
are marked as “Critical” and 4 rated as “Important”.
The Patch
Tuesday Security Update analysis was performed by the Dell ChangeBASE Patch
Impact team and identified a small percentage of applications from the
thousands of applications included in testing for this release which showed
amber issues.
Of the eight
patches, 3 "require a restart to load correctly", and 4
"may require a restart", leaving only one which claims it doesn't
need a restart - so the usual advice is that it is probably best to
assume all require a restart to be installed correctly.
Sample
Results
Here are two sample results showing amber warnings
generated as a result of patches MS13-080 and MS13-083.
Here is a Sample Summary report:
Testing Summary
Security
Update Detailed Summary
|
MS13-080
|
Cumulative Security Update for Internet Explorer
(KB2879017)
|
|
Description
|
This security update resolves one publicly
disclosed vulnerability and nine privately reported vulnerabilities in
Internet Explorer. The most severe vulnerabilities could allow remote code
execution if a user views a specially crafted webpage using Internet
Explorer. An attacker who successfully exploited the most severe of these
vulnerabilities could gain the same user rights as the current user. Users
whose accounts are configured to have fewer user rights on the system could
be less impacted than users who operate with administrative user rights.
|
|
Payload
|
Browseui.dll, Html.iec, Ieencode.dll,
Iepeers.dll, Mshtml.dll, Mshtmled.dll, Mstime.dll, Shdocvw.dll, Tdc.ocx,
Url.dll, Urlmon.dll, Vgx.dll, Wininet.dll
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS13-081
|
Vulnerabilities in Windows Kernel-Mode Drivers
Could Allow Remote Code Execution (KB2870008)
|
|
Description
|
This security update resolves seven privately
reported vulnerabilities in Microsoft Windows. The most severe of these
vulnerabilities could allow remote code execution if a user views shared
content that embeds OpenType or TrueType font files. An attacker who
successfully exploited these vulnerabilities could take complete control of
an affected system.
|
|
Payload
|
Atmfd.dll
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS13-082
|
Vulnerabilities in .NET Framework Could Allow
Remote Code Execution (KB2878890)
|
|
Description
|
This security update resolves two privately
reported vulnerabilities and one publicly disclosed vulnerability in
Microsoft .NET Framework. The most severe of the vulnerabilities could allow
remote code execution if a user visits a website containing a specially
crafted OpenType font (OTF) file using a browser capable of instantiating
XBAP applications.
|
|
Payload
|
No specific file payload
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS13-083
|
Vulnerability in Windows Common Control Library
Could Allow Remote Code Execution (KB2864058)
|
|
Description
|
This security update resolves a privately
reported vulnerability in Microsoft Windows. The vulnerability could allow
remote code execution if an attacker sends a specially crafted web request to
an ASP.NET web application running on an affected system. An attacker could
exploit this vulnerability without authentication to run arbitrary code.
|
|
Payload
|
Comctl32.dll, Controls.man, Wcomctl32.dll
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS13-084
|
Vulnerabilities in Microsoft SharePoint Server
Could Allow Remote Code Execution (KB2885089)
|
|
Description
|
This security update resolves two privately
reported vulnerabilities in Microsoft Office server software. The most severe
vulnerability could allow remote code execution if a user opens a specially
crafted Office file in an affected version of Microsoft SharePoint Server,
Microsoft Office Services, or Web Apps.
|
|
Payload
|
Svrsetup.exe, Wsssetup.dll, Bform.js_1025,
Form.js_1025, Rgnlstng.xml_1025, Bform.js_1026, Form.js_1026,
Rgnlstng.xml_1026, Bform.js_1027, Form.js_1027, Rgnlstng.xml_1027,
Bform.js_1029, Form.js_1029, Rgnlstng.xml_1029, Rgnlstng.xml_1106,
Bform.js_1030, Form.js_1030, Rgnlstng.xml_1030, Stsomr.dll_1030,
Bform.js_1031, Form.js_1031, Rgnlstng.xml_1031, Bform.js_1032, Form.js_1032,
Rgnlstng.xml_1032, Bform.js_1033, Form.js_1033, Rgnlstng.xml_1033,
Bform.js_3082, Form.js_3082, Rgnlstng.xml_3082, Bform.js_1061, Form.js_1061,
Rgnlstng.xml_1061, Bform.js_1035, Form.js_1035, Rgnlstng.xml_1035,
Bform.js_1036, Form.js_1036, Rgnlstng.xml_1036, Avreport.htm_2108,
Bpstd.asx_2108, Calendar.css_2108, Core.css_2108, Core.rsx_2108,
Datepick.css_2108, Error.htm_2108, Filedlg.htm_0011_2108, Fontdlg.htm_2108,
Help.css_2108, Iframe.htm_2108, Instable.htm_2108, Irmrept.htm_2108,
Isswfresources_llcc.resx_2108, Menu.css_2108, Mssmsg.dll_0001.x86.2108,
Owsnocr.css_2108, Rgnlstng.xml_2108, Selcolor.htm_2108, Spadminlcid.rsx_2108,
Spmsg.dll_2108, Spstd1.asx_0001_2108, Spstd2.asx_0001_2108, Spstd3.asx_2108,
Spstd4.asx_2108, Spstd5.asx_2108, Spstd6.asx_2108, Spstd7.asx_2108,
Spstd8.asx_2108, Spthemes.xml_2108, Stsomr.dll_2108,
Workflowactions_intl_resources.dll_2108, Workflows_intl_resources.dll_2108,
Wsetupui.dll_2108, Wss.intl.res.dll.x86.2108, Wss.search.oob.sql.x86.2108,
Wss.srchadm.rsx.x86.2108, Wsslcid.rsx_2108, _basicpg.htm_2108,
_wppage.htm_2108, Bform.js_1037, Form.js_1037, Rgnlstng.xml_1037,
Bform.js_1081, Form.js_1081, Rgnlstng.xml_1081, Bform.js_1050, Form.js_1050,
Rgnlstng.xml_1050, Bform.js_1038, Form.js_1038, Rgnlstng.xml_1038,
Stsomr.dll_1038, Bform.js_1040, Form.js_1040, Rgnlstng.xml_1040,
Bform.js_1041, Form.js_1041, Rgnlstng.xml_1041, Bform.js_1087, Form.js_1087,
Rgnlstng.xml_1087, Bform.js_1042, Form.js_1042, Rgnlstng.xml_1042,
Bform.js_1063, Form.js_1063, Rgnlstng.xml_1063, Bform.js_1062, Form.js_1062,
Rgnlstng.xml_1062, Rgnlstng.xml_1071, Rgnlstng.xml_1086, Bform.js_1044,
Form.js_1044, Rgnlstng.xml_1044, Bform.js_1043, Form.js_1043,
Rgnlstng.xml_1043, Bform.js_1045, Form.js_1045, Rgnlstng.xml_1045,
Bform.js_1046, Form.js_1046, Rgnlstng.xml_1046, Stsomr.dll_1046,
Bform.js_2070, Form.js_2070, Rgnlstng.xml_2070, Bform.js_1048, Form.js_1048,
Rgnlstng.xml_1048, Bform.js_1049, Form.js_1049, Rgnlstng.xml_1049,
Bform.js_1051, Form.js_1051, Rgnlstng.xml_1051, Bform.js_1060, Form.js_1060,
Rgnlstng.xml_1060, Bform.js_2074, Form.js_2074, Rgnlstng.xml_2074, Bform.js_1053,
Form.js_1053, Rgnlstng.xml_1053, Bform.js_1054, Form.js_1054,
Rgnlstng.xml_1054, Bform.js_1055, Form.js_1055, Rgnlstng.xml_1055,
Stsomr.dll_1055, Bform.js_1058, Form.js_1058, Rgnlstng.xml_1058,
Bform.js_1066, Form.js_1066, Rgnlstng.xml_1066, Bform.js_2052, Form.js_2052,
Rgnlstng.xml_2052, Bform.js_1028, Form.js_1028, Rgnlstng.xml_1028
|
|
Impact
|
Important - Remote Code Execution
|
|
MS13-085
|
Vulnerabilities in Microsoft Excel Could Allow
Remote Code Execution (KB2885080)
|
|
Description
|
This security update resolves two privately
reported vulnerabilities in Microsoft Office. The vulnerabilities could allow
remote code execution if a user opens a specially crafted Office file with an
affected version of Microsoft Excel or other affected Microsoft Office
software. An attacker who successfully exploited the vulnerabilities could
gain the same user rights as the current user. Users whose accounts are
configured to have fewer user rights on the system could be less impacted
than users who operate with administrative user rights.
|
|
Payload
|
Excel.exe
|
|
Impact
|
Important - Remote Code Execution
|
|
MS13-086
|
Vulnerabilities in Microsoft Word Could Allow
Remote Code Execution (KB2885084)
|
|
Description
|
This security update resolves two privately
reported vulnerabilities in Microsoft Office. The vulnerabilities could allow
remote code execution if a specially crafted file is opened in an affected
version of Microsoft Word or other affected Microsoft Office software. An
attacker who successfully exploited the vulnerabilities could gain the same
user rights as the current user. Users whose accounts are configured to have
fewer user rights on the system could be less impacted than users who operate
with administrative user rights.
|
|
Payload
|
Winword.exe, Wwlib.dll
|
|
Impact
|
Important - Remote Code Execution
|
|
MS13-087
|
Vulnerability in Silverlight Could Allow
Information Disclosure (KB2890788)
|
|
Description
|
This security update resolves a privately
reported vulnerability in Microsoft Silverlight. The vulnerability could
allow information disclosure if an attacker hosts a website that contains a
specially crafted Silverlight application that could exploit this
vulnerability and then convinces a user to view the website. The attacker
could also take advantage of compromised websites and websites that accept or
host user-provided content or advertisements. Such websites could contain
specially crafted content that could exploit this vulnerability. In all
cases, however, an attacker would have no way to force users to visit a
website. Instead, an attacker would have to convince users to visit a
website, typically by getting them to click a link in an email message or in
an Instant Messenger message that takes them to the attacker's website. It
could also be possible to display specially crafted web content by using
banner advertisements or by using other methods to deliver web content to
affected systems.
|
|
Payload
|
Silverlight_developer_x64.exe,
Silverlight_x64.exe
|
|
Impact
|
Important - Information Disclosure
|
* All results are based on the ChangeBASE Application Compatibility Lab’s test portfolio of over 3,000 applications
No comments:
Post a Comment