Application Compatibility Update with Dell Software's ChangeBASE
Executive Summary
With this December Microsoft Patch Tuesday update, there are 11 updates; 5 of which are marked as “Critical” and 6 rated as “Important”.
The Patch Tuesday Security Update analysis was performed by the Dell ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed amber issues.
Of the eleven patches, 4 "require a restart to load correctly", and 5 "may require a restart", and 2 indicate they "do not need a re-start" so until we see all patches in the "do not require a restart" our advice is that it is probably best to assume all require a restart to be installed correctly.
Sample Results
Here are two sample results showing amber warnings generated as a result of patches MS-096 & MS-099.
With this December Microsoft Patch Tuesday update, there are 11 updates; 5 of which are marked as “Critical” and 6 rated as “Important”.
The Patch Tuesday Security Update analysis was performed by the Dell ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed amber issues.
Of the eleven patches, 4 "require a restart to load correctly", and 5 "may require a restart", and 2 indicate they "do not need a re-start" so until we see all patches in the "do not require a restart" our advice is that it is probably best to assume all require a restart to be installed correctly.
Sample Results
Here are two sample results showing amber warnings generated as a result of patches MS-096 & MS-099.
Here is a Sample Summary report
Testing Summary
Testing Summary
|
MS13-096
|
Vulnerability in Microsoft Graphics Component Could allow Remote
Code Execution(KB2908005)
|
|
MS13-097
|
Cumulative Security Update for Internet Explorer (KB2898785)
|
|
MS13-098
|
Vulnerability in Windows Could Allow Remote Code Execution (KB2893294)
|
|
MS13-099
|
Vulnerability in Microsoft Scripting Runtime Object Library
Could Allow Remote Code Execution (KB2909158)
|
|
MS13-100
|
Vulnerabilities in Microsoft SharePoint Server Could Allow
Remote Code Execution(KB2904244)
|
|
MS13-101
|
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow
Elevation of Privilege(KB2880430)
|
|
MS13-102
|
Vulnerability in LRPC Client Could Allow Elevation of Privilege (KB2898715)
|
|
MS13-103
|
Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (KB2905244)
|
|
MS13-104
|
Vulnerability in Microsoft Office Could Allow Information
Disclosure (KB2909976)
|
|
MS13-105
|
Vulnerabilities in Microsoft Exchange Server Could Allow Remote
Code Execution(KB2915705)
|
|
MS13-106
|
Vulnerability in a Microsoft Office Shared Component Could Allow
Security Feature Bypass (KB2905238)
|
Security Update Detailed Summary
|
MS13-096
|
Vulnerability in Microsoft Graphics
Component Could allow Remote Code Execution(KB2908005)
|
|
Description
|
This security update resolves a publicly disclosed vulnerability in
Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerability
could allow remote code execution if a user views content that contains
specially crafted TIFF files.
|
|
Payload
|
Gdiplus.dll
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS13-097
|
Cumulative Security Update for Internet
Explorer (KB2898785)
|
|
Description
|
This security update resolves seven
privately reported vulnerabilities in Internet Explorer. The most severe
vulnerabilities could allow remote code execution if a user views a specially
crafted webpage using Internet Explorer. An attacker who successfully
exploited the most severe of these vulnerabilities could gain the same user
rights as the current user. Users whose accounts are configured to have fewer
user rights on the system could be less impacted than users who operate with
administrative user rights.
|
|
Payload
|
Browseui.dll, Html.iec, Ieencode.dll,
Iepeers.dll, Mshtml.dll, Mshtmled.dll, Mstime.dll, Shdocvw.dll, Tdc.ocx,
Url.dll, Urlmon.dll, Vgx.dll, Wininet.dll
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS13-098
|
Vulnerability in Windows Could Allow Remote Code Execution (KB2893294)
|
|
Description
|
This security update resolves a privately reported vulnerability in
Microsoft Windows. The vulnerability could allow remote code execution if a
user or application runs or installs a specially crafted, signed portable
executable (PE) file on an affected system.
|
|
Payload
|
Imagehlp.dll
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS13-099
|
Vulnerability in Microsoft Scripting Runtime
Object Library Could Allow Remote Code Execution (KB2909158)
|
|
Description
|
This security update resolves a
privately reported vulnerability in Microsoft Windows. The vulnerability
could allow remote code execution if an attacker convinces a user to visit a
specially crafted website or a website that hosts specially crafted content.
An attacker who successfully exploited this vulnerability could gain the same
user rights as the local user. Users whose accounts are configured to have
fewer user rights on the system could be less impacted than users who operate
with administrative user rights.
|
|
Payload
|
Cscript.exe, Dispex.dll, Scrobj.dll,
Scrrun.dll, Wscript.exe, Wshcon.dll, Wshom.ocx
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS13-100
|
Vulnerabilities in Microsoft SharePoint
Server Could Allow Remote Code Execution (KB2904244)
|
|
Description
|
This security update resolves multiple
privately reported vulnerabilities in Microsoft Office server software. These
vulnerabilities could allow remote code execution if an authenticated
attacker sends specially crafted page content to a SharePoint server. An
attacker who successfully exploited these vulnerabilities could run arbitrary
code in the security context of the W3WP service account on the target
SharePoint site.
|
|
Payload
|
No specific file payload
|
|
Impact
|
Important - Remote Code Execution
|
|
MS13-101
|
Vulnerabilities in Windows Kernel-Mode
Drivers Could Allow Elevation of Privilege (KB2880430)
|
|
Description
|
This security update resolves five privately reported vulnerabilities
in Microsoft Windows. The more severe of these vulnerabilities could allow
elevation of privilege if an attacker logs on to a system and runs a
specially crafted application. An attacker must have valid logon credentials
and be able to log on locally to exploit this vulnerability.
|
|
Payload
|
Win32k.sys
|
|
Impact
|
Important - Elevation of Privilege
|
|
MS13-102
|
Vulnerability in LRPC Client Could Allow
Elevation of Privilege (KB2898715)
|
|
Description
|
This security update resolves a privately reported vulnerability in
Microsoft Windows. The vulnerability could allow elevation of privilege if an
attacker spoofs an LRPC server and sends a specially crafted LPC port message
to any LRPC client. An attacker who successfully exploited the vulnerability
could then install programs; view, change, or delete data; or create new
accounts with full administrator rights. An attacker must have valid logon
credentials and be able to log on locally to exploit this vulnerability.
|
|
Payload
|
Rpcrt4.dll, W03a3409.dll, Wrpcrt4.dll,
Ww03a3409.dll
|
|
Impact
|
Important - Elevation of Privilege
|
|
MS13-103
|
Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (KB2905244)
|
|
Description
|
This security update resolves a privately reported vulnerability in
ASP.NET SignalR. The vulnerability could allow elevation of privilege if an
attacker reflects specially crafted JavaScript back to the browser of a
targeted user.
|
|
Payload
|
Microsoft.AspNet.SignalR.Core.dll
|
|
Impact
|
Important - Elevation of Privilege
|
|
MS13-104
|
Vulnerability in Microsoft Office Could
Allow Information Disclosure (KB2909976)
|
|
Description
|
This
security update resolves one privately reported vulnerability in Microsoft
Office that could allow information disclosure if a user attempts to open an
Office file hosted on a malicious website. An attacker who successfully
exploited this vulnerability could ascertain access tokens used to
authenticate the current user on a targeted SharePoint or other Microsoft
Office server site.
|
|
Payload
|
Mso.dll.x86, Msores.dll, Msosqm.exe,
Office.dll, Msointl.dll.x86.1025, Msointl.rest.idx_dll.x86.1025, Msointl.dll.idx_dll.x86.1026,
Msointl.dll.x86.1026, Msointl.rest.idx_dll.x86.1026,
Msointl.dll.idx_dll.x86.1027, Msointl.dll.x86.1027,
Msointl.rest.idx_dll.x86.1027, Msointl.dll.idx_dll.x86.1029,
Msointl.dll.x86.1029, Msointl.rest.idx_dll.x86.1029, Msointl.dll.idx_dll.x86.1030,
Msointl.dll.x86.1030, Msointl.rest.idx_dll.x86.1030, Msointl.dll.x86.1031,
Msointl.rest.idx_dll.x86.1031, Msointl.dll.idx_dll.x86.1032,
Msointl.dll.x86.1032, Msointl.rest.idx_dll.x86.1032, Msointl.dll.x86.1033,
Msointl.rest.idx_dll.x86.1033, Msointl.dll.x86.3082,
Msointl.rest.idx_dll.x86.3082, Msointl.dll.idx_dll.x86.1061,
Msointl.dll.x86.1061, Msointl.rest.idx_dll.x86.1061,
Msointl.dll.idx_dll.x86.1069, Msointl.dll.x86.1069,
Msointl.rest.idx_dll.x86.1069, Msointl.dll.idx_dll.x86.1035, Msointl.dll.x86.1035,
Msointl.rest.idx_dll.x86.1035, Msointl.dll.x86.1036,
Msointl.rest.idx_dll.x86.1036, Msointl.dll.idx_dll.x86.1110,
Msointl.dll.x86.1110, Msointl.rest.idx_dll.x86.1110,
Msointl.dll.idx_dll.x86.1095, Msointl.dll.x86.1095, Msointl.rest.idx_dll.x86.1095,
Msointl.dll.x86.1037, Msointl.rest.idx_dll.x86.1037,
Msointl.dll.idx_dll.x86.1081, Msointl.dll.x86.1081,
Msointl.rest.idx_dll.x86.1081, Msointl.dll.idx_dll.x86.1050,
Msointl.dll.x86.1050, Msointl.rest.idx_dll.x86.1050, Msointl.dll.idx_dll.x86.1038,
Msointl.dll.x86.1038, Msointl.rest.idx_dll.x86.1038,
Msointl.dll.idx_dll.x86.1057, Msointl.dll.x86.1057,
Msointl.rest.idx_dll.x86.1057, Msointl.dll.x86.1040,
Msointl.rest.idx_dll.x86.1040, Msointl.dll.x86.1041,
Msointl.rest.idx_dll.x86.1041, Msointl.dll.idx_dll.x86.1087,
Msointl.dll.x86.1087, Msointl.rest.idx_dll.x86.1087,
Msointl.dll.idx_dll.x86.1099, Msointl.dll.x86.1099,
Msointl.rest.idx_dll.x86.1099, Msointl.dll.x86.1042,
Msointl.rest.idx_dll.x86.1042, Msointl.dll.idx_dll.x86.1063, Msointl.dll.x86.1063,
Msointl.rest.idx_dll.x86.1063, Msointl.dll.idx_dll.x86.1062,
Msointl.dll.x86.1062, Msointl.rest.idx_dll.x86.1062,
Msointl.dll.idx_dll.x86.1086, Msointl.dll.x86.1086,
Msointl.rest.idx_dll.x86.1086, Msointl.dll.idx_dll.x86.1044,
Msointl.dll.x86.1044, Msointl.rest.idx_dll.x86.1044, Msointl.dll.x86.1043,
Msointl.rest.idx_dll.x86.1043, Msointl.dll.idx_dll.x86.1045,
Msointl.dll.x86.1045, Msointl.rest.idx_dll.x86.1045, Msointl.dll.x86.1046,
Msointl.rest.idx_dll.x86.1046, Msointl.dll.idx_dll.x86.2070, Msointl.dll.x86.2070,
Msointl.rest.idx_dll.x86.2070, Msointl.dll.idx_dll.x86.1048,
Msointl.dll.x86.1048, Msointl.rest.idx_dll.x86.1048, Msointl.dll.x86.1049,
Msointl.rest.idx_dll.x86.1049, Msointl.dll.idx_dll.x86.1051,
Msointl.dll.x86.1051, Msointl.rest.idx_dll.x86.1051,
Msointl.dll.idx_dll.x86.1060, Msointl.dll.x86.1060,
Msointl.rest.idx_dll.x86.1060, Msointl.dll.idx_dll.x86.2074,
Msointl.dll.x86.2074, Msointl.rest.idx_dll.x86.2074,
Msointl.dll.idx_dll.x86.1053, Msointl.dll.x86.1053,
Msointl.rest.idx_dll.x86.1053, Msointl.dll.idx_dll.x86.1054,
Msointl.dll.x86.1054, Msointl.rest.idx_dll.x86.1054,
Msointl.dll.idx_dll.x86.1055, Msointl.dll.x86.1055,
Msointl.rest.idx_dll.x86.1055, Msointl.dll.idx_dll.x86.1058,
Msointl.dll.x86.1058, Msointl.rest.idx_dll.x86.1058, Msointl.dll.idx_dll.x86.1066,
Msointl.dll.x86.1066, Msointl.rest.idx_dll.x86.1066, Msointl.dll.x86.2052,
Msointl.rest.idx_dll.x86.2052, Msointl.dll.x86.1028,
Msointl.rest.idx_dll.x86.1028
|
|
Impact
|
Important - Information Disclosure
|
|
MS13-105
|
Vulnerabilities in Microsoft Exchange Server
Could Allow Remote Code Execution (KB2915705)
|
|
Description
|
This security update resolves three
publicly disclosed vulnerabilities and one privately reported vulnerability
in Microsoft Exchange Server. The most severe of these vulnerabilities exist
in the WebReady Document Viewing and Data Loss Prevention features of
Microsoft Exchange Server. These vulnerabilities could allow remote code
execution in the security context of the LocalService account if an attacker
sends an email message containing a specially crafted file to a user on an
affected Exchange server. The LocalService account has minimum privileges on
the local system and presents anonymous credentials on the network.
|
|
Payload
|
No specific file payload
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS13-106
|
Vulnerability in a Microsoft Office Shared
Component Could Allow Security Feature (KB2905238)
|
|
Description
|
This security update resolves one
publicly disclosed vulnerability in a Microsoft Office shared component that
is currently being exploited. The vulnerability could allow security feature
bypass if a user views a specially crafted webpage in a web browser capable
of instantiating COM components, such as Internet Explorer. In a web-browsing
attack scenario, an attacker who successfully exploited this vulnerability
could bypass the Address Space Layout Randomization (ASLR) security feature,
which helps protect users from a broad class of vulnerabilities. The security
feature bypass by itself does not allow arbitrary code execution. However, an
attacker could use this ASLR bypass vulnerability in conjunction with another
vulnerability, such as a remote code execution vulnerability that could take
advantage of the ASLR bypass to run arbitrary code.
|
|
Payload
|
No specific file payload
|
|
Impact
|
Important - Security Feature Bypass
|
* All results are based on the
ChangeBASE Application Compatibility Lab's test portfolio of over 3000
applications.
