Application Compatibility Update with Quest® Workspace™ ChangeBASE
With this December Microsoft Patch Tuesday update, we see a set of 7 updates; 5 of which are marked as “Critical” and 2 rated as “Important”.
The Patch Tuesday Security Update analysis was performed by the Quest ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed an Amber issue.
Of the seven patches, 5 "require a restart to load correctly", and 2 "may require a restart", so it is probably best to assume all require a restart to be installed correctly.
Sample Results
Here is as a sample of the results from two packages against the patch Tuesday updates:
MS12-081 – Vulnerability in Windows File Handling Component (2758857)
Here is a sample summary report:
Security Update Detailed Summary
|
MS12-077
|
Cumulative Security Update
for Internet Explorer (2761465)
|
|
Description
|
This security update resolves three
privately reported vulnerabilities in Internet Explorer. The most severe
vulnerabilities could allow remote code execution if a user views a specially
crafted webpage using Internet Explorer. An attacker who successfully
exploited these vulnerabilities could gain the same user rights as the
current user. Users whose accounts are configured to have fewer user rights
on the system could be less impacted than users who operate with
administrative user rights.
|
|
Payload
|
Html.iec, Ie4uinit.exe, Iedkcs32.dll,
Iedvtool.dll, Ieframe.dll, Iepeers.dll, Ieproxy.dll, Iertutil.dll,
Inetcpl.cpl, Jsdbgui.dll, Jsproxy.dll, Licmgr10.dll, Msfeeds.dll,
Msfeedsbs.dll, Mshtml.dll, Mshtmled.dll, Mstime.dll, Occache.dll, Url.dll,
Urlmon.dll, Wininet.dll, Xpshims.dll, Advpack.dll, Corpol.dll, Dxtmsft.dll,
Dxtrans.dll, Extmgr.dll, Icardie.dll, Ieakeng.dll, Ieaksie.dll, Ieakui.dll,
Ieapfltr.dat, Ieapfltr.dll, Iedkcs32.dll, Ieencode.dll, Iernonce.dll,
Ieudinit.exe,Iexplore.exe, Msrating.dll, Pngfilt.dll, Webcheck.dll
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS12-078
|
Vulnerabilities in Windows
Kernel-Mode Drivers Could Allow Remote Code Execution(2783534)
|
|
Description
|
This security update resolves one publicly
disclosed vulnerability and one privately reported vulnerability in Microsoft
Windows. The more severe of these vulnerabilities could allow remote code
execution if a user opens a specially crafted document or visits a malicious
webpage that embeds TrueType or OpenType font files. An attacker would have
to convince users to visit the website, typically by getting them to click a
link in an email message that takes them to the attacker's website.
|
|
Payload
|
Atmfd.dll
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS12-079
|
Vulnerability in Microsoft
Word Could Allow Remote Code Execution (2780642)
|
|
Description
|
This security update resolves a privately
reported vulnerability in Microsoft Office. The vulnerability could allow
remote code execution if a user opens a specially crafted RTF file using an
affected version of Microsoft Office software, or previews or opens a
specially crafted RTF email message in Outlook while using Microsoft Word as
the email viewer. An attacker who successfully exploited the vulnerability
could gain the same user rights as the current user. Users whose accounts are
configured to have fewer user rights on the system could be less impacted
than users who operate with administrative user rights.
|
|
Payload
|
Winword.exe
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS12-080
|
Vulnerabilities in Microsoft
Exchange Server Could Allow Remote Code Execution (2784126)
|
|
Description
|
This security update resolves publicly
disclosed vulnerabilities and one privately reported vulnerability in
Microsoft Exchange Server. The most severe vulnerabilities are in Microsoft
Exchange Server WebReady Document Viewing and could allow remote code
execution in the security context of the transcoding service on the Exchange
server if a user previews a specially crafted file using Outlook Web App (OWA).
The transcoding service in Exchange that is used for WebReady Document
Viewing is running in the LocalService account. The LocalService account has
minimum privileges on the local computer and presents anonymous credentials
on the network.
|
|
Payload
|
No specific file information
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS12-081
|
Vulnerability in Windows File
Handling Component Could Allow Remote Code Execution (2758857)
|
|
Description
|
This security update resolves a privately
reported vulnerability in Microsoft Windows. The vulnerability could allow
remote code execution if a user browses to a folder that contains a file or
subfolder with a specially crafted name. An attacker who successfully
exploited this vulnerability could gain the same user rights as the current
user. Users whose accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with administrative user
rights.
|
|
Payload
|
Conhost.exe, WinSrv.dll, Ntvdm64.dll,
Wow64.dll, Wow64cpu.dll, Kernel32.dll, Acwow64.dll, Instnm.exe, Setup16.exe,
User.exe, Wow32.dll
|
|
Impact
|
Critical - Remote Code Execution
|
|
MS12-082
|
Vulnerability in DirectPlay
Could Allow Remote Code Execution (2770660)
|
|
Description
|
This security update resolves a privately
reported vulnerability in Microsoft Windows. The vulnerability could allow
remote code execution if an attacker convinces a user to view a specially
crafted Office document with embedded content. An attacker who successfully
exploits this vulnerability could gain the same user rights as the current
user. Users whose accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with administrative user
rights.
|
|
Payload
|
Dpnaddr.dll,Dpnathlp.dll, Dpnet.dll,
Dpnhpast.dll, Dpnhupnp.dll, Dpnlobby.dll, Dpnsvr.exe
|
|
Impact
|
Important - Remote Code Execution
|
|
MS12-083
|
Vulnerability in IP-HTTPS
Component Could Allow Security Feature Bypass (2765809)
|
|
Description
|
This security update resolves a privately
reported vulnerability in Microsoft Windows. The vulnerability could allow
security feature bypass if an attacker presents a revoked certificate to an
IP-HTTPS server commonly used in Microsoft DirectAccess deployments. To
exploit the vulnerability, an attacker must use a certificate issued from the
domain for IP-HTTPS server authentication. Logging on to a system inside the
organization would still require system or domain credentials.
|
|
Payload
|
Iphlpsvc.dll, Iphlpsvcmigplugin.dll,
Netcorehc.dll
|
|
Impact
|
Important - Security Feature Bypass
|
*All results are based on a ChangeBASE
Application Compatibility Lab’s test portfolio of over 1,000 applications.
No comments:
Post a Comment