ChangeBASE Microsoft Patch Tuesday Report 11th October 2011

| 1 Comment
| More

Application Compatibility Update

By: Greg Lambert

 

Executive Summary

With this October Microsoft Patch Tuesday update, we see again a relatively small set of updates. In total there are eight Microsoft Security Updates, 2 with the rating of Critical and 6 with the rating of Important. This is a moderate update from Microsoft and the potential impact for the updates is minor.

 

As part of the Patch Tuesday Security Update analysis performed by the ChangeBASE AOK team, we have seen very little cause for potential compatibility issues.

 

Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this October Patch Tuesday release cycle.

 

Sample Results

MS10-028: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution.

patch tuesday oct 1.png

 

Testing Summary

 

MS11-075

Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)

MS11-076

Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)

MS11-077

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)

MS11-078

Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)

MS11-079

Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)

MS11-080

Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)

MS11-081

Cumulative Security Update for Internet Explorer (2586448)

MS11-082

Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)

 

patch tuesday oct 2.jpg















































 

Security Update Detailed Summary

 

MS11-075

Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)

Description

This security update resolves a privately reported vulnerability in the Microsoft Active Accessibility component. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, the Microsoft Active Accessibility component could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.

Payload

Oleacc.dll, Oleaccrc.dll, Uiautomationcore.dll, Wow_oleacc.dll, Wow_oleaccrc.dll, Wow_uiautomationcore.dll

Impact

Important - Remote Code Execution

 

MS11-076

Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)

Description

This security update resolves a publicly disclosed vulnerability in Windows Media Center. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Media Center could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file.

Payload

Mpeg2data.ax, Msdvbnp.ax, Msnp.ax, Psisdecd.dll, Psisrndr.ax

Impact

Important - Remote Code Execution

 

MS11-077

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)

Description

This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted font file (such as a .fon file) in a network share, a UNC or WebDAV location, or an e-mail attachment. For a remote attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the specially crafted font file, or open the file as an e-mail attachment.

Payload

Win32k.sys, W32ksign.dll

Impact

Important - Remote Code Execution

 

MS11-078

Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)

Description

This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Payload

 N/A

Impact

Critical - Remote Code Execution

 

MS11-079

Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)

Description

This security update resolves five privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.

Payload

Adfs.internalerror.inc, Adfs.internalsite.de_de.xml, Adfs.internalsite.en_us.xml, Adfs.internalsite.es_es.xml, Adfs.internalsite.fr_fr.xml, Adfs.internalsite.it_it.xml, Adfs.internalsite.ja_jp.xml, Adfs.internalsite.ko_kr.xml, Adfs.internalsite.pt_br.xml, Adfs.internalsite.ru_ru.xml, Adfs.internalsite.zh_cn.xml, Adfs.internalsite.zh_tw.xml, Internalerror.inc, Internalsite.de_de.xml, Internalsite.en_us.xml, Internalsite.es_es.xml, Internalsite.fr_fr.xml, Internalsite.it_it.xml, Internalsite.ja_jp.xml, Internalsite.ko_kr.xml, Internalsite.pt_br.xml, Internalsite.ru_ru.xml, Internalsite.zh_cn.xml, Internalsite.zh_tw.xml, Mobileinternalsite.microsoft.uag.mobilebrowsing.dll, Monitor.default.asp, Monitor.exceltable.asp, Monitor.sessionparameters.asp, Signurl.asp, Whlfilter.dll, Whlfiltsecureremote.dll

Impact

Important - Remote Code Execution

 

MS11-080

Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)

Description

This security update resolves a privately reported vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.

Payload

Afd.sys

Impact

Important - Elevation of Privilege

 

MS11-081

Cumulative Security Update for Internet Explorer (2586448)

Description

This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload

 N/A

Impact

Critical - Remote Code Execution

 

MS11-082

Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)

Description

This security update resolves two publicly disclosed vulnerabilities in Host Integration Server. The vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the Host Integration Server ports should be blocked from the Internet.

Payload

 N/A

Impact

Important - Denial of Service

 

*All results are based on an AOK Application Compatibility Lab's test portfolio of over 1,000 applications.

1 Comment

Hi,
after applying this update, restart takes for ever on my win7 x64 system.
Any reason for this?
Thanks and regards

Leave a comment

About this Entry

This page contains a single entry by Greg Lambert published on October 11, 2011 9:21 PM.

Rethink IT was the previous entry in this blog.

VMware CEO Paul Maritz admits licensing will change to a consumption model is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Archives

Category Archives

 

-- Advertisement --