Recently in Deployment diary Category

Application Compatibility Update

By: Greg Lambert

Executive Summary

With this October Microsoft Patch Tuesday update, we see again a relatively small set of updates. In total there are eight Microsoft Security Updates, 2 with the rating of Critical and 6 with the rating of Important. This is a moderate update from Microsoft and the potential impact for the updates is minor.

As part of the Patch Tuesday Security Update analysis performed by the ChangeBASE AOK team, we have seen very little cause for potential compatibility issues.

Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this October Patch Tuesday release cycle.

Sample Results

MS10-028: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution.

Testing Summary

MS11-075		Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
MS11-076		Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
MS11-077		Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
MS11-078		Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
MS11-079		Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
MS11-080		Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
MS11-081		Cumulative Security Update for Internet Explorer (2586448)
MS11-082		Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)

Security Update Detailed Summary

*All results are based on an AOK Application Compatibility Lab's test portfolio of over 1,000 applications.

Application Compatibility Update

By: Greg Lambert

Executive Summary

With this September Microsoft Patch Tuesday update, we see again a relatively small set of updates in comparison to the lists of updates released by Microsoft in the previous months. In total there are five Microsoft Security Updates with the rating of Important. This is a minor update from Microsoft and the potential impact for the updates is likely to be moderate.

As part of the Patch Tuesday Security Update analysis performed by the ChangeBASE AOK team, we have seen very little cause for potential compatibility issues.

Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this September Patch Tuesday release cycle.

Sample Results 1: MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege

Sample Results 2: MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

With this week's Microsoft Patch Tuesday update, we see the largest collection of updates ever delivered by Microsoft in a single Patch Tuesday release with 17 updates having the following rating; 2 Critical, 14 Important and 1 Moderate. Aside from the significant number of Security and Application updates with this Patch Tuesday release cycle, we see a moderate number of issues affecting a small number of applications. The ChangeBASE team recommends a particular focus on the Microsoft Security Update MS10-106 as it raised a significant number of issues on the AOK sample server platform portfolio.

Here is a sample of the results for one application and a summary of the Patch Tuesday results for one of our AOK Sample databases:

And here is a sample AOK Summary report for a sample database where the AOK Patch Impact team has run the latest Microsoft Updates against a small application portfolio:

You can read a full analysis of the AOK Patch Impact Testing Summary here.

Application Compatibility Update

With this Microsoft Patch Tuesday update, we see the largest collection of updates ever delivered by Microsoft in a single Patch Tuesday release. In total, there are 16 updates with the following rating; 2 Critical, 12 Important and 2 Moderate. Aside from the significant number of Security and Application updates with this Patch Tuesday release cycle, we also see a significant number of applications dependent on this large tranche of changes. The ChangeBase team recommends that the testing cycle for these particular releases is especially thorough due to application dependencies on almost all of the security patches included in this release. Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this October Patch Tuesday release cycle.

Here is a sample of the results for one application and a summary of the Patch Tuesday results for one of our AOK Sample databases.

The month of September sees nine Security bulletin updates that tackle a total of 13 vulnerabilities for Windows, Microsoft Office and Internet Explorer. With these nine updates, we see four rated as Critical and the remaining five updates rated as Important. We have included a sample screen-shot from the ChangeBASE AOK Workbench application that depicts one of the issues raised by one these Microsoft patches:

MS10-0063: Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution 

Testing Summary

Security Update Detailed Summary

With this Microsoft Patch Tuesday update, we have the largest release of security and application updates that the ChangeBASE team has dealt with. Nine of the updates rate as 'Critical' and the remaining six updates are rated as 'Important' - a very significant release by Microsoft standards.

As we have seen in many other Microsoft Patch Tuesday releases, all of these patches will require a system restart for both workstation and server environments.

We have also included a brief snap-shot image of some of the sample results from the AOK Workbench with a single application and Patch Impact Assessment result for MS10-053, the IE browser security update;

With this July Microsoft Patch Tuesday Security Update, we see a moderate number of security updates with 4 updates to Windows XP, Windows 7 and Office, including three updates rated as 'Critical' and one rated as 'Important'. Unfortunately, all patched released this month will most likely require a reboot of the target system. In addition, all of these Microsoft Security Updates relate to Remote Code Execution vulnerabilities.

The ChangeBase AOK Patch Impact team has updated the sample application database to now more than 2000 unique application packages. All of the applications in this large sample application portfolio are analysed for application level conflicts with Microsoft Security Updates and potential dependencies.

Based on the results of our AOK Application Compatibility Lab, only one of the July Patch Tuesday updates is likely to require significant application level testing;

·         MS10-044 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

We have included a brief snap-shot of some of the results from our AOK Software that demonstrates some of the potential impacts on the OSP application package with the following image:

In addition to this high level summary, we have also included a small sample of one of the AOK Summary reports from a smaller sample database;

MS10-042 Cumulative Security Update of ActiveX Kill Bits

MS10-043 Cumulative Security Update for Internet Explorer

MS10-044 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

MS10-045 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege 

Hello again dear CW Blog readers, it's been almost a year since the initial series of posts describing a automated method of deploying Office 2007 via your KIX-Based logon scripts, complete with additional items of interest surrounding the customisation of the Office Ribbon itself to allow you to call your own programs or functions for easier use of the product itself.

Now you thought that would be it on the matter, but of course as with all things, there can be room for improving the process itself.

The KIX method we used before assumed that the user running the logon script was an administrator of the machine, and of course provided not a lot of feedback to the user in terms of what the process was doing at the time.

There was also the point of not enough redundancy within the script itself to take into account certain issues like disk space, and what about informing the end user that a certain part failed and they needed to inform their helpdesk as to what failed?

What about having the option of specifying what server to run the install from for multiple locations and packaging the office folder content to be copied to any server and know that all will be well?

Now there has been some time between the script being created and tested, let's go through some of the results we had from the testing and what kind of issues did occur as a result of installing Office in this fashion.

And now we reach the point where we install those Ribbon customisations. Now last time, I left Part 4 of the Main Script entry with the question of what could make the install of the ribbon files stop in its tracks. And so to the continuation of the logon script which will shed light on the matter.

;************* Silent Install the Office Ribbon links to the Help files ************************
;running using VSTOInstaller from the Visual Studio Tools (locally based on user's workstations)

? "Running registry change to allow silent Office Ribbon install"
if $officeinstall <> "0" and $ribbonpresent = "1"
shell "Regedit /s \\server\netLogon\OfficeRibbonInstall\newexceptions.reg"
 if @error = 0
 ? "Registry has been updated to allow silent Ribbon install."
 Else
 ? "Registry hasn't been updated. You may experience problems with the Ribbon Install"
 endif
endif

What is this? A registry change? Why do we need to alter the registry to achieve our goals?

Well it's down to Microsoft as it goes.

You see, Microsoft introduced some security measures with .net applications to make sure that the user is certain they want to install the program they have just executed. One of the options you have is adding a certificate to the install files, and having a corresponding certificate on the workstations.

Then only certified applications would install without the prompt and if they recieved a program of questionable origin, they are warned. A jolly good idea really, as you do want to make sure that only authorised programs are installed.

If you were to run the install program from the VSTO file you created, you would be presented with something like this: