September 13th Microsoft Patch Tuesday Application Compatibility Report by ChangeBASE

Application Compatibility Update

By: Greg Lambert

 

Executive Summary

With this September Microsoft Patch Tuesday update, we see again a relatively small set of updates in comparison to the lists of updates released by Microsoft in the previous months. In total there are five Microsoft Security Updates with the rating of Important. This is a minor update from Microsoft and the potential impact for the updates is likely to be moderate.

 

As part of the Patch Tuesday Security Update analysis performed by the ChangeBASE AOK team, we have seen very little cause for potential compatibility issues.

 

Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this September Patch Tuesday release cycle.

 

Sample Results 1: MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege

 patch sept 1.png

 

Sample Results 2: MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

 

patch sept 2.png

 

Testing Summary

 

MS11-070

Vulnerability in WINS Could Allow Elevation of Privilege (2571621)

MS11-071

Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)

MS11-072

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)

MS11-073

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)

MS11-074

Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

 

Sample Results 3: AOK Summary Report Sample from a small database

patch sept 3.png

AOK Patch Summary Results

Patch sept 4.PNG

Security Update Detailed Summary

 

MS11-070

Vulnerability in WINS Could Allow Elevation of Privilege (2571621)

Description

This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user received a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Payload

W03a3409.dll, Wins.exe, Winsevnt.dll, Ww03a3409.dll, Wwins.exe, Wwinsevnt.dll

Impact

Important – Elevation of Privilege

 

MS11-071

Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)

Description

This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload

Imjpapi.dll

Impact

Important – Remote Code Execution

 

MS11-072

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)

Description

This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1986 and CVE-2011-1987.

Payload

Excel.exe

Impact

Important – Remote Code Execution

 

MS11-073

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)

Description

This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either of the vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload

Ietag.dll, Mso.dll

Impact

Important – Remote Code Execution

 

MS11-074

Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

Description

This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicked on a specially crafted URL or visited a specially crafted Web site. For the most severe vulnerabilities, Internet Explorer 8 and Internet Explorer 9 users browsing to a SharePoint site in the Internet Zone are at a reduced risk because, by default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 helps to block the attacks in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9, however, is not enabled by default in the Intranet Zone.

Payload

Groove.exe, Groovedocumentsharetool.dll, Grooveutil.dll, Groovewebplatformservices.dll, Groovewebservices.dll

Impact

Important – Elevation of Privilege

 

*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.

 

 

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close