Application Compatibility Update with Quest®Workspace™ ChangeBASE
Executive Summary
With this December Microsoft Patch Tuesday update, we see a set of 7 updates; 5 of which are marked as “Critical” and 2 rated as “Important”. This report was originally published in the ChangeBASE product community. For more information on application compatibility tools, please visit the ChangeBASE product page.
The Patch Tuesday Security Update analysis was performed by the Quest ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed an Amber issue.
Of the seven patches, 5 "require a restart to load correctly", and 2 "may require a restart", so it is probably best to assume all require a restart to be installed correctly.
Sample Results
Here is as a sample of the results from two packages against the patch Tuesday updates:
MS12-077 – Cumulative Security Update for Internet Explorer (2761465)
MS12-081 – Vulnerability in Windows File Handling Component (2758857)
Here is a sample summary report:
Testing Summary
MS12-077 |
Cumulative Security Update for Internet Explorer (2761465) |
MS12-078 |
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution(2783534) |
MS12-079 |
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642) |
MS12-080 |
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126) |
MS12-081 |
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857) |
MS12-082 |
Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660) |
MS12-083 |
Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809) |
Legend:
Security Update Detailed Summary
MS12-077 |
Cumulative Security Update for Internet Explorer (2761465) |
Description |
This security update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Payload |
Html.iec, Ie4uinit.exe, Iedkcs32.dll, Iedvtool.dll, Ieframe.dll, Iepeers.dll, Ieproxy.dll, Iertutil.dll, Inetcpl.cpl, Jsdbgui.dll, Jsproxy.dll, Licmgr10.dll, Msfeeds.dll, Msfeedsbs.dll, Mshtml.dll, Mshtmled.dll, Mstime.dll, Occache.dll, Url.dll, Urlmon.dll, Wininet.dll, Xpshims.dll, Advpack.dll, Corpol.dll, Dxtmsft.dll, Dxtrans.dll, Extmgr.dll, Icardie.dll, Ieakeng.dll, Ieaksie.dll, Ieakui.dll, Ieapfltr.dat, Ieapfltr.dll, Iedkcs32.dll, Ieencode.dll, Iernonce.dll, Ieudinit.exe,Iexplore.exe, Msrating.dll, Pngfilt.dll, Webcheck.dll |
Impact |
Critical - Remote Code Execution |
MS12-078 |
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution(2783534) |
Description |
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType or OpenType font files. An attacker would have to convince users to visit the website, typically by getting them to click a link in an email message that takes them to the attacker's website. |
Payload |
Atmfd.dll |
Impact |
Critical - Remote Code Execution |
MS12-079 |
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642) |
Description |
This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Office software, or previews or opens a specially crafted RTF email message in Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Payload |
Winword.exe |
Impact |
Critical - Remote Code Execution |
MS12-080 |
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126) |
Description |
This security update resolves publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server. The most severe vulnerabilities are in Microsoft Exchange Server WebReady Document Viewing and could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. |
Payload |
No specific file information |
Impact |
Critical - Remote Code Execution |
MS12-081 |
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857) |
Description |
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user browses to a folder that contains a file or subfolder with a specially crafted name. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Payload |
Conhost.exe, WinSrv.dll, Ntvdm64.dll, Wow64.dll, Wow64cpu.dll, Kernel32.dll, Acwow64.dll, Instnm.exe, Setup16.exe, User.exe, Wow32.dll |
Impact |
Critical - Remote Code Execution |
MS12-082 |
Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660) |
Description |
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker convinces a user to view a specially crafted Office document with embedded content. An attacker who successfully exploits this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Payload |
Dpnaddr.dll,Dpnathlp.dll, Dpnet.dll, Dpnhpast.dll, Dpnhupnp.dll, Dpnlobby.dll, Dpnsvr.exe |
Impact |
Important - Remote Code Execution |
MS12-083 |
Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809) |
Description |
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker presents a revoked certificate to an IP-HTTPS server commonly used in Microsoft DirectAccess deployments. To exploit the vulnerability, an attacker must use a certificate issued from the domain for IP-HTTPS server authentication. Logging on to a system inside the organization would still require system or domain credentials. |
Payload |
Iphlpsvc.dll, Iphlpsvcmigplugin.dll, Netcorehc.dll |
Impact |
Important - Security Feature Bypass |
*All results are based on a ChangeBASE Application Compatibility Lab’s test portfolio of over 1,000 applications.
Comments