NEWS RELEASE : CHANGEBASE EXECUTIVE SUMMARY OF MICROSOFT SEPTEMBER 9th PATCH

[news 28]

 

 

Impact

Alert – Medium but affects applications dependant on GDIPLUS.DLL

 

ChangeBASE announces the good news this

month is that the patches and updates are relatively light. The updates

MS08-055 and MS08-053 relate to Windows Media player which has a minimal impact

on the Operating system and few applications have a direct dependency on

Windows Media player.

 

More

importantly, MS08-052 includes an update to a core element of the operating

system (GDIPLUS.DLL). This file is part of the graphics library for Window XP. Several

applications run through AOK can load a version of this file from their source

media/download process when they are installed and there is a danger that if

this happens the installation will result in an out of date version of this

file being loaded and overwriting the version in the patch update this month.

 

IT

departments need to identify which applications can do this and have a process

in place which stops this from happening. 3% of the applications tested have

this capacity including Microsoft Messenger and Macromedia Dreamweaver. See www.changebase.com for a sample of the AOK

Workbench analysis which illustrates that Messenger both includes this key file

in its installation package and has a key dependency on GDIPLUS.DLL as well as

the full report with screenshots. In

terms of which applications use or have a dependency on this component, ChangeBASE

found that 30% of the applications tested fall into this category. We recommend

organisations test all applications with such dependencies.

 

Specific reboot Information

It should also be noted that all machines (servers and desktops) with

this patch update will need to be rebooted for the update to take effect

Testing Summary

* MS08-052: updates key components of Microsoft Messenger and Digital Imager

* MS08-055: Updates key Microsoft Office components - full application test required

* MS08-053: Marginal impact and negligible testing profile

* MS08-054: Marginal impact and negligible testing profile

 

 

Patch Name Issues % Affected (with dependencies) Reboot RAG

MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution 237 30% YES

MS08-053 Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution <1% <1% YES

MS08-054 Vulnerability in Windows Media Player Could Allow Remote Code Execution <1% <1% NO

MS08-055 Vulnerability in Microsoft Office Could Allow Remote Code Execution 9 1% NO

 

Legend:

 

No Issues Detected

Potentially fixable application Impact

Serious Compatibility Issue

 

 

Security Update Detailed Summary

MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution

Description Vulnerabilities in GDI+ Could Allow Remote Code Execution

This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload gdiplus.dll

Impact MS08-052 updates a core OS level DLL that is responsible for Windows XP/2000 graphics interface. A number of applications contain this file in their application installation routine including; Reuters Messaging, Microsoft Messenger, Macromedia Dreamweaver and Microsoft Digital Image which could cause application compatibility issues when these packages are deployed. In addition, a significant portion of our testing portfolio had a file level dependency on this updated DLL.

 

 

MS08-053 Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution

Description This security update resolves a privately reported vulnerability in Windows Media Encoder 9 Series. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload The following file is updated in this security update; Wmex.dll

Impact This update had a marginal impact on the AOK Workbench application package portfolio through direct file and configuration overlaps with the update payload and the portfolio packages.

 

MS08-054 Vulnerability in Windows Media Player Could Allow Remote Code Execution

Description This security update resolves a privately reported vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload The following file is updated in this security update; Wmpeffects.dll

Impact This update had a marginal impact on the AOK Workbench application package portfolio through direct file and configuration overlaps with the update payload and the portfolio packages.

 

MS08-055 Vulnerability in Microsoft Office Could Allow Remote Code Execution

Description This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload The following files are updated in this security update; Onbttnie.dll, Onenote.exe, Onenotem.exe, Onfilter.dll, Onlibs.dll, Onmain.dll, Mso.dll, Mso.dll, Ietag.dll

Impact This Microsoft security update, while not affecting a large portion of the AOK application portfolio did directly affect a number of Microsoft application packages including Office 2003 (standard and professional), Microsoft Visual Basic, and Microsoft Project.

Details of Lab process

c. 800 applications were tested against

these patches using the ChangeBASE ACL (Application Compatibility Lab)

 

For more

information, please contact:

 

 

Monique Chambers

Compass Rose Marketing & PR

Land + 44 203 239 9722

Mobile + 356 99 89 1722

Skype monique_chambers