Application Compatibility Update with Quest®Workspace™ ChangeBASE

Executive Summary

With this December Microsoft Patch Tuesday update, we see a set of 7 updates; 5 of which are marked as “Critical” and 2 rated as “Important”. This report was originally published in the ChangeBASE product community. For more information on application compatibility tools, please visit the ChangeBASE product page.

 

The Patch Tuesday Security Update analysis was performed by the Quest ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed an Amber issue.

 

Of the seven patches, 5 "require a restart to load correctly", and 2 "may require a restart", so it is probably best to assume all require a restart to be installed correctly.

 

 

Sample Results

 

Here is as a sample of the results from two packages against the patch Tuesday updates:

 

MS12-077 – Cumulative Security Update for Internet Explorer (2761465)

 

Sample2.png

MS12-081 – Vulnerability in Windows File Handling Component (2758857)

 

Sample1.png

Here is a sample summary report:

 

Summary reportPNG.PNG

 

Testing Summary

 

MS12-077

Cumulative Security Update for Internet Explorer (2761465)

MS12-078

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution(2783534)

MS12-079

Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)

MS12-080

Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)

MS12-081

Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)

MS12-082

Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)

MS12-083

Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)

 

example.PNG

 

Legend:

RAGLegend.png

 

 

Security Update Detailed Summary

 

MS12-077

Cumulative Security Update for Internet Explorer (2761465)

Description

This security update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload

Html.iec, Ie4uinit.exe, Iedkcs32.dll, Iedvtool.dll, Ieframe.dll, Iepeers.dll, Ieproxy.dll, Iertutil.dll, Inetcpl.cpl, Jsdbgui.dll, Jsproxy.dll, Licmgr10.dll, Msfeeds.dll, Msfeedsbs.dll, Mshtml.dll, Mshtmled.dll, Mstime.dll, Occache.dll, Url.dll, Urlmon.dll, Wininet.dll, Xpshims.dll, Advpack.dll, Corpol.dll, Dxtmsft.dll, Dxtrans.dll, Extmgr.dll, Icardie.dll, Ieakeng.dll, Ieaksie.dll, Ieakui.dll, Ieapfltr.dat, Ieapfltr.dll, Iedkcs32.dll, Ieencode.dll, Iernonce.dll, Ieudinit.exe,Iexplore.exe, Msrating.dll, Pngfilt.dll, Webcheck.dll

Impact

Critical - Remote Code Execution

 

MS12-078

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution(2783534)

Description

This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType or OpenType font files. An attacker would have to convince users to visit the website, typically by getting them to click a link in an email message that takes them to the attacker's website.

Payload

Atmfd.dll

Impact

Critical - Remote Code Execution

 

MS12-079

Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)

Description

This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Office software, or previews or opens a specially crafted RTF email message in Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload

Winword.exe

Impact

Critical - Remote Code Execution

 

MS12-080

Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)

Description

This security update resolves publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server. The most severe vulnerabilities are in Microsoft Exchange Server WebReady Document Viewing and could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network.

Payload

No specific file information

Impact

Critical - Remote Code Execution

 

MS12-081

Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)

Description

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user browses to a folder that contains a file or subfolder with a specially crafted name. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload

Conhost.exe, WinSrv.dll, Ntvdm64.dll, Wow64.dll, Wow64cpu.dll, Kernel32.dll, Acwow64.dll, Instnm.exe, Setup16.exe, User.exe, Wow32.dll

Impact

Critical - Remote Code Execution

 

MS12-082

Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)

Description

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker convinces a user to view a specially crafted Office document with embedded content. An attacker who successfully exploits this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload

Dpnaddr.dll,Dpnathlp.dll, Dpnet.dll, Dpnhpast.dll, Dpnhupnp.dll, Dpnlobby.dll, Dpnsvr.exe

Impact

Important - Remote Code Execution

 

MS12-083

Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)

Description

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker presents a revoked certificate to an IP-HTTPS server commonly used in Microsoft DirectAccess deployments. To exploit the vulnerability, an attacker must use a certificate issued from the domain for IP-HTTPS server authentication. Logging on to a system inside the organization would still require system or domain credentials.

Payload

Iphlpsvc.dll, Iphlpsvcmigplugin.dll, Netcorehc.dll

Impact

Important - Security Feature Bypass

 

 

*All results are based on a ChangeBASE Application Compatibility Lab’s test portfolio of over 1,000 applications.