Microsoft Patch Tuesday Dec 08th 2009.
Dec 08th 2009.
By: Greg Lambert
Application Compatibility Update
Executive Summary
With this December Microsoft Patch Tuesday Security Update, we see six updates relating to the IE, Office, the Windows XP, Server (2003 and 2008) and Windows 7 Operating System. With this release, there are 3 updates rated as CRITICAL and three updates rated as IMPORTANT – all of which are expected by the AOK Patch Impact team to require machine (workstation and server) reboots.
The ChangeBase AOK Patch Impact team has analysed over 1,000 application packages for conflicts with Microsoft Security Updates and potential dependencies, or down-level conflicts.
Based on the results of our AOK Application Compatibility Lab five of the six patches have very limited impact on applications. The one patch that raised a significant number of issues is MS09-072 (Cumulative Security Update for Internet Explorer (976325). With a moderate impact on both the number of applications affected and number of issues raised, the ChangeBASE AOK team recommends particular attention is paid the testing and deployment of the patch MS09-072.
We have included a brief snap-shot of some of the results from our AOK Software that demonstrates some of the potential impacts on Microsoft Office deployments with the following pictures.
MS09-069 Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392
 Testing Summary- MS09-069 : : Marginal impact and negligible testing profile
- MS09-070 : : Marginal impact and negligible testing profile
- MS09-071 : : Marginal impact and negligible testing profile
- MS09-072 : : MODERATE impact and small testing profile
- MS09-073 : : Marginal impact and negligible testing profile
- MS09-074 : : Marginal impact and negligible testing profile
| Patch Name | Total
Issues | Matches
Affected | Reboot | Rating | RAG |
|---|
| Microsoft Security Bulletin MS09-069 | <1% | <1% | YES | Critical |  | | Microsoft Security Bulletin MS09-070 | <1% | <1% | YES | Critical | | | Microsoft Security Bulletin MS09-071 | <1% | <1% | YES | Critical | | | Microsoft Security Bulletin MS09-072 | <1% | <1% | YES | Critical | | | Microsoft Security Bulletin MS09-073 | <1% | <1% | YES | Critical | | | Microsoft Security Bulletin MS09-074 | <1% | <1% | YES | Critical | |
Legend: | No Issues Detected |  | Potentially fixable application Impact |  | Serious Compatibility Issue |
Security Update Detailed Summary| MS09-069 | : Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392) | | Description |
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a remote, authenticated attacker, while communicating through Internet Protocol security (IPsec), sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system.
| | Payload | Ipsec.sys, Ipsecmon.exe, Netdiag.exe, Oakley.dll, Polagent.dll, Polstore.dll, Rasmans.dll | | Impact | Important – Denial of Service |
| MS09-070 | Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) | | Description |
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. An attacker would need to be an authenticated user in order to exploit either of these vulnerabilities.
| | Payload | System.web.security.singlesignon.dll, Ifsext.dll, Ifsfilt.dll, Ifsutils.dll, Adfsreg.exe | | Impact | Important – Remote Code Execution |
| MS09-071 | Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) | | Description |
This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. Servers using Internet Authentication Service are only affected when using PEAP with MS-CHAP v2 authentication.
| | Payload | Raschap.dll, Rastls.dll | | Impact | Critical – Remote Code Execution |
| MS09-072 | Cumulative Security Update for Internet Explorer (976325) | | Description |
This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An ActiveX control built with Microsoft Active Template Library (ATL) headers could also allow remote code execution; this vulnerability has been described in Microsoft Security Advisory 973882 and Microsoft Security Bulletin MS09-035.
| | Payload | Browseui.dll, Cdfview.dll, Danim.dll, Dxtmsft.dll, Dxtrans.dll, Extmgr.dll, Html.iec, Iedw.exe, Ieencode.dll, Iepeers.dll, Inseng.dll, Jsproxy.dll, Mshtml.dll, Mshtmled.dll, Msrating.dll, Mstime.dll, Pngfilt.dll, Shdocvw.dll, Shlwapi.dll, Tdc.ocx, Urlmon.dll, Wininet.dll, Xpsp3res.dll | | Impact | Critical – Remote Code Execution |
| MS09-073 | Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539) | | Description |
This security update resolves a privately reported vulnerability in Microsoft WordPad and Microsoft Office text converters. The vulnerability could allow remote code execution if a specially crafted Word 97 file is opened in WordPad or Microsoft Office Word. An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges.
| | Payload | Html32.cnv, Msconv97.dll, Mswrd6.wpc, Mswrd632.wpc, Mswrd8.wpc, Mswrd832.cnv, Write.wpc, Write32.wpc | | Impact | Important – Remote Code Execution |
| MS09-074 | Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) | | Description |
This security update resolves a privately reported vulnerability in Microsoft Office Project. The vulnerability could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
| | Payload | Anlyzts.dll, Atlconv.dll, Mswarp.dll, Pj11od11.dll, Pj11tm11.dll, Pjmsgmgr.dll, Pjmsgsdr.dll, Pjoledb.dll, Pjresc.dll, Pjspool.exe, Prjres.dll, Serconv.dll, Winproj.exe | | Impact | Critical – Remote Code Execution |
*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.
|
