Impact
Alert – Medium but affects applications dependant on GDIPLUS.DLL
ChangeBASE announces the good news this
month is that the patches and updates are relatively light. The updates
MS08-055 and MS08-053 relate to Windows Media player which has a minimal impact
on the Operating system and few applications have a direct dependency on
Windows Media player.
More
importantly, MS08-052 includes an update to a core element of the operating
system (GDIPLUS.DLL). This file is part of the graphics library for Window XP. Several
applications run through AOK can load a version of this file from their source
media/download process when they are installed and there is a danger that if
this happens the installation will result in an out of date version of this
file being loaded and overwriting the version in the patch update this month.
IT
departments need to identify which applications can do this and have a process
in place which stops this from happening. 3% of the applications tested have
this capacity including Microsoft Messenger and Macromedia Dreamweaver. See www.changebase.com for a sample of the AOK
Workbench analysis which illustrates that Messenger both includes this key file
in its installation package and has a key dependency on GDIPLUS.DLL as well as
the full report with screenshots. In
terms of which applications use or have a dependency on this component, ChangeBASE
found that 30% of the applications tested fall into this category. We recommend
organisations test all applications with such dependencies.
Specific reboot Information
It should also be noted that all machines (servers and desktops) with
this patch update will need to be rebooted for the update to take effect
Testing Summary
* MS08-052: updates key components of Microsoft Messenger and Digital Imager
* MS08-055: Updates key Microsoft Office components - full application test required
* MS08-053: Marginal impact and negligible testing profile
* MS08-054: Marginal impact and negligible testing profile
Patch Name Issues % Affected (with dependencies) Reboot RAG
MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution 237 30% YES
MS08-053 Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution <1% <1% YES
MS08-054 Vulnerability in Windows Media Player Could Allow Remote Code Execution <1% <1% NO
MS08-055 Vulnerability in Microsoft Office Could Allow Remote Code Execution 9 1% NO
Legend:
No Issues Detected
Potentially fixable application Impact
Serious Compatibility Issue
Security Update Detailed Summary
MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution
Description Vulnerabilities in GDI+ Could Allow Remote Code Execution
This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload gdiplus.dll
Impact MS08-052 updates a core OS level DLL that is responsible for Windows XP/2000 graphics interface. A number of applications contain this file in their application installation routine including; Reuters Messaging, Microsoft Messenger, Macromedia Dreamweaver and Microsoft Digital Image which could cause application compatibility issues when these packages are deployed. In addition, a significant portion of our testing portfolio had a file level dependency on this updated DLL.
MS08-053 Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution
Description This security update resolves a privately reported vulnerability in Windows Media Encoder 9 Series. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload The following file is updated in this security update; Wmex.dll
Impact This update had a marginal impact on the AOK Workbench application package portfolio through direct file and configuration overlaps with the update payload and the portfolio packages.
MS08-054 Vulnerability in Windows Media Player Could Allow Remote Code Execution
Description This security update resolves a privately reported vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload The following file is updated in this security update; Wmpeffects.dll
Impact This update had a marginal impact on the AOK Workbench application package portfolio through direct file and configuration overlaps with the update payload and the portfolio packages.
MS08-055 Vulnerability in Microsoft Office Could Allow Remote Code Execution
Description This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload The following files are updated in this security update; Onbttnie.dll, Onenote.exe, Onenotem.exe, Onfilter.dll, Onlibs.dll, Onmain.dll, Mso.dll, Mso.dll, Ietag.dll
Impact This Microsoft security update, while not affecting a large portion of the AOK application portfolio did directly affect a number of Microsoft application packages including Office 2003 (standard and professional), Microsoft Visual Basic, and Microsoft Project.
Details of Lab process
c. 800 applications were tested against
these patches using the ChangeBASE ACL (Application Compatibility Lab)
For more
information, please contact:
Monique Chambers
Compass Rose Marketing & PR
Land + 44 203 239 9722
Mobile + 356 99 89 1722
Skype monique_chambers
bambooapps updates Keep Your Word with a Core Animation based interface
Index