Microsoft Patch Tuesday Report - January 10th 2012

Application Compatibility Update
By: Greg Lambert

Executive Summary

With this January Microsoft Patch Tuesday update, we see a set of 7 updates; 1 with the rating of Critical and 6 with the rating of Important. This is a moderately sized update from Microsoft and the potential impact for the updates is likely to be low.

As part of the Patch Tuesday Security Update analysis performed by the ChangeBASE team, we have seen a small number of potential compatibility issues, including some which caused by the fifth update in this release, MS12-005, where vulnerabilities in Microsoft Windows could allow Remote Code Execution.

Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this January Patch Tuesday release cycle.

Sample Results


Here is a sample of the results for two applications tested for compatibility with these updates:

MS12-005: Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution.

MS12-006: Vulnerabilities in SSL/TLS Could Allow Information Disclosure.

And here is a sample ChangeBASE Summary report for a sample database where the ChangeBASE Patch Impact team has run the latest Microsoft Updates against a small application portfolio:

Testing Summary

MS12-001
Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
MS12-002
Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
MS12-003
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
MS12-004
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
MS12-005
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
MS12-006
Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
MS12-007
Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)

Security Update Detailed Summary

MS12-001
Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
Description
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to bypass the SafeSEH security feature in a software application. An attacker could then use other vulnerabilities to leverage the structured exception handler to run arbitrary code. Only software applications that were compiled using Microsoft Visual C++ .NET 2003 can be used to exploit this vulnerability.
Payload
Ntdll.dll, Wntdll.dll, Updspapi.dll
Impact
Important - Security Feature Bypass

MS12-002
Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
Description
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
No specific files affected
Impact
Important - Remote Code Execution

MS12-003
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
Description
The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. The attacker could then take complete control of the affected system and install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability can only be exploited on systems configured with a Chinese, Japanese, or Korean system locale.
Payload
Winsrv.dll, Updspapi.dll
Impact
Important - Elevation of Privilege

MS12-004
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
Description
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
Mciseq.dll, Winmm.dll, Updspapi.dll
Impact
Critical - Remote Code Execution

MS12-005
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
Description
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
Packager.exe, Updspapi.dll
Impact
Important - Remote Code Execution

MS12-006
Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
Description
This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.
Payload
Schannel.dll, Winhttp.dll, Updspapi.dll
Impact
Important - Information Disclosure





MS12-007
Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)
Description
This security update resolves one privately reported vulnerability in the Microsoft Anti-Cross Site Scripting (AntiXSS) Library. The vulnerability could allow information disclosure if a an attacker passes a malicious script to a website using the sanitization function of the AntiXSS Library. The consequences of the disclosure of that information depend on the nature of the information itself. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker's user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. Only sites that use the sanitization module of the AntiXSS Library are affected by this vulnerability.
Payload
No specific files affected
Impact
Important - Information Disclosure

*All results are based on an ChangeBASE Application Compatibility Lab’s test portfolio of over 1,000 applications.
For more info, please visit www.quest.com/changebase

Quest Software's CTO, Carl Eberling, on Virtualization & VKernal

Here's a second snippet from Bruce Hoard's interview with Carl Eberling, discussing how recently acquired VKernal expands Quest Software's virtualization management offering. To read Carl's views on the exciting new capabilities that ChangeBASE adds to the Quest Software portfolio, please check out yesterday's post.


Virtualization Reveiw: Turning to Quest's acquisition of VKernel, what attracted you to them, and how will that acquisition impact your customers?

Carl Eberling: With VKernel, we had recently rolled out some new capabilities for capacity management. When we looked at VKernel, we felt like it could accelerate what we'd already planned even further. We were pretty excited about it, because we had been looking at them for some time, and that' the quick summary.

Again, how customer-driven was that?

Eberling: That was less customer-driven than it was strategy-driven. About a year and a half ago, we laid out a strategy where we were looking at not only the capabilities that exist in a comprehensive performance management solution, but also ways we could officially deliver both point solutions as well as enterprise platforms.

How do Quest and VKernel benefit by selling vFoglight and other products -- say relating to capacity management -- to vSphere customers?

Eberling: We knew there was going to be multiple hypervisors. We're starting to see it now pretty aggressively across customers, especially since the last pricing change on the VMware side. We're finding more Hyper-V in the dev and test environments -- maybe not production yet -- but certainly more of a mix in the datacenter, and what Quest with vFoglight and VKernel offers is the ability to manage and capacity-plan across hypervisor environments, and we're also adding additional support for hypervisors like (Citrix) Xen and KVM as well.

Do you think Quest is competitive enough against VMware to draw new virtualization users away from them and to you?

Eberling: Yes, absolutely. I think it's all about our focus. When it comes to systems management, we have a rich history of success over 20 years. I love to ask people if after they provision their environments, do they just turn them over to their end users, or are they layering in applications and building something that is a utility for end users? When you look back at our history, you can see that we didn't start making a hypervisor, wake up a couple years later, and say yes we also want to be a systems manager. From the beginning we said it's how technology is applied and how it's put to use for the end user that's really important.

You guys claim to be the leader in virtualization management. How do you define virtualization management?

Eberling: We use third-party validation mostly. IDC has put out stuff in the past couple of years that said we are number three in virtualization management -- we're the first ISV, but that they list us right behind VMware and Microsoft in this space, so that's how we claim our title as leader in systems management. In addition, we put a lot credence in the feedback we get from our customers.

Going forward, what specific goals must Quest meet to thrive as a company?

Eberling: We've got several initiatives that span our solutions. Last year we embarked on an effort to really educate both our companies, and even our employees in some cases, about the general solution area that Quest participates in. We've got this rich portfolio of a hundred and some products, and nobody could ever know them all. People generally relate to a smaller set of solution areas, so we settled on six solution areas, which is great. Now, as we go into 2012 we're looking at things like identity management and access management along with end-user workspace. These are things that certainly can be entire platforms, but they also can be point solutions if the user is wondering, how do I get that one application or point solution in place to solve the problem I have today, and then how do I also leverage that to build for a better tomorrow? 


For more information how Quest's ChangeBASE solution set makes getting your applications ready for deployment on a virtual infrastructure simpler, faster and less costly, please visit the website.

A Q&A with Quest Software's CTO Carl Eberling

A few weeks ago, Bruce Hoard, Virtualization Review Editor-in-Chief, interviewed Quest Software CTO Carl Eberling about the impact that recently acquired ChangeBASE and VKernel will have on customers. Here's what Carl had to say about the exciting new capabilities that ChangeBASE brings to the Quest Software portfolio.


Virtualization Review: What are the solutions offered by ChangeBASE that led to the Quest acquisition of this company?

Carl Eberling: About a year ago, we laid out a strategy relative to what we had going on with vWorkspace in server-based desktop computing, where we've got VDI, Terminal Services, and the ability to manage VoIP as well. That in and of itself didn't cover enough of the evolving user and client management challenges that are hitting IT, so we started looking at how we could apply some of our monitoring and performance management technologies. We were also interested in including some of our security and identity access management pieces, and one of the things that we saw that was a bit of an opportunity for us related to desktop migration. That is, when people typically have to go from one operating system to another, it tends to be a major event within IT. There are a whole lot of great solutions out there that can help customers make that transition in a cost-effective way. We felt like Quest had a rich history in the migration business -- look at what we do with our e-mail migration, what we do with AD and SharePoint -- so we set about looking at this issue of desktop migration, and I came across a great company called ChangeBASE.

Were Quest customers pressing you to acquire or develop the capabilities offered by ChangeBASE?

Eberling: They weren't pressuring us, but we were finding that frequently during an upgrade event a customer would sit back and say, "Is there a different way for me to do desktop computing for the enterprise?" And so it seemed like it a good opportunity for us to get involved with the conversation sooner rather than later. We also thought we could apply some of our other assessment technologies that we've got with VDI, so not only can we figure out how best to get you upgraded to Windows 7, but now we can also look at all your applications and how you're using them, and give you some recommendations on what could be on Terminal Services, what could be app virtualization, and what could actually be going nicely into VDI. It was more looking at the workflow that occurs within IT that led us to feel we would be better suited to get involved.

Do you see your customers gravitating to a desktop virtualization approach that leans more toward Terminal Services and remote desktop services, as opposed to a VDI model based on datacenter connectivity?

Ebering: Yes, you know, people talk about VDI, but they implement Terminal Services. You get much greater density. For the purposes of what they're trying to solve in terms of making sure end users can get to their applications, get their job done and get the best control, they tend to gravitate more to that with the desktop experience. I would say VDI is growing in the sense that maybe it's become 10 percent or 15 percent of the mix.

How will the acquisition of ChangeBASE impact your customers?

Eberling: A couple of ways. One, we believe it brings to the discussion a technology and set of capabilities that I find an alarming number of customers don't even know exist. Even during our due diligence prior to buying ChangeBASE we found that over half of the customers we talked to had no awareness that this kind of tooling was available to them. There were only two players in this game, and both of them spent a fair amount of time talking more to the application packaging experts, and talking to big outsourcing shops, rather than getting the message out to the enterprise.

Who were those two players?

Eberling: ChangeBASE and App-DNA.

So you consider App-DNA to be direct competition now?

Eberling: In a way. What App-DNA does is very different. They're big on the reporting aspect, but they don't necessarily help much with the actual fixing of the problems once you find them. There is certainly the opportunity to catch up over time, but right now, sure, they are a competitor.


For more information on how Quest's ChangeBASE solution can make your migration project faster, simpler and less costly, please visit the website.