Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Microsoft patch details from ChangeBASE

ChangeBASE : 11 September, 2008  (Technical Article)
Applications using GDIPLUS.DLL affected by vulnerabilities closed in the latest release of Microsoft security patches
ChangeBASE announces the good news this month is that the patches and updates are relatively light. The updates MS08-055 and MS08-053 relate to Windows Media player which has a minimal impact on the Operating system and few applications have a direct dependency on Windows Media player.

More importantly, MS08-052 includes an update to a core element of the operating system (GDIPLUS.DLL). This file is part of the graphics library for Window XP. Several applications run through AOK can load a version of this file from their source media/download process when they are installed and there is a danger that if this happens the installation will result in an out of date version of this file being loaded and overwriting the version in the patch update this month.

IT departments need to identify which applications can do this and have a process in place which stops this from happening. 3% of the applications tested have this capacity including Microsoft Messenger and Macromedia Dreamweaver. See the changebase web site for a sample of the AOK Workbench analysis which illustrates that Messenger both includes this key file in its installation package and has a key dependency on GDIPLUS.DLL as well as the full report with screenshots. In terms of which applications use or have a dependency on this component, ChangeBASE found that 30% of the applications tested fall into this category. It is recommended that organisations test all applications with such dependencies.

Specific reboot Information:

It should also be noted that all machines (servers and desktops) with this patch update will need to be rebooted for the update to take effect

Testing Summary:

• MS08-052: updates key components of Microsoft Messenger and Digital Imager
• MS08-055: Updates key Microsoft Office components - full application test required
• MS08-053: Marginal impact and negligible testing profile
• MS08-054: Marginal impact and negligible testing profile

Details of Lab process:

c. 800 applications were tested against these patches using the ChangeBASE ACL (Application Compatibility Lab)

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo