Guest

Cisco Unity

Microsoft Windows Security Bulletin MS03-039 for Cisco Unity


September 12, 2003



Products Affected

Product

Comments

Cisco Unity Bridge

All versions

Cisco Unity

All versions

Problem Description

Microsoft Corporation recently announced a security vulnerability in its Windows Operating Systems which hosts Cisco applications including Cisco Unity, Cisco Unity Bridge applications. This security vulnerability is in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface.

Additional information can be found on the Microsoft Website at the following location:

http://www.microsoft.com/technet/security/bulletin/ms03-039.asp

Background

A stack-based buffer overflow condition has been discovered in the Microsoft RPC interface for DCOM. This is a core function of the Windows kernel, and cannot be disabled. Since this is a kernel function, implemented via SVCHOST.EXE, successful attacks result in System privilege. Specially crafted messages sent to port 135 exploit the buffer overflow.

Problem Symptoms

As of Friday September 12 2003, there are no known worms that exploit the vulnerability. Problem symptoms will be updated as soon as information becomes available.

Workaround/Solution

Cisco tested MS03-039 hotfix. You can download this from Microsoft at http://www.microsoft.com/technet/security/bulletin/ms03-039.asp

  • Minimum Operating System (OS) requirements: OS 2000.2.4 or 2000.2.5. Cisco recommends upgrading to one of the tested versions of the OS, but any Cisco provided OS for the supported applications with Windows 2000 Service Pack (SP) 2, SP3, or SP4 will be supported for this hotfix.

  • Affected Cisco IP Telephony Applications: All versions of Cisco Unity and Cisco Unity Bridge

  • Supported Servers: All Cisco Media Convergence Servers (MCS), Cisco Integrated Communications System, ICS-7750 on SPEs running Cisco Unity, and Cisco-approved, customer-provided Compaq/HP and IBM servers

  • This Microsoft hotfix MS03-039 supersedes MS02-026.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods: