Guest

Cisco Unified Intelligent Contact Management Enterprise

Microsoft Security Bulletin MS03-039 for Contact Center Products


September 12, 2003


Products Affected

Product

Comments

Intelligent Contact Manager

Including Cisco Agent Desktop (CAD), Cisco Computer Telephony Integration (CTI) Operating System (OS), CTI Toolkit and Webview

Hosted ICM

Previously known as Network Application Manager (NAM). Including Cisco Agent Desktop (CAD), CTIOS, CTI Toolkit and Webview

IP Contact Center

Including Cisco Agent Desktop (CAD), CTIOS, CTI Toolkit and Webview

Cisco Email Manager

Windows platform only

Dynamic Content Adapter

Windows platform only

Cisco Collaboration Server

Windows platform only

Trailhead

Windows platform only

Cisco Media Blender

Windows platform only

Internet Script Node

Non-MCS platform only

Remote Monitoring Suite

?

Problem Description

Microsoft Corporation recently announced a security vulnerability in its Windows Operating Systems to which the aforementioned Contact Center products are exposed.

The security vulnerability is in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface.

Additional information can be found on the Microsoft Website at the following location:

http://www.microsoft.com/technet/security/bulletin/ms03-039.asp

Background

A stack-based buffer overflow condition has been discovered in the Microsoft RPC interface for DCOM. This is a core function of the Windows kernel, and cannot be disabled. Specially crafted messages sent to port 135 exploit the buffer overflow.

Problem Symptoms

As of Friday, September 12 2003, there are no known worms that exploit the vulnerability. Problem symptoms will be updated as soon as information becomes available.

Workaround/Solution

Cisco Systems has qualified MS03-039 hotfix and has determined that the hotfix should be applied to all the products mentioned in this notice. You can download this hotfix from Microsoft directly at:

http://www.microsoft.com/technet/security/bulletin/ms03-039.asp

Note: This Microsoft hotfix MS03-039 supersedes MS02-026.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.