Guest

Cisco Unified Intelligent Contact Management Enterprise

Cisco Enterprise Contact Center Software - Microsoft Security Patch Update for October 15, 2003


October 23, 2003


Products Affected

Product

Intelligent Contact Manager all versions

IP Contact Center all versions

Internet Script Editor all versions

Cisco Email Manager all versions

Cisco Collaboration Server all versions

Remote Monitoring Suite all versions

Cisco Support Tools version 1.0

Problem Description

Microsoft Corporation recently announced a series of Security Bulletins pertaining to the Windows Operating System(s) used with Cisco Call Center products. The Microsoft bulletins are MS03-041 - MS03-46. The following is a description of each of the bulletins.

Microsoft Security Bulletin MS03-041 - Vulnerability in Authenticode Verification Could Allow Remote Code Execution

Microsoft Security Bulletin MS03-042 - Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution

Microsoft Security Bulletin MS03-043 - Buffer Overrun in Messenger Service Could Allow Code Execution

Microsoft Security Bulletin MS03-044 - Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise

Microsoft Security Bulletin MS03-045 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution

Microsoft Security Bulletin MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code Execution

Background

Microsoft announced a set of Security Bulletins on October 15, 2003. The Call Center engineering team has reviewed the critical and important bulletins, as they pertain to the above-mentioned products, and has qualified these patches against the Cisco products. Microsoft has also announced a policy of batch notification of security issues on a monthly basis. The Call Center engineering team plans to mirror this policy and will follow the Microsoft bulletin with a Cisco Contact Center Field Notice after reviewing and a qualificating the Security Bulletin.

Problem Symptoms

It is important to point out that Cisco Contact Center Support has not had any cases pertaining to this threat recorded from our customer base as of October 22nd, 2003.

Refer to the Microsoft website for full details of the potential exposure from the caveats referenced in these Security Bulletins.

Workaround/Solution

Cisco has assessed and where deemed appropriate , qualified the Microsoft security patches addressed in this bulletin. Cisco recommends that Contact Center customers separately assess all security patches released by Microsoft and install those deemed appropriate for their environments. Cisco will continue to provide a service of separately assessing and where necessary, qualifying higher severity security patches that are relevant to the Call Center Enterprise software products.

Visit the Microsoft website to acquire the fixes. Keep in mind that you should download the appropriate fixes based on the version of the Microsoft operating system deployed in your environment.

The patches can be accessed via the following Microsoft web site:

http://www.microsoft.com/technet/security/default.mspx

DDTS

Currently, based on the patches above , there are no Cisco defects logged.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.