Guest

Cisco Unified Intelligent Contact Management Enterprise

Field Notice: Cisco Enterprise and Hosted Contact Center Products Notice for Microsoft February 2005 Security Updates


February 14, 2005


Products Affected

  • CTI OS - 4.x, 5.x and 6.0(0), with the most up to date Service Release

  • Cisco Internet Service Node - Versions 1.0, 2.0 and 2.1

  • ICM Enterprise - 4.6.2, 5.0(0), and 6.0(0); with the most up to date Service Release

  • ICM Hosted - 4.6.2 and 5.0(0), with the most up to date Service Release

  • IPCC Enterprise - 4.6.2, 5.0(0), and 6.0(0); with the most up to date Service Release

  • IPCC Hosted - 4.6.2 and 5.0(0), with the most up to date Service Release

Problem Description

On February 8, 2005, Microsoft released the following security updates:

MS05-004 - Important

ASP.NET Path Validation Vulnerability (887219)

Affected Components:

  • .NET Framework 1.0, .NET Framework 1.1

MS05-007 - Important

Vulnerability in Windows Could Allow Information Disclosure (888302)

Affected Supported Software:

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

MS05-008 - Important

Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)

Affected Supported Software:

  • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

MS05-009 - Critical

Vulnerability in PNG Processing Could Lead to Buffer Overrun (890261)

Affected Software:

  • Microsoft Windows Media Player 9 Series (when running on Windows 2000, Windows XP Service Pack 1 and Windows Server 2003)

  • Microsoft Windows Messenger version 5.0 (standalone version that can be installed on all supported operating systems)

MS05-010 - Critical

Vulnerability in the License Logging Service Could Allow Code Execution (885834)

Affected Supported Software:

  • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows NT Server 4.0 Service Pack 6a

MS05-011 - Critical

Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)

Affected Supported Software:

  • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

MS05-012 - Critical

Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)

Affected Supported Software:

  • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

MS05-013 - Critical

Vulnerability in the DHTML Editing ActiveX Control could allow code execution (891781)

Affected Supported Software:

  • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

MS05-014 - Critical

Cumulative Security Update for Internet Explorer (867282)

Affected Supported Software:

  • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

Affected Components:

  • Internet Explorer 5.01 SP3, 5.01 SP4, 5.5 SP2

  • Internet Explorer 6

MS05-015 - Critical

Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)

Affected Supported Software:

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

For additional information on Microsoft security updates, see http://www.microsoft.com/security.

Background

Cisco evaluates Microsoft security notices and updates for potential impact to Cisco Contact Center products.

The qualification process results in one of four categorical ratings being applied to a given update:

Impacting, Not Impacting, Deferred, or Not Applicable.

The four ratings are defined in the Cisco Customer Contact Software Policy for use of Third-Party Software and Security Updates document.

For the security updates listed in Problem Description section of this bulletin, Cisco has assigned the updates to the following categories:

Impacting

MS05-007 - Vulnerability in Windows Could Allow Information Disclosure (888302)

MS05-011 - Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)

MS05-012 - Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)

Deferred

MS05-008 - Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)

MS05-013 - Vulnerability in the DHTML Editing ActiveX Control could allow code execution (891781)

MS05-014 - Cumulative Security Update for Internet Explorer (867282)

MS05-015 - Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)

Not Impacting

MS05-004 - ASP.NET Path Validation Vulnerability (887219)

MS05-009 - Vulnerability in PNG Processing Could Lead to Buffer Overrun (890261)

MS05-010 - Vulnerability in the License Logging Service Could Allow Code Execution (885834)

The vulnerabilities addressed by MS05-008, MS05-013, MS05-014, and MS05-015 can only be exploited if a user visited a malicious Web Page or viewed a malicious e-mail message that could potentially allow remote code execution. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. Production Contact Center servers should not be used for e-mail or to browse unknown and potentially dangerous Web Sites.

MS05-004, MS05-09, and MS05-010 resolve vulnerabilities in components which are not recommended to be running in an ICM, IPCC environment.

For additional information on the security measures to be considered in an ICM environment, refer to the Security Best Practices for Cisco Intelligent Contact Management Software Guide.

For the Security Updates categorized as Impacting, Cisco is continuing to test its products to further determine if there are any potential conflicts. An update to this field notice will be released when those tests are completed.

Customers should follow Microsoft's guidelines regarding when and how they should apply these updates. Refer to the Microsoft website for full details of the potential exposure from the caveat is referenced at: http://www.microsoft.com/security/default.mspx.

Problem Symptoms

It is important to point out that Cisco Contact Center Support has not had any cases pertaining to this vulnerability recorded from our customer base as of February 10, 2005.

Workaround/Solution

Cisco recommends that Contact Center customers separately assess all security patches released by Microsoft and install those deemed appropriate for their environments.

Cisco will continue to provide a service of separately assessing and where necessary, validating higher severity security patches that may be relevant to the Contact Center Enterprise software products.

Visit the Microsoft website to acquire the fixes. Keep in mind that you should download the appropriate fixes based on the version of the Microsoft operating system deployed in your environment and service pack level.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.