Guest

Cisco Unified Intelligent Contact Management Enterprise

Field Notice: FN - 62176 - Cisco Enterprise and Hosted Contact Center Products Notice for Microsoft August 2005 Security Updates


Revised August 18, 2005

August 12, 2005


Products Affected

Product

CCS - 5.0; with the most up to date Service Release

CEM - 5.0; with the most up to date Service Release

Cisco CTI and CTI OS - 4.x, 5.x, 6.0(0) and 7.0(0), with the most up to date Service Release

Cisco Internet Service Node - 1.0

Cisco Voice Portal - 2.1 and 3.0

ICM Enterprise - 4.6.2, 5.0(0), 6.0(0) and 7.0(0); with the most up to date Service Release

ICM Hosted - 4.6.2, 5.0(0), 6.0(0) and 7.0(0); with the most up to date Service Release

IPCC Enterprise - 4.6.2, 5.0(0), 6.0(0) and 7.0(0); with the most up to date Service Release

IPCC Hosted - 4.6.2, 5.0(0), 6.0(0) and 7.0(0); with the most up to date Service Release

Problem Description

On August 9, 2005, Microsoft released the following security updates:

MS05-038 - Critical

Cumulative Security Update for Internet Explorer (896727)

Affected Supported Software:

  • Microsoft Windows Server 2003 Service Pack 1

  • Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating systems.

MS05-039 - Critical

Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)

Affected Supported Software:

  • Microsoft Windows Server 2003 Service Pack 1

  • Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

MS05-040 - Important

Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)

Affected Supported Software:

  • Microsoft Windows Server 2003 Service Pack 1

  • Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

MS05-041 - Moderate

Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)

Affected Supported Software:

  • Microsoft Windows Server 2003 Service Pack 1

  • Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

MS05-042 - Moderate

Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)

Affected Supported Software:

  • Microsoft Windows Server 2003 Service Pack 1

  • Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

MS05-043 - Critical

Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)

Affected Supported Software:

  • Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

For additional information on Microsoft security updates, see the Microsoft Security page.

Background

Cisco evaluates Microsoft security notices and updates for potential impact to Cisco Contact Center products.

The qualification process results in one of four categorical ratings being applied to a given update: Impacting, Not Impacting, Deferred, or Not Applicable.

The four ratings are defined in the Cisco Customer Contact Software Policy for use of Third-Party Software and Security Updates document.

For the security updates listed in Problem Description section of this bulletin, Cisco has assigned the updates to the following categories:

Impacting

  • MS05-039 - Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege

  • MS05-043 - Vulnerability in Print Spooler Service Could Allow Remote Code Execution

Deferred

  • MS05-038 - Cumulative Security Update for Internet Explorer

  • MS05-040 - Vulnerability in Telephony Service Could Allow Remote Code Execution

  • MS05-041 - Vulnerability in Remote Desktop Protocol Could Allow Denial of Service

  • MS05-042 - Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing

Due to the nature of some of the vulnerabilities addressed by a number of critical, important and moderate security updates, they are only exploitable if a user visited a malicious Web Page or viewed a malicious e-mail message that could potentially allow remote code execution. They are deferred and rolled up into the next service release testing of the supported applications. While an attacker who successfully exploited these vulnerabilities could take complete control of an affected system. Production Contact Center application servers should not be used for chat, e-mail or to browse unknown and potentially dangerous Web Sites.

Additionally, Cisco is deferring the Telephony service security update (MS05-040) for it should be disabled according to security best practices unless it is required for remote modem support on the application servers. Systems that have disabled the Telephony service would not be vulnerable to this issue.

Proper care should be taken in deciding on which updates to apply to your systems. For additional information on the security measures to be considered in an ICM environment, refer to the Security Best Practices for Cisco Intelligent Contact Management Software Guide.

For the Security Updates categorized as Impacting, Cisco is continuing to test its products to further determine if there are any potential conflicts. An update to this field notice will be released when those tests are completed.

Customers should follow Microsoft's guidelines regarding when and how they should apply these updates. Refer to the Microsoft website for full details of the potential exposure from the caveat is referenced on the Microsoft Security page.

Problem Symptoms

i. In certain situations, we have found that MS05-039 causes the TServer component of the Cisco E-Mail Manager (CEM) to fail initializing. Refer to bug ID CSCsb61706.

ii. In certain situations, we have found that MS05-039 causes the LGMapper Server component and the AlarmTracker Client of the Cisco Remote Monitoring Suite (RMS) to deny connections from the AlarmTracker Client. You may also cause the LGMapperNM service from starting due to an invalid login.

Workaround/Solution

Cisco has assessed, and where deemed appropriate, validated the Microsoft security patches addressed in this bulletin. Deferred security updates will be folded in to regression testing of the listed products' next service release or major release, whichever comes first.

i. For the issue described in the Problem Symptoms section (i) of this notice, the following describes the workaround necessary to avoid the issue with Cisco E-Mail Manager.

Changing the default TCP port number from 1116 (default) to 11101:

  1. Shut down CEM

  2. Open Configuration and change the TServer port to 11101

  3. Save settings and exit

  4. For the CEM UI Server, open up the following file: uiroot/WEB_INF/properties/default/cem/properties.xml

  5. Change value for DB_PORTNUM to 11101

Note: If there are multiple CEM instances, use 11102 for the next instance, and so on, incrementing by one.

ii. For the issue described in the Problem Symptoms section (ii) of this notice, the following describes the workaround necessary to avoid the issue with Cisco AlarmTracker Client on Windows 2000.

Changing the settings on the LGMapper Server and the AlarmTracker Client

Enabling Distributed COM:

On LGMapper:

  1. Run dcomcnfg.exe

  2. On the Default Properties tab, verify that Enable Distributed COM is checked

  3. Press Apply if not grayed out

  4. On the Applications Tab select LGMapper2 and click properties

  5. Under the Identity tab set the password for the LGMapper user on the local machine.

  6. Click OK

  7. Set the password for the LGMapper user again to make sure it is in sync with the dcom service. In Computer Management, Local Users and Groups, Users, right click LGMapper and select set password. Type the password in both fields and press OK.

  8. Reboot the LGMapper server.

On AlarmTracker Client (Windows 2000):

  1. Exit all instances of AlarmTracker2 Client.

  2. Run dcomcnfg.exe.

  3. On the Default Properties tab, verify that Enable Distributed COM is checked.

  4. Press OK.

  5. Start AlarmTracker2 Client.

On AlarmTracker Client (Windows XP):

  1. Exit all instances of AlarmTracker2 Client

  2. Run dcomcnfg.exe

  3. Under Component Services, select Computers

  4. Right click My Computer. Select Properties

  5. On the Default Properties tab, verify that Enable Distributed COM is checked

  6. Press OK

  7. Start AlarmTracker2 Client

Cisco recommends that Contact Center customers separately assess all security patches released by Microsoft and install those deemed appropriate for their environments.

Cisco will continue to provide a service of separately assessing and where necessary, validating higher severity security patches that may be relevant to the Contact Center Enterprise software products.

Visit the Microsoft website to acquire the fixes. Keep in mind that you should download the appropriate fixes based on the version of the Microsoft operating system deployed in your environment and service pack level.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCsb61706 (registered customers only)

Microsoft patch MS05-039 linked to TServer startup failures

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.