Guest

Cisco Unified Contact Center Enterprise

Field Notice: FN - 62222 - Cisco Enterprise and Hosted Contact Center Products Notice for Microsoft October 2005 Security Updates


Revised November 11, 2005

October 13, 2005

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Product

Cisco CTI and CTI OS - 4.x, 5.x, 6.0(0) and 7.0(0); with the most up to date Service Release

Cisco Collaboration Server - 5.0; with the most up to date Service Release

Cisco Internet Service Node - 1.0(1), 2.0 and 2.1

Cisco Voice Portal - 3.0; with the most up to date Service Release

Cisco eMail Manager - 5.0; with the most up to date Service Release

ICM Enterprise - 4.6.2, 5.0(0), 6.0(0) and 7.0(0); with the most up to date Service Release

ICM Hosted - 4.6.2, 5.0(0) and 7.0(0); with the most up to date Service Release

IPCC Enterprise - 4.6.2, 5.0(0) 6.0(0) and 7.0(0); with the most up to date Service Release

IPCC Hosted - 4.6.2, 5.0(0) and 7.0(0); with the most up to date Service Release

 

Problem Description

On October 11, 2005, Microsoft released the following security updates:

MS05-044 - Moderate

Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)

Affected Software:

  • Microsoft Windows Server 2003

  • Microsoft Windows XP Service Pack 1

MS05-045 - Moderate

Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)

Affected Supported Software:

  • Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

  • Microsoft Windows Server 2003 Service Pack 1

MS05-046 - Important

Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)

Affected Supported Software:

  • Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

  • Microsoft Windows Server 2003 Service Pack 1

MS05-047 - Important

Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privileged (905749)

Affected Supported Software:

  • Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

MS05-048 - Important

Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)

Affected Supported Software:

  • Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

  • Microsoft Windows Server 2003 Service Pack 1

MS05-049 - Important

Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)

Affected Supported Software:

  • Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

  • Microsoft Windows Server 2003 Service Pack 1

MS05-050 - Critical

Vulnerability in DirectShow Could Allow Remote Code Execution (904706)

Affected Supported Software:

  • Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

  • Microsoft Windows Server 2003 Service Pack 1

MS05-051 - Critical

Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)

Affected Supported Software:

  • Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

  • Microsoft Windows Server 2003 Service Pack 1

MS05-052 - Critical

Cumulative Security Update for Internet Explorer (896688)

Affected Supported Software:

  • Microsoft Windows 2000 Service Pack 4

  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

  • Microsoft Windows Server 2003 Service Pack 1

For additional information on Microsoft security updates, see the Microsoft Security Updates page.

Background

Cisco evaluates Microsoft security notices and updates for potential impact to Cisco Contact Center products.

The qualification process results in one of four categorical ratings being applied to a given update: Impacting, Not Impacting, Deferred, or Not Applicable.

The four ratings are defined in the Cisco Customer Contact Software Policy for use of Third-Party Software and Security Updates document.

For the security updates listed in Problem Description section of this bulletin, Cisco has assigned the updates to the following categories:

Impacting

  • MS05-047 - Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privileged

  • MS05-049 - Vulnerabilities in Windows Shell Could Allow Remote Code Execution

  • MS05-050 - Vulnerability in DirectShow Could Allow Remote Code Execution

  • MS05-051 - Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution

Deferred

  • MS05-045 - Vulnerability in Network Connection Manager Could Allow Denial of Service

  • MS05-052 - Cumulative Security Update for Internet Explorer

Not Applicable

  • MS05-044 - Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering

  • MS05-046 - Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution

  • MS05-048 - Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution

Due to the nature of some of the vulnerabilities addressed by a number of critical, important and moderate security updates, which are only exploitable if a user visited a malicious Web or FTP site or viewed a malicious e-mail message that could potentially allow remote code execution, they are deferred and rolled up into the next service release testing of the supported applications. The vulnerability addressed by MS05-044 is only applicable if the Enable Folder View for FTP Sites Internet Explorer setting is changed from the default of being disabled.

While an attacker who successfully exploited these vulnerabilities could take complete control of an affected system or cause a denial of service attack, Production Contact Center application servers should not be used for chat, e-mail or to browse unknown and potentially dangerous Web or FTP Sites.

Proper care should be taken in deciding on which updates to apply to your systems. For additional information on the security measures to be considered in an ICM environment, refer to the Security Best Practices for Cisco Intelligent Contact Management Software Guide.

Product

Version(s)

Tested (Y/I*)

Components Tested (All or Specific)

ICM/IPCC

7.0(0) SR1

Y

All ICM Components Tested

ICM/IPCC

6.0(0) SR4

Y

All ICM Components Tested

ICM/IPCC

5.0(0) SR11

Y

All ICM Components Tested

 

Note: *"I" indicates that testing is in progress and will be updated when complete.

Customers should follow Microsoft's guidelines regarding when and how they should apply these updates. Refer to the Microsoft website for full details of the potential exposure from the caveat is referenced on the Microsoft Security page.

Problem Symptoms

Security Bulletin MS05-051 conflicts with recommended non-default file access control lists, leading to Internet Script Editor logon failure.

File system hardening recommendations in the Security Best Practices for Cisco Intelligent Contact Management Software Guide suggest removing the EVERYONE group from all the drives' file access control list (ACL) permission settings. When applied to the Windows system drive (%SYSTEMDRIVE%), the following errors will result when attempting to login Internet Script Editor Users after MS05-0511 is installed:

  • An error message pops up in Internet Script Editor:

    "The user credentials you supplied were not accepted by the server. Please contact the Web server's administrator to verify you have permission to log on."

  • HTTP 500 error may be logged in the IIS log file

  • An event that is similar to the following may be logged in the System log:

    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10010
    Date:
    Time:
    User: NT AUTHORITY\SYSTEM
    Computer: Server
    Description: The server did not register with DCOM within the required timeout.
    Event Type: Warning
    Event Source: W3SVC
    Event Category: None
    Event ID: 36
    Date:
    Time:
    User: N/A
    Computer: Server
    Description: The server failed to load application '/LM/W3SVC/1/ROOT'. The error was 'Server execution failed '.
    

    For additional information specific to this message please visit the Microsoft Online Support site.

Workaround/Solution

Please follow the solution provided in the Microsoft Knowledge Base Article KB 909444, Systems that have changed the default Access Control List permissions on the %windir%\registration directory may experience various problems after you install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC, to restore the default permissions to the COM+ catalog.

Cisco has assessed, and where deemed appropriate, validated the Microsoft security patches addressed in this bulletin along with any workarounds for the problems found. Deferred security updates will be folded in to regression testing of the listed products' next service release or major release, whichever comes first.

Cisco recommends that Contact Center customers separately assess all security patches released by Microsoft and install those deemed appropriate for their environments.

Cisco will continue to provide a service of separately assessing and where necessary, validating higher severity security patches that may be relevant to the Contact Center Enterprise software products.

Visit the Microsoft website to acquire the fixes. Keep in mind that you should download the appropriate fixes based on the version of the Microsoft operating system deployed in your environment and service pack level.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.