Guest

Cisco TelePresence Content Server

Recommended Microsoft Security Updates for Cisco TelePresence Content Server Release 5.3.x

  • Viewing Options

  • PDF (259.0 KB)
  • Feedback

Table of Contents

Recommended Microsoft Security Updates for Cisco TelePresence Content Server Release 5.3.x

Contents

Installation

Windows 2003 SP2 Security Updates

Patches that Resolve Nessus-Identified Vulnerabilities

Plugin 48762

Related Documentation

Obtaining Documentation and Submitting a Service Request

Recommended Microsoft Security Updates for Cisco TelePresence Content Server
Release 5.3.x

May 16, 2014

 

This bulletin lists the Microsoft Security Updates that are recommended for installation on the Cisco TelePresence Content Server Release 5.3.x. This bulletin is applicable to all versions of the Content Server with Windows 2003 SP2.

Installation

For each security update, click the link to go directly to the Microsoft web site and do the following:

1. Read the Microsoft Security Bulletin.

2. Download the Security Update by clicking the link on the Security Bulletin web page for Windows Server 2003 SP2.

3. Install the update by following the procedure provided by Microsoft.

Windows 2003 SP2 Security Updates

 

Microsoft Knowledge Base Article
Executable File

Windows Kernel Patches for Windows 2003 SP2 for Content Server 5.3.x

Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (KB2705219 in KB2733594)

WindowsServer2003-KB2705219-v2-x86-ENU.exe

Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (KB2712808 in KB2733594)

WindowsServer2003-KB2712808-x86-ENU.exe

Vulnerabilities in Windows Shell Could Allow Remote Code Execution (KB2727528)

WindowsServer2003-KB2727528-x86-ENU.exe

Vulnerability in Media Decompression Could Allow Remote Code Execution (KB2780091)

WindowsServer2003-KB2780091-x86-ENU.exe

Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (KB2803821 in KB2847883)

WindowsServer2003-KB2803821-v2-x86-ENU (1).exe

Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (KB2845187)

WindowsServer2003-KB2845187-x86-ENU.exe

Vulnerability in Digital Signatures Could Allow Denial of Service (KB2868626)

WindowsServer2003-KB2868626-x86-ENU.exe

Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (KB2876315)

WindowsServer2003-KB2876315-x86-ENU.exe

Vulnerability in Windows Kernel Could Allow Elevation of Privilege (KB2914368)

WindowsServer2003-KB2914368-x86-ENU.exe

Vulnerability in LRPC Client Could Allow Elevation of Privilege (KB2898715)

WindowsServer2003-KB2898715-x86-ENU.exe

Vulnerability in Windows Could Allow Remote Code Execution (KB2893294)

WindowsServer2003-KB2893294-x86-ENU.exe

Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (KB2876331)

WindowsServer2003-KB2876331-x86-ENU.exe

Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (KB2850869)

WindowsServer2003-KB2850869-x86-ENU.exe

Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (KB2820917)

WindowsServer2003-KB2820917-x86-ENU.exe

Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (KB2758857)

WindowsServer2003-KB2758857-x86-ENU.exe

Vulnerability in TLS Could Allow Information Disclosure (KB2655992)

WindowsServer2003-KB2655992-x86-ENU.exe

Vulnerability in Windows Shell Could Allow Remote Code Execution (KB2691442)

WindowsServer2003-KB2691442-x86-ENU.exe

Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (KB2929961)

WindowsServer2003-KB2929961-x86-ENU

Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (KB2930275)

WindowsServer2003-KB2930275-x86-ENU

Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (KB2934418)

WindowsServer2003-KB2923392-x86-ENU

Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (KB2922229)

WindowsServer2003-KB2922229-x86-ENU

Category 2: Windows Patches for Application Server for Content Server 5.3.x

Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (KB2494113 in KB2543893)

SQLServer2005-KB2494113-x86-ENU

Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (KB2916036)

WindowsServer2003-KB2916036-x86-ENU

Category 3: Windows Patches for Windows Applications and Framework for
Content Server 5.3.x

Vulnerabilities in .NET Framework Could Allow Remote Code Execution (KB2878890)

.NET framework 2.0 (KB2863239)

.NET framework 4.0 (KB2858302-v2)


NDP20SP2-KB2863239-x86.exe

NDP40-KB2858302-v2-x86.exe

Vulnerability in .NET Framework Could Allow Elevation of Privilege (KB2800277)

.NET framework 2.0 (KB2789643)

.NET framework 4.0 (KB2789642)


NDP20SP2-KB2789643-x86.exe

NDP40-KB2789642-x86.exe

Vulnerability in Open Data Protocol Could Allow Denial of Service (KB2769327 in KB2736428)

NDP40-KB2736428-x86.exe

Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (KB2916607)

NDP20SP2-KB2901111-x86

NDP20SP2-KB2898856-x86

NDP40-KB2898855-v2-x86

NDP40-KB2901110-v2-x86

Not supported for Content Server Release 5.3.x:

  • Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (KB2828223)
  • Vulnerability in Windows Common Controls Could Allow Remote Code Execution (KB2726929 and KB2687441 in KB2720573)
  • Vulnerability in SQL Server Could Allow Elevation of Privilege (KB2716427, KB2716429, and KB2716440 in KB2754849)
  • Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (KB2845142 in KB2847883)

Patches that Resolve Nessus-Identified Vulnerabilities

Nessus is a vulnerability scanner developed by Tenable Network Security. The scanner produces vulnerability checks called plugins which are sometimes resolved by Microsoft patches. The recommended Microsoft patches for the Content Server are listed below.

 

Plugin ID
Description
Executable File/Resolution

20007

Severity Level: Medium

SSL Version 2 (v2) Protocol Detection.

Microsoft provided fix-it 50495 for Windows Server 2003. Or, run the script for Windows Server 2003. See the Release 5.3.2 script for Nessus Plugin Patches on Cisco.com .

45411

Severity Level: Medium

SSL Certificate with wrong Hostname.

The Content Server needs to use a publicly signed certificate instead of the default self-signed certificate.

For more information, see the Cisco TelePresence Content Server Administrator Guide .

48762

Severity Level: High

Insecure Library Loading could allow Remote Code Execution.

http://technet.microsoft.com/en-us/security/advisory/2269637

See the “Plugin 48762” section for the executables.

51192

Severity Level: Medium

SSL Certificate cannot be trusted.

Obtain a publicly signed certificate instead of the default certificate.

For more information, see the Cisco TelePresence Content Server Administrator Guide .

53382

Severity Level: High

Microsoft Foundation Class Library could allow Remote code execution.

Patch not recommended. Might cause error on installation or uninstallation of the Content Server.

55129

Severity Level: Medium

Microsoft XML editor could allow Information Disclosure.

SQLServer2005-KB2494113-x86-ENU

57582

Severity Level: Medium

SSL Self Signed Certificate.

Obtain a publicly signed certificate instead of the default certificate.

For more information, see the Cisco TelePresence Content Server Administrator Guide .

57608

Severity Level: Medium

SMB signing required.

Review the supporting information about the issue.

Run the script to resolve the issue. See the Release 5.3.2 script for Nessus Plugin Patches on Cisco.com .

63155

Severity Level: High

Microsoft Windows Unquoted Service Path Enumerator.

Run the script to resolve the issue. See the Release 5.3.2 script for Nessus Plugin Patches on Cisco.com .

71323

Severity Level: High

Insecure ASP.Net Site Configuration could allow Elevation of Privilege.

Microsoft Security Advisory 2905247

NDP20SP2-KB2894843-x86.exe

NDP40-KB2894842-x86.exe

Plugin 48762

These are the executables for addressing Plugin 48762.


Note Before installing patches, execute script and fixit.


 

Microsoft Knowledge Base Article
Executable File

A new CWDIllegalInDll Search registry entry is available to control the Dll search path algorithm

MicrosoftFixit50522

WindowsServer2003-KB2264107-x86-ENU.exe

Run the script to resolve the issue. See the Release 5.3.2 script for Nessus Plugin Patches on Cisco.com .

Vulnerabilities in .NET Framework Could Allow Remote Code Execution (KB2745030)

.Net Framework v2.0-KB2729450

.Net Framework v4.0-KB2729449

.Net Framework v4.0-KB2737019


NDP20SP2-KB2729450-x86.exe

NDP40-KB2729449-x86.exe

NDP40-KB2737019-x86.exe

Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (KB2623699)

WindowsServer2003-KB2564958-X86-ENU.exe

Vulnerability in Windows Components Could Allow Remote Code Execution (KB2570974)

WindowsServer2003-KB2570947-x86-ENU.exe

Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (KB2483619 in KB2508062)

WindowsServer2003-KB2483619-x86-ENU.exe

Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (KB2443105)

WindowsServer2003-KB2443105-x86-ENU.exe

Vulnerability in Windows Address Book Could Allow Remote Code Execution (KB2423809)

WindowsServer2003-KB2423089-x86-ENU.exe

Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (KB2447961)

Windows Media Encoder 9x86

Related Documentation

Cisco TelePresence Content Server Documentation

http://www.cisco.com/en/US/products/ps11347/tsd_products_support_series_home.html

Information About Accessibility and Cisco Products

For information about the accessibility of this product, contact the Cisco accessibility team at accessibility@cisco.com.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html .

Subscribe to What’s New in Cisco Product Documentation , which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.

This document is to be used in conjunction with the documents listed in the “Related Documentation” section.