Guest

Cisco TelePresence Content Server

Recommended Microsoft Security Updates for Cisco TelePresence Content Server Release 6.0.x

  • Viewing Options

  • PDF (261.4 KB)
  • Feedback

Table of Contents

Recommended Microsoft Security Updates for Cisco TelePresence Content Server Release 6.0.x

Contents

Installation

Windows 2008 R2 Security Updates

Patches that Resolve Nessus-Identified Vulnerabilities

Plugin 48762

Related Documentation

Obtaining Documentation and Submitting a Service Request

Recommended Microsoft Security Updates for Cisco TelePresence Content Server
Release 6.0.x

May 16, 2014

This bulletin lists the Microsoft Security Updates that are recommended for installation on the Cisco TelePresence Content Server Release 6.0.x. This bulletin is applicable to all versions of the Content Server with Windows 2008 R2.

Installation

For each security update, click the link to go directly to the Microsoft web site and do the following:

1. Read the Microsoft Security Bulletin.

2. Download the Security Update by clicking the link on the Security Bulletin web page for Windows Server 2008 R2.

3. Install the update by following the procedure provided by Microsoft.

Windows 2008 R2 Security Updates

 

Microsoft Knowledge Base Article
Executable File

Windows Kernel Patches for Windows 2008 R2 for Content Server 6.0.x

Vulnerability in Digital Signatures Could Allow Denial of Service (KB2868626)

Windows6.1-KB2868626-x64.msu

Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (KB2872339)

Windows6.1-KB2872339-x64.msu

Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (KB2876315)

Windows6.1-KB2876315-x64.msu

Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (KB2847883)

Windows6.1-KB2803821-v2-x64.msu

Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (KB2845187)

Windows6.1-KB2845187-x64.msu

Vulnerability in TCP/IP Could Allow Denial of Service (KB2790655)

Windows6.1-KB2790655-x64.msu

Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (KB2765809)

Windows6.1-KB2765809-x64.msu

Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (KB2733829)

Windows6.1-KB2716513-x64.msu

Windows6.1-KB2719033-x64.msu

Vulnerabilities in Windows Shell Could Allow Remote Code Execution (KB2727528)

Windows6.1-KB2727528-x64.msu

Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (KB2733594)

Windows6.1-KB2705219-v2-x64.msu

Windows6.1-KB2712808-x64.msu

Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (KB2913602)

Windows6.1-KB2913602-x64

Vulnerability in Windows Could Allow Remote Code Execution (KB2893294)

Windows6.1-KB2893294-x64

Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (KB2875783)

Windows6.1-KB2875783-x64

Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (KB2876331)

Windows6.1-KB2876331-x64

Vulnerability in ICMPv6 could allow Denial of Service (KB2868623)

Windows6.1-KB2868623-x64

Vulnerability in Windows Defender Could Allow Elevation of Privilege (KB2847927)

Windows6.1-KB2847927-x64

Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (KB2828223)

Windows6.1-KB2813347-x64

Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (KB2785220)

Windows6.1-KB2785220-x64

Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (KB2758857)

Windows6.1-KB2758857-x64

Vulnerability in Kerberos Could Allow Denial of Service (KB2743555)

Windows6.1-KB2743555-x64

Vulnerability in TLS Could Allow Information Disclosure (KB2655992)

Windows6.1-KB2655992-x64

Vulnerability in Windows Shell Could Allow Remote Code Execution (KB2691442)

Windows6.1-KB2691442-x64

Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (KB2929961)

Windows6.1-KB2929961-x64

Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (KB2930275)

Windows6.1-KB2930275-x64

Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (KB2934418)

Windows6.1-KB2923392-x64

Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (KB2922229)

Windows6.1-KB2922229-x64

Category 2: Windows Patches for Application Server

Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (KB2543893)

SQLServer2005-KB2494113-x86-ENU

Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (KB2916036)

Windows6.1-KB2916036-x64

Category 3: Windows Patches for Application and Frameworks

Vulnerabilities in .NET Framework Could Allow Remote Code Execution (KB2878890)

NDP40-KB2858302-v2-x64

Vulnerability in Open Data Protocol Could Allow Denial of Service (KB2769327)

NDP40-KB2736428-x64

Vulnerability in .NET Framework Could Allow Elevation of Privilege (KB2800277)

NDP40-KB2789642-x64

Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (KB2916607)

NDP40-KB2901110-v2-x64

NDP40-KB2898855-v2-x64

Not supported for Content Server Release 6.0.x:

  • Vulnerability in Media Decompression Could Allow Remote Code Execution (KB2780091)
  • Vulnerability in Windows Common Controls Could Allow Remote Code Execution (KB2720573)
  • Vulnerability in NFS Server Could Allow Denial of Service (KB2790978)
  • Vulnerability in SQL Server Could Allow Elevation of Privilege (KB2754849)

Patches that Resolve Nessus-Identified Vulnerabilities

Nessus is a vulnerability scanner developed by Tenable Network Security. The scanner produces vulnerability checks called plugins which are sometimes resolved by Microsoft patches. The recommended Microsoft patches for the Content Server are listed below.

 

Plugin ID
Description
Executable File/Resolution

20007

Severity Level: Medium

SSL Version 2 (v2) Protocol Detection.

Run the script for Windows Server 2008R2. See the Release 6.0.1 script for Nessus Plugin Patches on Cisco.com .

45411

Severity Level: Medium

SSL Certificate with wrong Hostname.

The Content Server needs to use a publicly signed certificate instead of the default self-signed certificate.

For more information, see the Cisco TelePresence Content Server Administrator Guide .

48762

Severity Level: High

Insecure Library Loading could allow Remote Code Execution.

http://technet.microsoft.com/en-us/security/advisory/2269637

See the “Plugin 48762” section for the executables.

51192

Severity Level: Medium

SSL Certificate cannot be trusted.

Obtain a publicly signed certificate instead of the default certificate.

For more information, see the Cisco TelePresence Content Server Administrator Guide .

53382

Severity Level: High

Microsoft Foundation Class Library could allow Remote code execution.

Patch not recommended. Might cause error on installation or un-installation of the Content Server.

55129

Severity Level: Medium

Microsoft XML editor could allow Information Disclosure.

SQLServer2005-KB2494113-x86-ENU

57582

Severity Level: Medium

SSL Self Signed Certificate.

Obtain a publicly signed certificate instead of the default certificate.

For more information, see the Cisco TelePresence Content Server Administrator Guide .

57608

Severity Level: Medium

SMB signing required.

Review the Supporting information about resolve the issue.

Run the script to resolve the issue. See the Release 6.0.1 script for Nessus Plugin Patches on Cisco.com .

63155

Severity Level: High

Microsoft Windows Unquoted Service Path Enumerator.

Run the script to resolve the issue. See the Release 6.0.1 script for Nessus Plugin Patches on Cisco.com .

71323

Severity Level: High

Insecure ASP.Net Site Configuration could allow Elevation of Privilege.

Microsoft security Advisory 2905274

NDP40-B2894842-x64.exe

Plugin 48762

These are the executables for addressing Plugin 48762.


Note Before installing patches, execute script and fix-it.


 

Microsoft Knowledge Base Article
Executable File

A new CWDIllegalInDll Search registry entry is available to control the Dll search path algorithm

MicrosoftFixit50522

Windows6.1-KB2264107-v2-x64

Run the script to resolve the issue. See the Release 6.0.1 script for Nessus Plugin Patches on Cisco.com .

Vulnerabilities in .NET Framework Could Allow Remote Code Execution (KB2745030)

.Net Framework v4.0-KB2737019

.Net Framework v4.0-KB2729449


NDP40-KB2737019-x64.exe

NDP40-KB2729449-x64.exe

Vulnerability in Color Control Panel Could Allow Remote Code Execution (KB2643719)

Windows6.1-KB2643719-x64.msu

Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (KB2620704)

Windows6.1-KB2620704-x64.msu

Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (KB2623699)

Windows6.0-KB2564958-x64.msu

Vulnerability in Windows Components Could Allow Remote Code Execution (KB2570974)

Windows6.1-KB2570947-x64.msu

Vulnerability in Data Access Components Could Allow Remote Code Execution (KB2560656)

Windows6.1-KB2560656-x64.msu

Insecure library loading could allow remote code execution (MS Knowledge Base Article 2533623)

Windows6.1-KB2533623-x64

Vulnerabilities in Windows Media Could Allow Remote Code Execution (KB2479943)

Windows6.1-KB2479943-x64.msu

Vulnerability in Windows Address Book Could Allow Remote Code Execution (KB2423809)

Windows6.1-KB2423089-x64.msu

Vulnerability in Microsoft Windows Could Allow Remote Code Execution (KB2385678)

Windows6.1-KB2385678-x64.msu

Related Documentation

Cisco TelePresence Content Server Documentation

http://www.cisco.com/en/US/products/ps11347/tsd_products_support_series_home.html

Information About Accessibility and Cisco Products

For information about the accessibility of this product, contact the Cisco accessibility team at accessibility@cisco.com.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html .

Subscribe to What’s New in Cisco Product Documentation , which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.

This document is to be used in conjunction with the documents listed in the “Related Documentation” section.