This product bulletin outlines the Cisco® policy and guidelines for installing security updates that Microsoft issues for the Windows Operating System, Internet Information Services (IIS), and SQL Server on Cisco Unified Customer Contact products that are deployed on standard retail packaged installations of the Windows operating system. The following Cisco Customer Contact software products fall into this category:
The Cisco Unified Customer Contact software products listed above require customers to license and install the Windows operating system, Microsoft IIS, and SQL Server. Microsoft issues security updates on the second Tuesday of each month. Because customers license these products from third parties and not from Cisco, customers are responsible for monitoring the availability of these security updates.
As Cisco qualifies new releases of the Unified Customer Contact software products listed above, they will be qualified with the latest Microsoft operating system, including security updates, available at that time.
Customers are responsible for reviewing any security update released by Microsoft for Windows, IIS, and SQL Server, and assessing their security exposure to the vulnerability. If deemed necessary, customers should follow Microsoft's guidelines to apply these updates to the relevant systems as soon as possible.
This policy applies only to Microsoft security updates. It does not apply to Microsoft service packs. Microsoft service packs contain a broad range of fixes and updates, and Cisco needs to verify them before they can be applied. For every release, Cisco explicitly specifies the Microsoft service packs that are required and supported.