This product bulletin outlines the Cisco® policy and guidelines for installing security updates that Microsoft issues for the Windows Operating System, Internet Information Server (IIS), and Sequenced Query Language (SQL) Server on Cisco Unified Customer Contact products that are deployed on standard retail packaged installations of the Windows Operating System. The following Cisco Customer Contact software products fall into this category:
The Cisco Unified Customer Contact software products listed previously require customers to license and install the Windows Operating System, Microsoft IIS, and SQL Server. Microsoft issues security updates on the second Tuesday of each month. Because customers license these products from third parties and not from Cisco, customers are responsible for monitoring the availability of these security updates.
Cisco qualifies the previously listed customer contact software products with the latest Microsoft security update for the last two supported versions of the software and only on the supported version of the Windows Operating System. Cisco issues a field notice, typically a few days after the second Tuesday of the month, which categorizes the effect of Microsoft security updates on these customer contact software products. Cisco recommends that customers assess the security exposure of the critical security patches released by Microsoft for Windows, IIS and SQL and apply critical security patches as deemed necessary for their site ahead of the Cisco field notice.
For older versions of the Cisco Unified Customer Contact software products, Cisco recommends that customers review any security update issued for these products and assess their exposure to the vulnerability. If deemed necessary, customers should follow Microsoft's guidelines to apply these updates to the relevant systems as soon as possible. Cisco qualifies older versions of Cisco Unified Customer Contact software products on an as-needed basis.
Cisco categorizes the effect that every Microsoft security update has on the previously listed Cisco Unified Customer Contact software products based on the following Cisco defined categories:
• Impacting: Microsoft labels the update as critical, important, or otherwise of special interest, and it directly affect the Cisco Unified Customer Contact software product. In other words, the update affects some software component or function (or is basic to the operating system and affects all operations for any software), or it applies to the latest supported Cisco Unified Customer Contact software product qualified service pack(s). Cisco recommends installing such an update. In the unlikely event that problems are found with a particular update, Cisco tests and qualifies the faults before approving the use of the security update with Cisco Unified Customer Contact software products.
• Deferred: Microsoft labels the update as critical, important, or is otherwise of special interest, but it does not directly affect Cisco Unified Customer Contact software product components or functions during regular use of the software. Qualification testing is typically deferred and performed with the next maintenance release of the product. The release notes of the maintenance release describe the applicability of all security updates relative to that maintenance release.
• Not applicable: The update does not apply to the latest supported Cisco Unified Customer Contact software product, regardless of product applicability or Microsoft rated severity. Cisco performs no additional qualification testing.
Important Note
This policy applies only to Microsoft security updates. It does not apply to Microsoft service packs. Microsoft service packs contain a broad range of fixes and updates, and Cisco needs to verify them before they can be applied. For every release, Cisco explicitly specifies the Microsoft service packs that are required and supported.
Product Alert Tool
To subscribe to receive future field notices regarding third-party patch information, go to http://tools.cisco.com/Support/PAT/do/ViewMyProfiles.do?local=en and create an alert profile. While creating the profile, select all customer contact products (preferred) or just individual products. After you create your profile, Cisco will send you the appropriate field notice information in an e-mail message.
