PB430478
Summary
Microsoft released the September 2007 Security Advisory Bulletin on August 14, 2007.Four bulletins were released that address four individual vulnerabilities.
Details of the August Bulletin
Details of the vulnerabilities are documented by Microsoft1. The one bulletin rated as Critical addresses remote code execution vulnerabilities in Microsoft Agent affecting the Windows 2000 operating system. Microsoft also released three bulletins rated as Important to correct vulnerabilities in remote code execution for Microsoft Visual Studio and MSN Messenger and Windows Live Messenger, and an escalation of privilege vulnerability in Windows Services for UNIX and Subsystem for UNIX-based Applications. Attackers must rely on user interaction to exploit the two arbitrary code execution vulnerabilities. This factor reduces the potential for exploitation.
Cisco Security Agent Response
Cisco Security Agent offers proactive protection against exploits and variants that are trying to take advantage of published and unpublished vulnerabilities. Cisco Security Agent is designed to protect servers, desktops, and POS devices from these threats by using rules-based policies. This allows customers to have protection against new and unknown threats without having to update the product with attack-based "signatures."
The following is an estimation of how endpoints protected by Cisco Security Agent will perform when faced with attacks based on these newly disclosed vulnerabilities using the Cisco provided default policies. No actual exploit testing using these vulnerabilities has been performed to date so there may be a difference in the real-world Cisco Security Agent test results against actual exploits.
Critical
MS07-051: Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)
Based on the information provided in the Microsoft advisory, this vulnerability is similar to a prior Microsoft XML Core Services ActiveX vulnerability (CVE-2006-5745). It is expected that Cisco Security Agent would have similar effectiveness to Remote Code Execution attacks as tested against CVE-2006-5745 by an independent third party
Important
MS07-052: Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)
Based on the information provided in the Microsoft advisory, this vulnerability is similar to prior Microsoft Word vulnerabilities (CVE-2006-5994). It is expected that Cisco Security Agent would have similar effectiveness to Remote Code Execution attacks as tested against MS07-014 http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps5057/prod_bulletin0900aecd8060b074.html.
MS07-053: Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)
Since currently shipping versions of Cisco Security Agent do not run on Windows Services for UNIX, Cisco Security Agent would not provide protection against this vulnerability.
MS07-054: Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099)
Based on the information provided in the Microsoft advisory, the MSN Messenger and Windows Live Messenger vulnerabilities are similar to a prior Microsoft Win32/Nuwar.N e-mail worm (Storm Trojan). It is expected that Cisco Security Agent would have similar effectiveness to Remote Code Execution attacks as tested against the Storm Trojan exploit http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps5057/prod_bulletin0900aecd8060adea.html.