October 23, 2003
Products Affected
|
Product |
|---|
|
Intelligent Contact Manager all versions |
|
IP Contact Center all versions |
|
Internet Script Editor all versions |
|
Cisco Email Manager all versions |
|
Cisco Collaboration Server all versions |
|
Remote Monitoring Suite all versions |
|
Cisco Support Tools version 1.0 |
Problem Description
Microsoft Corporation recently announced a series of Security Bulletins pertaining to the Windows Operating System(s) used with Cisco Call Center products. The Microsoft bulletins are MS03-041 - MS03-46. The following is a description of each of the bulletins.
Microsoft Security Bulletin MS03-041 - Vulnerability in Authenticode Verification Could Allow Remote Code Execution
Microsoft Security Bulletin MS03-042 - Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution
Microsoft Security Bulletin MS03-043 - Buffer Overrun in Messenger Service Could Allow Code Execution
Microsoft Security Bulletin MS03-044 - Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise
Microsoft Security Bulletin MS03-045 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution
Microsoft Security Bulletin MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code Execution
Background
Microsoft announced a set of Security Bulletins on October 15, 2003. The Call Center engineering team has reviewed the critical and important bulletins, as they pertain to the above-mentioned products, and has qualified these patches against the Cisco products. Microsoft has also announced a policy of batch notification of security issues on a monthly basis. The Call Center engineering team plans to mirror this policy and will follow the Microsoft bulletin with a Cisco Contact Center Field Notice after reviewing and a qualificating the Security Bulletin.
Problem Symptoms
It is important to point out that Cisco Contact Center Support has not had any cases pertaining to this threat recorded from our customer base as of October 22nd, 2003.
Refer to the Microsoft website for full details of the potential exposure from the caveats referenced in these Security Bulletins.
Workaround/Solution
Cisco has assessed and where deemed appropriate , qualified the Microsoft security patches addressed in this bulletin. Cisco recommends that Contact Center customers separately assess all security patches released by Microsoft and install those deemed appropriate for their environments. Cisco will continue to provide a service of separately assessing and where necessary, qualifying higher severity security patches that are relevant to the Call Center Enterprise software products.
Visit the Microsoft website to acquire the fixes. Keep in mind that you should download the appropriate fixes based on the version of the Microsoft operating system deployed in your environment.
The patches can be accessed via the following Microsoft web site:
http://www.microsoft.com/technet/security/default.mspx
DDTS
Currently, based on the patches above , there are no Cisco defects logged.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.