The following table identifies Cisco Security Intelligence Operation content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin	Cisco IntelliShield Alert	CVE ID	Cisco Mitigations	CVSS Base Score
Microsoft Security Bulletin MS09-009 Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution	Microsoft Office Excel Memory Corruption Arbitrary Code Execution Vulnerability	CVE-2009-0100	Cisco Intrusion Prevention System Signature 16414-0, Cisco Security Monitoring, Analysis and Response System	9.3
	Microsoft Office Excel Invalid Object Arbitrary Code Execution Vulnerability	CVE-2009-0238	Cisco Intrusion Prevention System Signatures 16413-0 and 15733-0, Cisco Security Monitoring, Analysis and Response System	9.3
Microsoft Security Bulletin MS09-010 Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution	Microsoft Windows WordPad Text Converter File Handling Memory Corruption Vulnerability	CVE-2008-4841	Cisco Intrusion Prevention System Signature 16514-0, Cisco Security Monitoring, Analysis and Response System	9.3
	Microsoft Office and Wordpad Text Converter Memory Corruption Vulnerability	CVE-2009-0087	Cisco Intrusion Prevention System Signature 16373-0, Cisco Security Monitoring, Analysis and Response System	9.3
	Microsoft Office Word WordPerfect Text Converter Code Execution Vulnerability	CVE-2009-0088	Cisco Security Agent, Cisco NAC Appliance, Cisco Intrusion Prevention System Signature 16433-0, Cisco Security Monitoring, Analysis and Response System	9.3
	Microsoft WordPad Word 97 Text Converter Code Execution Vulnerability	CVE-2009-0235	Cisco Intrusion Prevention System Signature 16475-0, Cisco Security Monitoring, Analysis and Response System	9.3
Microsoft Security Bulletin MS09-011 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution	Microsoft DirectX DirectShow MJPEG Processing Arbitrary Code Execution Vulnerability	CVE-2009-0084	Cisco Intrusion Prevention System Signature 16513-0, Cisco Security Monitoring, Analysis and Response System	9.3
Microsoft Security Bulletin MS09-012 Vulnerabilities in Windows Could Allow Elevation of Privilege	Microsoft Windows Token Kidnapping Privilege Escalation Vulnerability	CVE-2008-1436	–	6.8
	Microsoft Windows WMI Service Privilege Escalation Vulnerability	CVE-2009-0078	–	6.8
	Microsoft Windows RPCSS Service Privilege Escalation Vulnerability	CVE-2009-0079	–	6.8
	Microsoft Windows ThreadPool Privilege Escalation Vulnerability	CVE-2009-0080	–	6.8
Microsoft Security Bulletin MS09-013 Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution	Microsoft Windows HTTP Services Integer Underflow Arbitrary Code Execution Vulnerability	CVE-2009-0086	Cisco Intrusion Prevention System Signatures 12693-0 and 5245-0, Cisco Security Monitoring, Analysis and Response System	9.3
	Microsoft Windows HTTP Services Certificate Name Validation Spoofing Vulnerability	CVE-2009-0089	–	9.3
	Microsoft Windows HTTP Services User Account Credentials Reflection Vulnerability	CVE-2009-0550	Cisco Intrusion Prevention System Signatures 16476-0, 16476-1, 16476-2, 16476-3, and 16476-4, Cisco Security Monitoring, Analysis and Response System	9.3
Microsoft Security Bulletin MS09-014 Cumulative Security Update for Internet Explorer	Microsoft Windows HTTP Services User Account Credentials Reflection Vulnerability	CVE-2009-0550	Cisco Intrusion Prevention System Signatures 16476-0, 16476-1, 16476-2, 16476-3, and 16476-4, Cisco Security Monitoring, Analysis and Response System	9.3
	Microsoft Internet Explorer Page Transition Processing Memory Corruption Vulnerability	CVE-2009-0551	Cisco Intrusion Prevention System Signature 16415-0, Cisco Security Monitoring, Analysis and Response System	9.3
	Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability	CVE-2009-0552	Cisco Intrusion Prevention System Signature 16416-0, Cisco Security Monitoring, Analysis and Response System	9.3
	Microsoft Internet Explorer Uninitialized Memory Access Code Execution Vulnerability	CVE-2009-0553	Cisco Intrusion Prevention System Signature 16473-0, Cisco Security Monitoring, Analysis and Response System	9.3
	Microsoft Internet Explorer Uninitialized Memory Object Access Vulnerability	CVE-2009-0554	Cisco Intrusion Prevention System Signature 16474-0, Cisco Security Monitoring, Analysis and Response System
	Apple Safari for Windows Desktop Executable Handling Arbitrary Code Execution Vulnerability	CVE-2008-2540	–	9.3
Microsoft Security Bulletin MS09-015 Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege	Apple Safari for Windows Desktop Executable Handling Arbitrary Code Execution Vulnerability	CVE-2008-2540	–	9.3
Microsoft Security Bulletin MS09-016 Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service	Microsoft Internet Security and Acceleration Server Denial of Service Vulnerability	CVE-2009-0077	Cisco ACE Application Control Engine, Cisco ASA, PIX, and FWSM Firewalls	5.0
	Microsoft Internet Security and Acceleration Server Cross-Site Scripting Vulnerability	CVE-2009-0237	Cisco Intrusion Prevention System Signature 16494-0, Cisco Security Monitoring, Analysis and Response System	6.8

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco Intrusion Prevention System (IPS) signatures, Cisco Security Monitoring, Analysis, and Response System Incidents, Cisco ACE Application Control Engine, and firewall inspection are among the techniques discussed in the bulletins.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for April 2009

Security Intelligence Best Practices help organizations secure business applications and processes by identifying, preventing, and adapting to threats. DNS Best Practices, Network Protections, and Attack Identification (MS09-013: CVE-2009-0089) will provide operators and administrators with knowledge about the Domain Name System (DNS) and its role and operations, along with implementation flaws in the protocol and best practices, network protections, and attack identification techniques that can be used to secure it. Cisco Applied Mitigation Bulletin: Understanding Cross-Site Scripting (XSS) Threat Vectors (MS09-016: CVE-2009-0237) will provide operators and administrators with knowledge about XSS attack vectors  as well as techniques which can be used to mitigate the effects of XSS attacks.