Cisco Event Response: Microsoft Security Bulletin Release for April 2010

April 13, 2010

Microsoft published its monthly security bulletin release on April 13, 2010. Eleven bulletins were released, covering a total of twenty-five individual vulnerabilities for Microsoft Windows products as well as Microsoft Office Visio and Publisher. The vulnerabilities could allow attackers to cause a denial of service, view sensitive information, or execute arbitrary code on a system.

Cisco Security
Intelligence Operations

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin	Cisco IntelliShield Alert	CVE ID	Cisco Mitigations	CVSS Base Score
Microsoft Security Bulletin MS10-019 Vulnerabilities in Windows Could Allow Remote Code Execution	Microsoft Windows Authenticode Signature Verification Arbitrary Code Execution Vulnerability	CVE-2010-0486	–	9.3
	Microsoft Windows Cabinet Archive Signature Validation Arbitrary Code Execution Vulnerability	CVE-2010-0487	–	9.3
Microsoft Security Bulletin MS10-020 Vulnerabilities in SMB Client Could Allow Remote Code Execution	Microsoft Windows SMB Client Remote Denial of Service Vulnerability	CVE-2009-3676	Cisco IPS Signature 22339-0 Cisco Security MARS Cisco ASA/FWSM Cisco IOS Netflow Cisco IOS tACL	7.1
	Microsoft Windows SMB Client Memory Allocation Code Execution Vulnerability	CVE-2010-0269	Cisco IPS Signature 25460-0 Cisco Security MARS Cisco ASA/FWSM Cisco IOS Netflow Cisco IOS tACL	9.3
	Microsoft Windows SMB Client Transaction Processing Arbitrary Code Execution Vulnerability	CVE-2010-0270	Cisco IPS Signature 25320-0 Cisco Security MARS Cisco ASA/FWSM Cisco IOS Netflow Cisco IOS tACL	9.3
	Microsoft Windows SMB Client Request Response Processing Arbitrary Code Execution Vulnerability	CVE-2010-0476	Cisco IPS Signature 25320-1 Cisco Security MARS Cisco ASA/FWSM Cisco IOS Netflow Cisco IOS tACL	9.3
	Microsoft Windows SMB Client Message Size Processing Arbitrary Code Execution Vulnerability	CVE-2010-0477	Cisco IPS Signature 25439-0 Cisco Security MARS Cisco ASA/FWSM Cisco IOS Netflow Cisco IOS tACL	9.3
Microsoft Security Bulletin MS10-021 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege	Microsoft Windows Kernel Null Pointer Dereference Denial of Service Vulnerability	CVE-2010-0234	–	4.6
	Microsoft Windows Kernel Symbolic Link Value Processing Denial of Service Vulnerability	CVE-2010-0235	–	4.6
	Microsoft Windows Kernel Symbolic Link Extraction Arbitrary Code Execution Vulnerability	CVE-2010-0236	–	6.8
	Microsoft Windows Kernel Symbolic Link Creation Privilege Escalation Vulnerability	CVE-2010-0237	–	6.8
	Microsoft Windows Kernel Registry Key Validation Denial of Service Vulnerability	CVE-2010-0238	–	4.6
	Microsoft Windows Kernel Virtual Registry Key Path Parsing Denial of Service Vulnerability	CVE-2010-0481	–	4.6
	Microsoft Windows Kernel Image File Processing Denial of Service Vulnerability	CVE-2010-0482	–	4.6
	Microsoft Windows Kernel Exception Handler Denial of Service Vulnerability	CVE-2010-0810	–	4.6
Microsoft Security Bulletin MS10-022 Vulnerability in VBScript Could Allow Remote Code Execution	Microsoft VBScript Unsafe Help File Handling Arbitrary Code Execution Vulnerability	CVE-2010-0483	Cisco IPS Signature 24539-0 Cisco Security MARS	7.6
Microsoft Security Bulletin MS10-023 Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution	Microsoft Office Publisher File Conversion TextBox Buffer Overflow Vulnerability	CVE-2010-0479	Cisco IPS Signature 25300-0 Cisco Security MARS	9.3
Microsoft Security Bulletin MS10-024 Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service	Microsoft SMTP Server Malformed MX DNS Record Denial of Service Vulnerability	CVE-2010-0024	Cisco IPS Signature 25359-0 Cisco Security MARS	5.0
	Microsoft Windows SMTP Service STARTTLS Information Disclosure Vulnerability	CVE-2010-0025	Cisco ASA/FWSM	5.0
Microsoft Security Bulletin MS10-025 Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution	Microsoft Windows Media Services Stack-Based Buffer Overflow Vulnerability	CVE-2010-0478	Cisco IPS Signature 25339-0 Cisco Security MARS Cisco ASA/FWSM Cisco IOS Netflow Cisco IOS tACL	10.0
Microsoft Security Bulletin MS10-026 Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution	Microsoft Windows MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability	CVE-2010-0480	Cisco IPS Signature 25280-0 Cisco Security MARS	9.3
Microsoft Security Bulletin MS10-027 Vulnerability in Windows Media Player Could Allow Remote Code Execution	Microsoft Windows Media Player ActiveX Control Media Processing Code Execution Vulnerability	CVE-2010-0268	Cisco IPS Signature 25459-0 Cisco Security MARS	9.3
Microsoft Security Bulletin MS10-028 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution	Microsoft Office Visio Attribute Validation Arbitrary Code Execution Vulnerability	CVE-2010-0254	Cisco IPS Signature 25321-0 Cisco Security MARS	9.3
	Microsoft Office Visio Index Calculation Arbitrary Code Execution Vulnerability	CVE-2010-0256	Cisco IPS Signature 25399-0 Cisco Security MARS	9.3
Microsoft Security Bulletin MS10-029 Vulnerabilities in Windows ISATAP Component Could Allow Spoofing	Microsoft Windows ISATAP IPv6 Host Address Mismatch Spoofing Vulnerability	CVE-2010-0812	Cisco ASA/FWSM Cisco IOS Netflow Cisco IOS tACL	4.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, Cisco Security Monitoring, Analysis, and Response System Incidents, and firewall inspection, normalization, and access control lists are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for April 2010

Impact on Cisco Products

Impact Assessment of April 2010 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.