Cisco Event Response: Microsoft Security Bulletin Release for August 2007

August 14, 2007

Microsoft released the August Security Update on August 14, 2007. Nine bulletins were released that address 14 individual vulnerabilities. Microsoft rated six bulletins as Critical. These bulletins address vulnerabilities in XML Core Services, OLE Automation, Excel, Internet Explorer, GDI, and the Vector Markup Language. Each of these vulnerabilities could allow a remote attacker to execute arbitrary code, but each exploit also requires some form of user interaction. Microsoft also released three Important bulletins to correct vulnerabilities in Windows Gadgets, Windows Media Player, Virtual PC, and Virtual Server that may also allow for code execution. Although the Windows Media Player vulnerabilities were rated Important, they also allow for remote code execution with user interaction. The vulnerabilities in Windows Gadgets only affect Windows Vista systems; therefore, controls in the operating system may mitigate the impact of exploit attempts. The Virtual PC and Virtual Server vulnerabilities could allow a local attacker to gain elevated privileges.

Cisco Applied Mitigation Bulletin

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. When applicable, Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Control Plane Policing, and firewall rules are among the techniques discussed in the bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin for August 2007

Cisco Security IntelliShield Alert Manager and Cisco IPS

The following table identifies Cisco Security IntelliShield Alert Manager alerts and Cisco IPS signatures associated with this Microsoft update:

Microsoft Security Bulletin	Affected Product	Cisco IntelliShield Alert	CVE Name	Cisco IPS Signature	CVSS Base Score
Microsoft Security Bulletin MS07-042 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution	Microsoft XML Core Services Microsoft Office Microsoft 2007 Office System Microsoft Office Groove Server Microsoft Office SharePoint Server	Microsoft XML Core Services Memory Corruption Vulnerability	CVE-2007-2223	–	9.3
Microsoft Security Bulletin MS07-043 Vulnerability in OLE Automation Could Allow Remote Code Execution	Microsoft Windows Microsoft Windows Server Microsoft Office 2004 for Mac Microsoft Visual Basic	Microsoft OLE Automation Memory Corruption Vulnerability	CVE-2007-2224	–	9.3
Microsoft Security Bulletin MS07-044 Vulnerability in Microsoft Excel Could Allow Remote Code Execution	Microsoft Excel Viewer Microsoft Office	Microsoft Excel Worksheet Memory Corruption Vulnerability	CVE-2007-3890	–	9.3
Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer	Microsoft Internet Explorer	Microsoft Internet Explorer Cascading Style Sheets String Parsing Memory Corruption Vulnerability	CVE-2007-0943	–	9.3
		Microsoft Internet Explorer Visual Basic ActiveX Control Memory Corruption Vulnerability	CVE-2007-2216	5888/0	9.3
		Microsoft Internet Explorer pdwizard.ocx ActiveX Control Memory Corruption Vulnerability	CVE-2007-3041	5887/0	9.3
Microsoft Security Bulletin MS07-046 Vulnerability in GDI Could Allow Remote Code Execution	Microsoft Windows Microsoft Windows Server	Microsoft Graphics Device Interface Image Handling Vulnerability	CVE-2007-3034	–	9.3
Microsoft Security Bulletin MS07-047 Vulnerabilities in Windows Media Player Could Allow Remote Code Execution	Microsoft Windows Media Player	Microsoft Windows Media Player Skin File Decompression Code Execution Vulnerability	CVE-2007-3035	–	9.3
	Microsoft Windows Media Player	Microsoft Windows Media Player WMZ Parsing Code Execution Vulnerability	CVE-2007-3037	–	9.3
Microsoft Security Bulletin MS07-048 Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution	Microsoft Windows Vista	Microsoft Windows Vista Contacts Gadget Code Execution Vulnerability	CVE-2007-3032	–	5.1
		Microsoft Windows Vista Feed Headlines Gadget Code Execution Vulnerability	CVE-2007-3033	5683/0 5683/1 5683/2	6.8
		Microsoft Windows Vista Weather Gadget HTML Attribute Parsing Vulnerability	CVE-2007-3891	–	5.1
Microsoft Security Bulletin MS07-049 Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege	Microsoft Virtual PC Microsoft Virtual Server	Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability	CVE-2007-0948	–	6.8
Microsoft Security Bulletin MS07-050 Vulnerability in Vector Markup Language Could Allow Remote Code Execution	Microsoft Internet Explorer	Microsoft Windows Vector Markup Language Validation Vulnerability	CVE-2007-1749	–	9.3

Return to Cisco Security Center