Cisco Event Response: Microsoft Security Bulletin Release for August 2009

August 11, 2009

Microsoft published its monthly security bulletin release on August 11, 2009. Nine bulletins were released that address nineteen individual vulnerabilities. Five of the bulletins are rated as Critical, and the remainder are rated as Important.

Three Critical bulletins address vulnerabilities in Microsoft Windows that could allow attacker to execute arbitrary code. One Critical bulletin addresses a vulnerability in Microsoft Office Web Components, and one Critical bulletin addresses vulnerabilities in the Microsoft Remote Desktop Connection Client. An attacker must rely on user interaction to accomplish an exploit of these vulnerabilities. Three Important bulletins for Microsoft Windows also correct vulnerabilities that could allow attackers to execute arbitrary code or elevate privileges. The remaining Important bulletin corrects a denial of service vulnerability in the Microsoft .NET Framework.

Four previously reported vulnerabilities, CVE-2009-0901 (MS09-037), CVE-2008-0020 (MS09-037), CVE-2009-1136 (MS09-043), and CVE-2008-0015 (MS09-037), were addressed by Microsoft as part of this release. Current reports indicate active and ongoing exploitation of two of these vulnerabilities (CVE-2008-0015 and CVE-2009-1136).

 


Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS09-036

Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service

Microsoft .NET Framework HTTP Request Processing Denial of Service Vulnerability
CVE-2009-1536
Cisco IPS Signature 20150-0
Cisco Security MARS  
5.0

Microsoft Security Bulletin MS09-037

Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution

Microsoft Windows Video msvidctl ActiveX Control Code Execution Vulnerability
CVE-2008-0015
Cisco IPS Signature 19339/0–/9
Cisco Security Agent
Cisco Security MARS
Cisco ASA/PIX/FWSM
Cisco ACE
9.3
Microsoft Windows Active Template Header Memcopy Code Execution Vulnerability
CVE-2008-0020
Cisco ASA/PIX/FWSM
Cisco ACE
9.3
Microsoft Visual Studio Active Template Library Uninitialized Object Vulnerability
CVE-2009-0901
Cisco ASA/PIX/FWSM
Cisco ACE
9.3
Microsoft Visual Studio Active Template Library OleLoadFromStream Remote Object Instantiation Vulnerability
CVE-2009-2493
Cisco IPS Signature 20059/0
Cisco Security MARS
Cisco ASA/PIX/FWSM
Cisco ACE
9.3
Microsoft Windows Active Template Library Object Type Mismatch Code Execution Vulnerability
CVE-2009-2494
Cisco ASA/PIX/FWSM
Cisco ACE
9.3

Microsoft Security Bulletin MS09-038

Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution

Microsoft Windows AVI Movie Processing Arbitrary Code Execution Vulnerability
CVE-2009-1545
Cisco IPS Signature 20182/0
Cisco Security MARS
9.3
Microsoft Windows AVI Movie Processing Integer Overflow Vulnerability
CVE-2009-1546
Cisco IPS Signature 20183/0
Cisco IPS Signature 20183/1
9.3

Microsoft Security Bulletin MS09-039

Vulnerabilities in WINS Could Allow Remote Code Execution

Microsoft Windows WINS Server Heap Overflow Vulnerability
CVE-2009-1923
Cisco IPS Signature 20179/0
Cisco Security MARS
Cisco ASA/PIX/FWSM
Cisco IOS Netflow
Cisco IOS tACL
9.3
Microsoft Windows WINS Server Integer Overflow Vulnerability
CVE-2009-1924
Cisco IPS Signature 20181/0
Cisco Security MARS
Cisco ASA/PIX/FWSM
Cisco IOS Netflow
Cisco IOS tACL
9.3

Microsoft Security Bulletin MS09-040

Vulnerability in Message Queuing Could Allow Elevation of Privilege

Microsoft Windows Message Queuing Service Privilege Escalation Vulnerability
CVE-2009-1922
6.8

Microsoft Security Bulletin MS09-041

Vulnerability in Workstation Service Could Allow Elevation of Privilege

Microsoft Windows Workstation Service Privilege Escalation Vulnerability
CVE-2009-1544

Cisco IPS Signature 20220/0
Cisco Security MARS
Cisco ASA/PIX/FWSM
Cisco IOS Netflow
Cisco IOS tACL
6.8

Microsoft Security Bulletin MS09-042

Vulnerability in Telnet Could Allow Remote Code Execution

Microsoft Windows Telnet Credential Reflection Code Execution Vulnerability
CVE-2009-1930
Cisco ASA/PIX/FWSM
Cisco IOS Netflow
Cisco IOS tACL
9.3

Microsoft Security Bulletin MS09-043

Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution

Microsoft Office Web Components Memory Allocation Vulnerability
CVE-2009-0562
Cisco IPS Signature 20148/0
Cisco Security MARS
Cisco ASA/PIX/FWSM
Cisco ACE
9.3
Microsoft Office Web Components ActiveX Control Arbitrary Code Execution Vulnerability
CVE-2009-1136
Cisco IPS Signature 20143/0
Cisco Security MARS
Cisco ASA/PIX/FWSM
Cisco ACE
9.3
Microsoft Office Web Components Buffer Overflow Vulnerability
CVE-2009-1534
Cisco IPS Signature 20145/0
Cisco Security MARS
Cisco ASA/PIX/FWSM
Cisco ACE
9.3
Microsoft Office Web Components Heap Corruption Vulnerability
CVE-2009-2496
Cisco IPS Signature 20141/0
Cisco Security MARS
Cisco ASA/PIX/FWSM
Cisco ACE
9.3

Microsoft Security Bulletin MS09-044

Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution

Microsoft Windows Remote Desktop Connection Arbitrary Code Execution Vulnerability
CVE-2009-1133
Cisco IPS Signature 20119/0
Cisco Security MARS
Cisco ASA/PIX/FWSM
Cisco IOS Netflow
Cisco IOS tACL
9.3
Microsoft Windows Remote Desktop Connection ActiveX Control Heap Overflow Vulnerability
CVE-2009-1929

Cisco IPS Signature 20120/0
Cisco Security MARS
Cisco ASA/PIX/FWSM
Cisco ACE

9.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, Cisco Security Monitoring, Analysis, and Response System Incidents, Cisco ACE Application Control Engine, and firewall inspection are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for August 2009

Impact on Cisco Products

Impact Assessment of August 2009 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.