Cisco Event Response: Microsoft Security Bulletin Release for August 2010

August 10, 2010

Microsoft published its monthly security bulletin release on August 10, 2010. Fourteen security bulletins were released that addressed 34 individual vulnerabilities. The bulletins address vulnerabilities in Microsoft Office and Windows products, the Microsoft .NET Framework, and Microsoft Silverlight. Exploitation of the vulnerabilities could allow attackers to execute arbitrary code on targeted systems or gain elevated privileges.

 


Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS10-047

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege

Microsoft Windows Kernel Thread Creation Validation Privilege Escalation Vulnerability
CVE-2010-1888
6.8
Microsoft Windows Kernel Double Free Memory Error Privilege Escalation Vulnerability
CVE-2010-1889
6.8
Microsoft Windows Kernel Access Control List Validation Denial of Service Vulnerability
CVE-2010-1890
4.6

Microsoft Security Bulletin MS10-048

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

Microsoft Windows Kernel Win32k Driver System Call Processing Denial of Service Vulnerability
CVE-2010-1887
4.6
Microsoft Windows Kernel Win32k Driver Exception Handling Privilege Escalation Vulnerability
CVE-2010-1894
6.8
Microsoft Windows Win32k Kernel Driver Pool Overflow Privilege Escalation Vulnerability
CVE-2010-1895
6.8
Microsoft Windows Win32k Kernel Driver Usermode Application Parameter Processing Privilege Escalation Vulnerability
CVE-2010-1896
6.8
Microsoft Windows Win32k Kernel Driver Window Creation Privilege Escalation Vulnerability
CVE-2010-1897
6.8

Microsoft Security Bulletin MS10-049

Vulnerabilities in SChannel could allow Remote Code Execution

Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability
CVE-2010-3555
4.3
Microsoft Windows Secure Channel Certificate Request Handling Arbitrary Code Execution Vulnerability
CVE-2010-2566
9.3

Microsoft Security Bulletin MS10-050

Vulnerability in Movie Maker Could Allow Remote Code Execution

Microsoft Windows Movie Maker Arbitrary Code Execution Vulnerability
CVE-2010-2564
Cisco IPS Signature 28360-0
Cisco Security MARS
Cisco ASA/FWSM
Cisco ACE
9.3

Microsoft Security Bulletin MS10-051

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution

Microsoft Windows XML Core Services Response Handling Arbitrary Code Execution Vulnerability
CVE-2010-2561
Cisco IPS Signatures 28481-0, 28481-1, 28481-2, and 28481-3
Cisco Security MARS
Cisco ASA/FWSM
Cisco ACE
9.3

Microsoft Security Bulletin MS10-052

Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution

Microsoft Windows MP3 Audio Codec Buffer Overflow Vulnerability
CVE-2010-1882
Cisco IPS Signature 28361-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS10-053

Cumulative Security Update for Internet Explorer

Microsoft Internet Explorer Event Handler Cross-Domain Information Disclosure Vulnerability
CVE-2010-1258
4.3
Microsoft Internet Explorer Uninitialized Object Memory Corruption Vulnerability
CVE-2010-2556
9.3
Microsoft Internet Explorer Uninitialized Object Memory Corruption Vulnerability
CVE-2010-2557
Cisco IPS Signature 028485-0
Cisco Security MARS
9.3
Microsoft Internet Explorer Race Condition Memory Corruption Vulnerability
CVE-2010-2558
7.6
Microsoft Internet Explorer Uninitialized Object Memory Corruption Vulnerability
CVE-2010-2559
Cisco IPS Signature 28486-0
Cisco Security MARS
9.3
Microsoft Internet Explorer HTML Layout Memory Corruption Vulnerability
CVE-2010-2560
Cisco IPS Signature 28141-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS10-054

Vulnerabilities in SMB Server Could Allow Remote Code Execution

Microsoft Windows SMB Packet Processing Pool Overflow Remote Code Execution Vulnerability
CVE-2010-2550
Cisco IPS Signature 28099-0
Cisco Security MARS
Cisco ASA/FWSM
Cisco IOS NetFlow
Cisco IOS tACL
10.0
Microsoft Windows SMB Variable Processing Denial of Service Vulnerability
CVE-2010-2551
Cisco IPS Signature 28179-0
Cisco Security MARS
Cisco ASA/FWSM
Cisco IOS NetFlow
Cisco IOS tACL
7.8
Microsoft Windows Server Message Block Version 2 Packet Processing Stack Exhaustion Denial of Service Vulnerability
CVE-2010-2552
Cisco IPS Signature 28439-0
Cisco Security MARS
Cisco ASA/FWSM
Cisco IOS NetFlow
Cisco IOS tACL
7.8

Microsoft Security Bulletin MS10-055

Vulnerability in Cinepak Codec Could Allow Remote Code Execution

Microsoft Windows Cinepak Codec Media Decompression Arbitrary Code Execution Vulnerability
CVE-2010-2553
Cisco IPS Signature 28601-0
Cisco Security MARS
Cisco ASA/FWSM
Cisco ACE
9.3

Microsoft Security Bulletin MS10-056

Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution

Microsoft Office Word Record Parsing Arbitrary Code Execution Vulnerability
CVE-2010-1900
Cisco IPS Signature 28159-0
Cisco Security MARS
9.3
Microsoft Office Word Rich Text Processing Arbitrary Code Execution Vulnerability
CVE-2010-1901
Cisco IPS Signature 28201-0
Cisco Security MARS
9.3
Microsoft Office Word Rich Text Format Validation Buffer Overflow Vulnerability
CVE-2010-1902
Cisco IPS Signature 28199-0
Cisco Security MARS
9.3
Microsoft Office Word HTML Object Validation Memory Corruption Vulnerability
CVE-2010-1903
Cisco IPS Signature 28300-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS10-057

Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution

Microsoft Excel Document Processing Memory Corruption Arbitrary Code Execution Vulnerability
CVE-2010-2562
Cisco IPS Signature 28359-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS10-058

Vulnerabilities in TCP/IP Could Cause Elevation of Privilege

Microsoft Windows IPv6 Network Message Processing Denial of Service Vulnerability
CVE-2010-1892
6.1
Microsoft Windows TCP/IP Integer Overflow Privilege Escalation Vulnerability
CVE-2010-1893
6.8

Microsoft Security Bulletin MS10-059

Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege

Microsoft Windows Tracing Feature for Services Registry Key Access Control Lists Privilege Escalation Vulnerability
CVE-2010-2554
6.8
Microsoft Windows Tracing Feature for Services Memory Corruption Privilege Escalation
CVE-2010-2555
6.8

Microsoft Security Bulletin MS10-060

Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution

Microsoft Silverlight Pointer Handling Memory Corruption Vulnerability
CVE-2010-0019
Cisco IPS Signature 28299-0
Cisco Security MARS
Cisco ASA/FWSM
Cisco ACE
9.3
Microsoft .NET Framework and Silverlight Arbitrary Code Execution Vulnerability
CVE-2010-1898
Cisco IPS Signature 28499-0
Cisco Security MARS
Cisco ASA/FWSM
Cisco ACE
9.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, Cisco Security Agent endpoint protection, Cisco Security Monitoring, Analysis, and Response System Incidents, Cisco ACE Application Control Engine, and firewall inspection, normalization, and access control lists are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for August 2010

Impact on Cisco Products

Impact Assessment of August 2010 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.