Cisco Event Response: Microsoft Security Bulletin for December 2007

December 11, 2007

Microsoft released the December Security Update on December 11, 2007. Seven bulletins were released that address eleven individual vulnerabilities. Microsoft rated three bulletins, which address Microsoft Windows DirectX, Microsoft Windows Media Format Runtime, and Internet Explorer, as Critical. These vulnerabilities could allow a remote attacker to execute arbitrary code, but an exploit requires some form of user interaction. Additionally, Microsoft released four Important bulletins to correct vulnerabilities in Microsoft Windows that may allow attackers to cause a denial of service or gain elevated privileges.

Cisco Applied Mitigation Bulletin

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. When applicable, Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, and firewall inspection are among the techniques discussed in the bulletins.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin for December 2007

Cisco Security IntelliShield Alert Manager and Cisco IPS

The following table identifies Cisco Security IntelliShield Alert Manager alerts and Cisco IPS signatures associated with this Microsoft update:

Microsoft Security Bulletin	Affected Product	Cisco IntelliShield Alert	CVE ID	Cisco IPS Signature	CVSS Base Score
Microsoft Security Bulletin MS07-063 Vulnerability in SMBv2 Could Allow Remote Code Execution	Microsoft Windows Vista	Microsoft Windows Vista SMB Signing Arbitrary Code Execution Vulnerability	CVE-2007-5351	–	6.8
Microsoft Security Bulletin MS07-064 Vulnerabilities in DirectX Could Allow Remote Code Execution	Microsoft DirectX	Microsoft DirectShow WAV and AVI File Remote Code Execution Vulnerability	CVE-2007-3895	6406/0	7.6
	Microsoft DirectX	Microsoft DirectShow SAMI File Remote Code Execution Vulnerability	CVE-2007-3901	6017/0 6017/1 6017/2	7.6
Microsoft Security Bulletin MS07-065 Vulnerability in Message Queuing Could Allow Remote Code Execution	Microsoft Windows Microsoft Windows XP	Microsoft Message Queuing Service Remote Code Execution Vulnerability	CVE-2007-3039	6030/0	9.3
Microsoft Security Bulletin MS07-066 Vulnerability in Windows Kernel Could Allow Elevation of Privilege	Microsoft Windows Vista	Microsoft Windows Vista Kernel Privilege Escalation Vulnerability	CVE-2007-5350	–	6.8
Microsoft Security Bulletin MS07-067 Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege	Microsoft Windows XP Professional Microsoft Windows Server	Macrovision SafeDisc secdrv.sys Local Privilege Escalation Vulnerability	CVE-2007-5587	–	6.8
Microsoft Security Bulletin MS07-068 Vulnerability in Windows Media File Format Could Allow Remote Code Execution	Microsoft Windows Media Format Runtime Microsoft Windows Media Services	Microsoft Windows MediaFormat Runtime and Media ServicesASF File Code Execution Vulnerability	CVE-2007-0064	6069/0 6069/1 6069/2 6069/3 6069/4 6069/5 6069/6 6069/7 6069/8	9.3
Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer	Microsoft Internet Explorer	Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability	CVE-2007-3902	6403/0 6403/1	9.3
		Microsoft Internet Explorer Unsafe Memory Operation Vulnerability	CVE-2007-3903	6410/0 6410/1 6410/2	9.3
		Microsoft Internet Explorer Invalid Memory Object Memory Corruption Vulnerability	CVE-2007-5344	6409/0 6409/1 6409/2	9.3
		Microsoft Internet Explorer Dynamic HTML Element Processing Memory Corruption Vulnerability	CVE-2007-5347	6408/0 6408/1	9.3

Return to Cisco Security Center