Cisco Event Response: Microsoft Security Bulletin Release for December 2009

December 8, 2009

Microsoft published its monthly security bulletin release on December 8, 2009. Six bulletins were released that address 12 individual vulnerabilities. Three of the bulletins are rated as Critical, and the remainder are rated as Important.

The three Critical bulletins address vulnerabilities in Microsoft Internet Explorer, Microsoft Windows, and Microsoft Office. These vulnerabilities could allow an attacker to execute arbitrary code. The Important bulletins also address vulnerabilities in Microsoft Office and Microsoft Windows; exploits of these vulnerabilities could result in arbitrary code execution or a denial of service.

 
SIO globe art

spacer graphic
spacer graphic
spacer graphic
Cisco Security
Intelligence Operations

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
 Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS09-069

Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service

 Microsoft Windows Local Security Authority Subsystem Service Resource Exhaustion Denial of Service Vulnerability
CVE-2009-3675
6.8

Microsoft Security Bulletin MS09-070

Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution

 Microsoft Active Directory Federation Services Single Sign-On Spoofing Vulnerability
CVE-2009-2508
3.2
Microsoft Windows Active Directory Federation Services Remote Code Execution Vulnerability
CVE-2009-2509
Cisco IPS Signature 22741/0
Cisco Security MARS
9.0

Microsoft Security Bulletin MS09-071

Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution

Microsoft Windows Internet Authentication Services Memory Corruption Vulnerability
CVE-2009-2505
10.0
Microsoft Windows Internet Authentication Service MS-CHAP Authentication Bypass Vulnerability
CVE-2009-3677
Cisco IPS Signature 22820/0
Cisco IPS Signature 22820/1
Cisco IPS Signature 22820/2
Cisco IPS Signature 22820/3
Cisco Security MARS
5.0

Microsoft Security Bulletin MS09-072

Cumulative Security Update for Internet Explorer

 Microsoft Visual Studio Active Template Library OleLoadFromStream Remote Object Instantiation Vulnerability
CVE-2009-2493
Cisco IPS Signature 20059/0
Cisco IPS Signature 20059/1
Cisco IPS Signature 20059/2
Cisco Security MARS
9.3
Microsoft Internet Explorer Uninitialized Memory Access Arbitrary Code Execution Vulnerability
CVE-2009-3671
Cisco IPS Signature 22665/0
Cisco Security MARS
9.3
Microsoft Internet Explorer Cascading Style Sheets Remote Code Execution Vulnerability
CVE-2009-3672
Cisco IPS Signature 22740/0
Cisco Security MARS
9.3
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
CVE-2009-3673
9.3
Microsoft Internet Explorer Uninitialized Object Access Memory Corruption Vulnerability
CVE-2009-3674
Cisco IPS Signature 22759/0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS09-073

Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution

Microsoft Windows Wordpad and Office Text Conversion Memory Corruption Vulnerability
CVE-2009-2506
Cisco IPS Signature 22666/0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS09-074

Vulnerability in Microsoft Office Project Could Allow Remote Code Execution

Microsoft Office Project Memory Validation Arbitrary Code Execution Vulnerability
CVE-2009-0102
Cisco IPS Signature 22659/0
Cisco Security MARS
9.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco Intrusion Prevention System (IPS) signatures and Cisco Security Monitoring, Analysis, and Response System Incidents are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for December 2009

Impact on Cisco Products

Impact Assessment of December 2009 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.

Related Links

Cisco ACE 4710 Application Control Engine
Cisco ASA 5500 Adaptive Security Appliances
Cisco Firewall Solutions
Cisco Intrusion Prevention System
Cisco IOS IPS
Cisco IOS NetFlow
Cisco IronPort Email and Web Security Appliances
Cisco NAC Appliance
Cisco Services for IPS
Cisco Security Agent
Cisco Security IntelliShield Alert Manager Service
Cisco Security Monitoring, Analysis, and Response System

Cisco IPS 6.x Signature Downloads
Cisco IPS Signature Search Page
Cisco Applied Mitigation Bulletins


Return to Cisco Security Intelligence Operations