Cisco Event Response: Microsoft Security Bulletin for February 2008

February 12, 2008

Microsoft released the February Security Update on February 12, 2008. 11 bulletins were released that address 17 individual vulnerabilities. Of these 11 bulletins, Microsoft rated six as Critical and five as Important. The Critical vulnerabilities, which may allow an attacker to execute arbitrary code, gain increased privileges, or otherwise seriously compromise an affected system, were disclosed in Microsoft Office, Microsoft Publisher, Microsoft Word, Internet Explorer, OLE Automation, the WebDAV Mini-Redirector, and Internet Information Services (IIS). Microsoft also disclosed Important vulnerabilities in Microsoft Works, Active Directory, Windows DHCP, and Internet Information Services (IIS).

Cisco Applied Mitigation Bulletin

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. When applicable, Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, and firewall inspection are among the techniques discussed in the bulletins.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin for February 2008

Cisco Security IntelliShield Alert Manager and Cisco IPS

The following table identifies Cisco Security IntelliShield Alert Manager alerts and Cisco IPS signatures associated with this Microsoft update:

Microsoft Security Bulletin	Affected Product	Cisco IntelliShield Alert	CVE ID	Cisco IPS Signature	CVSS Base Score
Microsoft Security Bulletin MS08-003 Vulnerability in Active Directory Could Allow Denial of Service	Microsoft Active Directory Microsoft ADAM	Microsoft Windows Active Directory Improper LDAP Request Validation Denial of Service Vulnerability	CVE-2008-0088	–	7.8
Microsoft Security Bulletin MS08-004 Vulnerability in Windows TCP/IP Could Allow Denial of Service	Microsoft Windows Vista	Microsoft Windows Vista DHCP Request Processing Denial of Service Vulnerability	CVE-2008-0084	6257-0	6.1
Microsoft Security Bulletin MS08-005 Vulnerability in Internet Information Services Could Allow Elevation of Privilege	Microsoft Internet Information Services	Microsoft Internet Information Services Privilege Escalation Vulnerability	CVE-2008-0074	–	8.5
Microsoft Security Bulletin MS08-006 Vulnerability in Internet Information Services Could Allow Remote Code Execution	Microsoft Internet Information Services	Microsoft Internet Information Services Application Service Provider HTMLEncode Vulnerability	CVE-2008-0075	–	6.8
Microsoft Security Bulletin MS08-007 Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution	Microsoft Windows XP Professional Microsoft Windows Server Microsoft Windows Vista	Microsoft WebDAV Mini-Redirector Heap Overflow Vulnerability	CVE-2008-0080	6771-0	9.3
Microsoft Security Bulletin MS08-008 Vulnerability in OLE Automation Could Allow Remote Code Execution	Microsoft Windows Microsoft Windows XP Professional Microsoft Windows Server Microsoft Windows Vista Microsoft Office for Mac Microsoft Visual Basic	Microsoft Object Linking and Embedding Automation Heap Overrun Vulnerability	CVE-2007-0065	6777-0 6777-1 6777-2	9.3
Microsoft Security Bulletin MS08-009 Vulnerability in Microsoft Word Could Allow Remote Code Execution	Microsoft Word Microsoft Office Word Viewer	Microsoft Word Memory Corruption Vulnerability	CVE-2008-0109	6923-0 6923-1 6777-2	9.3
Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explore	Microsoft Internet Explorer	Microsoft Visual FoxPro ActiveX Control Buffer Overflow Vulnerability	CVE-2007-4790	6249-0	9.3
		Microsoft Internet Explorer HTML Rendering Memory Corruption Vulnerability	CVE-2008-0076	6258-0	9.3
		Microsoft Internet Explorer Property Method Memory Corruption Vulnerability	CVE-2008-0077	6925-0 6925-1 6925-2 6925-3	9.3
		Microsoft Internet Explorer dxtmsft.dll Argument Handling Vulnerability	CVE-2008-0078	6780-0 6780-1 6780-2	9.3
Microsoft Security Bulletin MS08-011 Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution	Microsoft Works File Converter	Microsoft Works File Converter Section Length Header Code Execution Vulnerability	CVE-2007-0216	6776-0	9.3
		Microsoft Works File Converter Header Index Table Code Execution Vulnerability	CVE-2008-0105	6778-0	9.3
		Microsoft Office Works File Converter Field Length Memory Corruption Vulnerability	CVE-2008-0108	6775-0	9.3
Microsoft Security Bulletin MS08-012 Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution	Microsoft Office Publisher	Microsoft Office Publisher Invalid Memory Reference Code Execution Vulnerability	CVE-2008-0102	6527-0	9.3
	Microsoft Office Publisher	Microsoft Office Publisher Index Value Code Execution Vulnerability	CVE-2008-0104	6924-0	9.3
Microsoft Security Bulletin MS08-013 Vulnerability in Microsoft Office Could Allow Remote Code Execution	Microsoft Office Microsoft Office for Mac	Microsoft Office File Type Memory Management Vulnerability	CVE-2008-0103	–	9.3

Return to Cisco Security Center