Cisco Event Response: Microsoft Security Bulletin Release for February 2010

February 9, 2010

Microsoft published its monthly security bulletin release on February 9, 2010. Thirteen bulletins were released that address 26 individual vulnerabilities. Five of the bulletins are rated as Critical, seven are rated as Important, and one is rated Moderate.

The five Critical bulletins address vulnerabilities in Microsoft Windows. These vulnerabilities could allow an attacker to execute arbitrary code. The Important bulletins address vulnerabilities in Microsoft Office and Windows that could result in arbitrary code execution, privilege elevation, or a denial of service.  The Moderate bulletin addresses a vulnerability in Microsoft Windows that could result in arbitrary code execution.


 

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS10-003

Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution

Microsoft Office mso.dll Buffer Overflow Arbitrary Code Execution Vulnerability
CVE-2010-0243
9.3

Microsoft Security Bulletin MS10-004

Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution

Microsoft Office PowerPoint File Path Processing Buffer Overflow Vulnerability
CVE-2010-0029
9.3
Microsoft Office PowerPoint LinkedSlideAtom Parameter Processing Vulnerability
CVE-2010-0030
Cisco IPS Signature 23839-0
9.3
Microsoft Office PowerPoint Array Indexing Arbitrary Code Execution Vulnerability
CVE-2010-0031
Cisco IPS Signature 23959-0
9.3
Microsoft Office PowerPoint Use-After-Free Memory Corruption Vulnerability
CVE-2010-0032
Cisco IPS Signature 23979-0
9.3
Microsoft Office PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability
CVE-2010-0033
Cisco IPS Signature 23899-0
 
Microsoft Office PowerPoint Viewer TextCharsAtom Record Processing Stack Overflow Vulnerability
CVE-2010-0034
Cisco IPS Signature 23919-0
9.3

Microsoft Security Bulletin MS10-005

Vulnerability in Microsoft Paint Could Allow Remote Code Execution

Microsoft Windows Paint Arbitrary Code Execution Vulnerability
CVE-2010-0028
Cisco IPS Signature 23940-0
9.3

Microsoft Security Bulletin MS10-006

Vulnerabilities in SMB Client Could Allow Remote Code Execution

Microsoft Windows SMB Client Memory Corruption Arbitrary Code Execution Vulnerability
CVE-2010-0016
Cisco IPS Signature 23819-0
Cisco ASA/PIX/FWSM
Cisco IOS Netflow
Cisco IOS tACL
9.3
Microsoft Windows SMB Client Negotiate Response Processing Arbitrary Code Execution Vulnerability
CVE-2010-0017
Cisco IPS Signature 23820-0
Cisco ASA/PIX/FWSM
Cisco IOS Netflow
Cisco IOS tACL
9.3

Microsoft Security Bulletin MS10-007

Vulnerability in Windows Shell Handler Could Allow Remote Code Execution

Microsoft Internet Explorer URL Processing Arbitrary Code Execution Vulnerability
CVE-2010-0027
Cisco IPS Signature 23800-0
9.3

Microsoft Security Bulletin MS10-008

Cumulative Security Update of ActiveX Kill Bits

Microsoft Windows Data Analyzer ActiveX Control Arbitrary Code Execution Vulnerability
CVE-2010-0252
Cisco IPS Signature 23939-0
Cisco ASA/PIX/FWSM
Cisco ACE
9.3

Microsoft Security Bulletin MS10-009

Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution

Microsoft Windows ICMPv6 Router Advertisement Packet Processing Arbitrary Code Execution Vulnerability
CVE-2010-0239
Cisco IPS Signature 1603-0
Cisco ASA/PIX/FWSM
Cisco IOS Netflow
Cisco IOS tACL
8.3
Microsoft Windows TCP/IP Packet MDL Header Fragmentation Arbitrary Code Execution Vulnerability
CVE-2010-0240
Cisco ASA/PIX/FWSM
Cisco IOS Netflow
Cisco IOS tACL
7.6
Microsoft Windows ICMPv6 Route Information Processing Arbitrary Code Execution Vulnerability
CVE-2010-0241
Cisco ASA/PIX/FWSM
Cisco IOS Netflow
Cisco IOS tACL
8.3
Microsoft Windows TCP and IP Selective Acknowledgement Packet Processing Denial of Service Vulnerability
CVE-2010-0242
Cisco ASA/PIX/FWSM
7.8

Microsoft Security Bulletin MS10-010

Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service

Microsoft Windows Hyper-V Instruction Set Processing Denial of Service Vulnerability
CVE-2010-0026
4.6

Microsoft Security Bulletin MS10-011

Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege

Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability
CVE-2010-0023
6.8

Microsoft Security Bulletin MS10-012

Vulnerabilities in SMB Server Could Allow Remote Code Execution

Microsoft Windows SMB Pathname Processing Arbitrary Code Execution Vulnerability
CVE-2010-0020
Cisco IPS Signature 23999-0
Cisco ASA/PIX/FWSM
Cisco IOS Netflow
Cisco IOS tACL
10.0
Microsoft Windows SMB Negotiate Packet Parsing Denial of Service Vulnerability
CVE-2010-0021
Cisco ASA/PIX/FWSM
Cisco IOS Netflow
Cisco IOS tACL
7.8
Microsoft Windows SMB Null Pointer Denial of Service Vulnerability
CVE-2010-0022
Cisco ASA/PIX/FWSM
Cisco IOS Netflow
Cisco IOS tACL
7.8
Microsoft Windows SMB Service Unauthorized Access Security Bypass Vulnerability
CVE-2010-0231
Cisco ASA/PIX/FWSM
Cisco IOS Netflow
Cisco IOS tACL
7.8

Microsoft Security Bulletin MS10-013

Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution

Microsoft DirectShow Heap Overflow Vulnerability
CVE-2010-0250
9.3

Microsoft Security Bulletin MS10-014

Vulnerability in Kerberos Could Allow Denial of Service

Microsoft Windows Kerberos Null Pointer Dereference Denial of Service Vulnerability
CVE-2010-0035
6.3

Microsoft Security Bulletin MS10-015

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege

Microsoft Windows Kernel Legacy Application Support Privilege Escalation Vulnerability
CVE-2010-0232
6.8
Microsoft Windows Kernel Double Free Privilege Escalation Vulnerability
CVE-2010-0233
6.8

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco IOS access control lists , Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, Cisco Security Agent endpoint protection, Cisco Security Monitoring, Analysis, and Response System Incidents, Cisco ACE Application Control Engine, transit access control lists, and firewall inspection, normalization, and access control lists are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for February 2010

Security Intelligence Best Practices help organizations secure business applications and processes by identifying, preventing, and adapting to threats. Understanding Cross-Site Scripting (XSS) Threat Vectors (MS10-004, MS10-005, MS10-007, MS10-013) will provide operators and administrators with knowledge about one of the most common web application threats, which allows malicious users to manipulate webpages by leveraging carefully constructed strings that influence web browsers to act in an uncharacteristic manner, often time resulting in exploitation..

Impact on Cisco Products

Impact Assessment of February 2010 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.