Cisco Event Response: Microsoft Security Bulletin Release for February 2010

February 9, 2010

Microsoft published its monthly security bulletin release on February 9, 2010. Thirteen bulletins were released that address 26 individual vulnerabilities. Five of the bulletins are rated as Critical, seven are rated as Important, and one is rated Moderate.

The five Critical bulletins address vulnerabilities in Microsoft Windows. These vulnerabilities could allow an attacker to execute arbitrary code. The Important bulletins address vulnerabilities in Microsoft Office and Windows that could result in arbitrary code execution, privilege elevation, or a denial of service. The Moderate bulletin addresses a vulnerability in Microsoft Windows that could result in arbitrary code execution.

Cisco Security
Intelligence Operations

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin	Cisco IntelliShield Alert	CVE ID	Cisco Mitigations	CVSS Base Score
Microsoft Security Bulletin MS10-003 Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution	Microsoft Office mso.dll Buffer Overflow Arbitrary Code Execution Vulnerability	CVE-2010-0243	–	9.3
Microsoft Security Bulletin MS10-004 Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution	Microsoft Office PowerPoint File Path Processing Buffer Overflow Vulnerability	CVE-2010-0029	–	9.3
	Microsoft Office PowerPoint LinkedSlideAtom Parameter Processing Vulnerability	CVE-2010-0030	Cisco IPS Signature 23839-0	9.3
	Microsoft Office PowerPoint Array Indexing Arbitrary Code Execution Vulnerability	CVE-2010-0031	Cisco IPS Signature 23959-0	9.3
	Microsoft Office PowerPoint Use-After-Free Memory Corruption Vulnerability	CVE-2010-0032	Cisco IPS Signature 23979-0	9.3
	Microsoft Office PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability	CVE-2010-0033	Cisco IPS Signature 23899-0
	Microsoft Office PowerPoint Viewer TextCharsAtom Record Processing Stack Overflow Vulnerability	CVE-2010-0034	Cisco IPS Signature 23919-0	9.3
Microsoft Security Bulletin MS10-005 Vulnerability in Microsoft Paint Could Allow Remote Code Execution	Microsoft Windows Paint Arbitrary Code Execution Vulnerability	CVE-2010-0028	Cisco IPS Signature 23940-0	9.3
Microsoft Security Bulletin MS10-006 Vulnerabilities in SMB Client Could Allow Remote Code Execution	Microsoft Windows SMB Client Memory Corruption Arbitrary Code Execution Vulnerability	CVE-2010-0016	Cisco IPS Signature 23819-0 Cisco ASA/PIX/FWSM Cisco IOS Netflow Cisco IOS tACL	9.3
	Microsoft Windows SMB Client Negotiate Response Processing Arbitrary Code Execution Vulnerability	CVE-2010-0017	Cisco IPS Signature 23820-0 Cisco ASA/PIX/FWSM Cisco IOS Netflow Cisco IOS tACL	9.3
Microsoft Security Bulletin MS10-007 Vulnerability in Windows Shell Handler Could Allow Remote Code Execution	Microsoft Internet Explorer URL Processing Arbitrary Code Execution Vulnerability	CVE-2010-0027	Cisco IPS Signature 23800-0	9.3
Microsoft Security Bulletin MS10-008 Cumulative Security Update of ActiveX Kill Bits	Microsoft Windows Data Analyzer ActiveX Control Arbitrary Code Execution Vulnerability	CVE-2010-0252	Cisco IPS Signature 23939-0 Cisco ASA/PIX/FWSM Cisco ACE	9.3
Microsoft Security Bulletin MS10-009 Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution	Microsoft Windows ICMPv6 Router Advertisement Packet Processing Arbitrary Code Execution Vulnerability	CVE-2010-0239	Cisco IPS Signature 1603-0 Cisco ASA/PIX/FWSM Cisco IOS Netflow Cisco IOS tACL	8.3
	Microsoft Windows TCP/IP Packet MDL Header Fragmentation Arbitrary Code Execution Vulnerability	CVE-2010-0240	Cisco ASA/PIX/FWSM Cisco IOS Netflow Cisco IOS tACL	7.6
	Microsoft Windows ICMPv6 Route Information Processing Arbitrary Code Execution Vulnerability	CVE-2010-0241	Cisco ASA/PIX/FWSM Cisco IOS Netflow Cisco IOS tACL	8.3
	Microsoft Windows TCP and IP Selective Acknowledgement Packet Processing Denial of Service Vulnerability	CVE-2010-0242	Cisco ASA/PIX/FWSM	7.8
Microsoft Security Bulletin MS10-010 Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service	Microsoft Windows Hyper-V Instruction Set Processing Denial of Service Vulnerability	CVE-2010-0026	–	4.6
Microsoft Security Bulletin MS10-011 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege	Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability	CVE-2010-0023	–	6.8
Microsoft Security Bulletin MS10-012 Vulnerabilities in SMB Server Could Allow Remote Code Execution	Microsoft Windows SMB Pathname Processing Arbitrary Code Execution Vulnerability	CVE-2010-0020	Cisco IPS Signature 23999-0 Cisco ASA/PIX/FWSM Cisco IOS Netflow Cisco IOS tACL	10.0
	Microsoft Windows SMB Negotiate Packet Parsing Denial of Service Vulnerability	CVE-2010-0021	Cisco ASA/PIX/FWSM Cisco IOS Netflow Cisco IOS tACL	7.8
	Microsoft Windows SMB Null Pointer Denial of Service Vulnerability	CVE-2010-0022	Cisco ASA/PIX/FWSM Cisco IOS Netflow Cisco IOS tACL	7.8
	Microsoft Windows SMB Service Unauthorized Access Security Bypass Vulnerability	CVE-2010-0231	Cisco ASA/PIX/FWSM Cisco IOS Netflow Cisco IOS tACL	7.8
Microsoft Security Bulletin MS10-013 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution	Microsoft DirectShow Heap Overflow Vulnerability	CVE-2010-0250	–	9.3
Microsoft Security Bulletin MS10-014 Vulnerability in Kerberos Could Allow Denial of Service	Microsoft Windows Kerberos Null Pointer Dereference Denial of Service Vulnerability	CVE-2010-0035	–	6.3
Microsoft Security Bulletin MS10-015 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege	Microsoft Windows Kernel Legacy Application Support Privilege Escalation Vulnerability	CVE-2010-0232	–	6.8
	Microsoft Windows Kernel Double Free Privilege Escalation Vulnerability	CVE-2010-0233	–	6.8

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco IOS access control lists , Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, Cisco Security Agent endpoint protection, Cisco Security Monitoring, Analysis, and Response System Incidents, Cisco ACE Application Control Engine, transit access control lists, and firewall inspection, normalization, and access control lists are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for February 2010

Security Intelligence Best Practices help organizations secure business applications and processes by identifying, preventing, and adapting to threats. Understanding Cross-Site Scripting (XSS) Threat Vectors (MS10-004, MS10-005, MS10-007, MS10-013) will provide operators and administrators with knowledge about one of the most common web application threats, which allows malicious users to manipulate webpages by leveraging carefully constructed strings that influence web browsers to act in an uncharacteristic manner, often time resulting in exploitation..

Impact on Cisco Products

Impact Assessment of February 2010 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.