Cisco Event Response: Microsoft Security Bulletin for July 2008

July 8, 2008

Microsoft released the July Security Update on July 8, 2008. Four bulletins were released that address nine individual vulnerabilities. Microsoft rated each advisory as Important. Two vulnerabilities in DNS services could allow attackers to conduct spoofing or DNS cache poisoning attacks, while two vulnerabilities in the Microsoft Exchange Outlook Web Access component could allow an attacker to conduct cross-site scripting attacks. Four vulnerabilities in Microsoft SQL Server could allow attackers to execute arbitrary code on affected systems, which could result in an escalation of privileges. In some site configurations, attackers could leverage externally accessible applications that accept user input to exploit these vulnerabilities without requiring authentication. The final vulnerability could allow an attacker to execute arbitrary code with user privileges on Windows Vista platforms.

Cisco Security Intelligence Engineering Content

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. When applicable, Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco Security Monitoring, Analysis, and Response System Incidents, Cisco IOS NetFlow, and firewall inspection are among the techniques discussed in the bulletins.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin for July 2008

Security Intelligence Best Practices help organizations secure business applications and processes by identifying, preventing, and adapting to threats. The following white paper will provide operators and administrators with knowledge about the Domain Name System (DNS) and its role and operations, along with implementation flaws in the protocol and best practices, network protections, and attack identification techniques that can be used to secure it.

DNS Best Practices, Network Protections, and Attack Identification (MS08-040: CVE-2008-0086, CVE-2008-0106)

Cisco Contact Center Enterprise and Hosted Products Impact Assessment

Products Notices for Cisco Enterprise and Hosted Contact Center evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Impact Assessment of July 2008 Microsoft Security Bulletins on Cisco Contact Center Enterprise and Hosted Products

Cisco Security IntelliShield Alert Manager and Cisco IPS

The following table identifies Cisco Security IntelliShield Alert Manager alerts and Cisco IPS signatures associated with this Microsoft update:

Microsoft Security Bulletin	Affected Product	Cisco IntelliShield Alert	CVE ID	Cisco IPS Signature	CVSS Base Score
Microsoft Security Bulletin MS08-037 Vulnerabilities in DNS Could Allow Spoofing	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server	Multiple Vendor DNS Implementation Insufficient Entropy Vulnerability	CVE-2008-1447	4004-0	6.4
		Microsoft Windows DNS Service Cache Poisoning Vulnerability	CVE-2008-1454	–	4.3
Microsoft Security Bulletin MS08-038 Vulnerability in Windows Explorer Could Allow Remote Code Execution	Microsoft Windows Vista Microsoft Windows Server	Microsoft Windows Saved Search File Processing Arbitrary Code Execution Vulnerability	CVE-2008-1435	6966-0 6966-1 6966-2	6.8
Microsoft Security Bulletin MS08-039 Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege	Microsoft Exchange Server	Microsoft Exchange Outlook Web Access Script Injection Vulnerability	CVE-2008-2247	6790-0	4.3
	Microsoft Exchange Server	Microsoft Exchange Outlook Web Access HTML Parsing Vulnerability	CVE-2008-2248	6790-1	4.3
Microsoft Security Bulletin MS08-040 Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege	Microsoft SQL Server Microsoft Data Engine (MSDE) Windows Internal Database (WYukon)	Microsoft SQL Server SQL Memory Page Reuse Information Disclosure Vulnerability	CVE-2008-0085	–	3.5
		Microsoft SQL Server Convert Function Buffer Overflow Vulnerability	CVE-2008-0086	6967-0	9.3
		Microsoft SQL Server Buffer Overflow Vulnerability	CVE-2008-0106	–	9.3
		Microsoft SQL Server Memory Corruption Vulnerability	CVE-2008-0107	6792-0	9.0

Return to Cisco Security Center