Cisco Event Response: Microsoft Security Bulletin Release for July 2009

July 14, 2009

Microsoft published its monthly security bulletin release on July 14, 2009. Six bulletins were released that address nine individual vulnerabilities. Three of the bulletins are rated as Critical, and the remainder are rated as Important.

The three Critical bulletins address vulnerabilities in Microsoft Windows that could allow attacker to execute arbitrary code. However, an attacker must rely on user interaction to accomplish an exploit of these vulnerabilities. The Important bulletin for Microsoft Publisher also corrects a vulnerability that could allow attackers to execute arbitrary code. The remaining Important bulletins correct privilege escalation vulnerabilities in Microsoft ISA Server and Microsoft Virtual PC and Virtual Server.

Two previously reported vulnerabilities, CVE-2009-1537 (MS09-028) and CVE-2008-0015 (MS09-032), were addressed by Microsoft as part of this release; current reports indicate active and ongoing exploitation of each vulnerability.

 

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS09-028

Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution

Microsoft Windows DirectShow QuickTime Media Processing Arbitrary Code Execution Vulnerability
CVE-2009-1537

Cisco IPS Signature 19219-0
Cisco IPS Signature 19219-3
Cisco Security MARS
Cisco ASA/PIX/FWSM
Cisco ACE

9.3
Microsoft DirectShow Pointer Validation Arbitrary Code Execution Vulnerability
CVE-2009-1538
Cisco IPS Signature 19384-0
Cisco Security MARS
Cisco ASA/PIX/FWSM
Cisco ACE
9.3
Microsoft DirectShow Field Size Validation Arbitrary Code Execution Vulnerability
CVE-2009-1539
Cisco IPS Signature 19383-0
Cisco Security MARS
Cisco ASA/PIX/FWSM
Cisco ACE
9.3

Microsoft Security Bulletin MS09-029

Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution

Microsoft Windows Embedded OpenType Font Heap Overflow Vulnerability
CVE-2009-0231
Cisco IPS Signature 19381-0
Cisco Security MARS
9.3
Microsoft Windows Embedded OpenType Font Parsing Integer Overflow Vulnerability
CVE-2009-0232
Cisco IPS Signature 19382-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS09-030

Vulnerability in Microsoft Publisher Could Allow Remote Code Execution

Microsoft Publisher Legacy File Format Parsing Pointer Dereference Vulnerability
CVE-2009-0566
Cisco IPS Signature 19401-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS09-031

Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege

Microsoft Internet Security and Acceleration Server Radius One-Time Password Authentication Bypass Vulnerability
CVE-2009-1135
9.3

Microsoft Security Bulletin MS09-032

Cumulative Security Update of ActiveX Kill Bits

Microsoft Windows Video msvidctl ActiveX Control Code Execution Vulnerability
CVE-2008-0015
Cisco IPS Signature 19339-0
Cisco IPS Signature 19339-1
Cisco IPS Signature 19339-2
Cisco IPS Signature 19339-3
Cisco IPS Signature 19339-4
Cisco IPS Signature 19339-5
Cisco IPS Signature 19339-6
Cisco IPS Signature 19339-7
Cisco IPS Signature 19339-8
Cisco IPS Signature 19339-9
Cisco Security MARS
9.3

Microsoft Security Bulletin MS09-033

Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege

Microsoft Virtual PC and Virtual Server Guest Operating System Privilege Escalation Vulnerability
CVE-2009-1542
4.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco Intrusion Prevention System (IPS) signatures, Cisco Security Monitoring, Analysis, and Response System Incidents, Cisco ACE Application Control Engine, and firewall inspection are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for July 2009

Impact on Cisco Products

Impact Assessment of July 2009 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.