Cisco Event Response: Microsoft Security Bulletin Release for June 2009

June 9, 2009

Microsoft published its monthly security bulletin release on June 9, 2009. Ten bulletins were released to address a total of 31 individual vulnerabilities. Microsoft rated six of the ten bulletins as Critical, four as Important, and one as Moderate. Five of the Critical bulletins address vulnerabilities in Microsoft Windows and Office applications, including Word, Excel, and Internet Explorer. Exploits of these vulnerabilities could allow an attacker to execute arbitrary code, but an attacker must rely upon user participation to accomplish an exploit. The final Critical bulletin addresses vulnerabilities in Active Directory that could allow a remote attacker to execute arbitrary code on a targeted system. One previously reported vulnerability in Microsoft Internet Information Services was corrected as part of this month's Microsoft release. Although exploit code exists publicly for this vulnerability, no incidents have been reported.

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin	Cisco IntelliShield Alert	CVE ID	Cisco Mitigations	CVSS Base Score
Microsoft Security Bulletin MS09-018 Vulnerabilities in Active Directory Could Allow Remote Code Execution	Microsoft Active Directory Invalid Memory Free Code Execution Vulnerability	CVE-2009-1138	Cisco IPS Signature 18600-0 Cisco Security MARS Cisco IOS Netflow Cisco IOS tACL Cisco ASA/PIX/FWSM	10.0
	Microsoft Windows Active Directory Memory Leak Denial of Service Vulnerability	CVE-2009-1139	Cisco IPS Signature 18619-0 Cisco Security MARS Cisco IOS Netflow Cisco IOS tACL Cisco ASA/PIX/FWSM	7.8
Microsoft Security Bulletin MS09-019 Cumulative Security Update for Internet Explorer	Microsoft Internet Explorer Cross-Domain Bypass Information Disclosure Vulnerability	CVE-2007-3091	Cisco IPS Signature 18457-0 Cisco Security MARS	9.3
	Microsoft Internet Explorer Cross-Domain Cache Access Vulnerability	CVE-2009-1140	Cisco IPS Signature 18458-0 Cisco Security MARS	9.3
	Microsoft Internet Explorer Dynamic HTML Object Processing Memory Corruption Vulnerability	CVE-2009-1141	Cisco IPS Signature 18459-0 Cisco Security MARS	9.3
	Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability	CVE-2009-1528	Cisco IPS Signature 18460-0 Cisco Security MARS	9.3
	Microsoft Internet Explorer Uninitialized Memory Access Code Execution Vulnerability	CVE-2009-1529	Cisco IPS Signature 18461-0 Cisco Security MARS	9.3
	Microsoft Internet Explorer HTML Object Processing Memory Corruption Vulnerability	CVE-2009-1530	Cisco IPS Signature 18462-0 Cisco Security MARS	9.3
	Microsoft Internet Explorer Uninitialized Memory Access Code Execution Vulnerability	CVE-2009-1531	Cisco IPS Signature 18463-0 Cisco Security MARS	9.3
	Microsoft Internet Explorer HTML Object Handling Code Execution Vulnerability	CVE-2009-1532	Cisco IPS Signature 18464-0 Cisco Security MARS	9.3
Microsoft Security Bulletin MS09-020 Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege	Microsoft Internet Information Services WebDAV Authentication Bypass Vulnerability	CVE-2009-1122	–	6.4
	Microsoft Internet Information Services WebDav Unicode Processing Security Bypass Vulnerability	CVE-2009-1535	–	6.4
Microsoft Security Bulletin MS09-021 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution	Microsoft Office Excel File Parsing Pointer Corruption Vulnerability	CVE-2009-0549	Cisco IPS Signature 18624-0 Cisco Security MARS	9.3
	Microsoft Office Excel Record Parsing Memory Corruption Vulnerability	CVE-2009-0557	Cisco IPS Signature 18419-0 Cisco Security MARS	9.3
	Microsoft Office Excel Array Index Parsing Memory Corruption Vulnerability	CVE-2009-0558	Cisco IPS Signature 18420-0 Cisco Security MARS	9.3
	Microsoft Office Excel String Copy Buffer Overflow Vulnerability	CVE-2009-0559	Cisco IPS Signature 18421-0 Cisco Security MARS	9.3
	Microsoft Office Excel Field Sanitization Arbitrary Code Execution Vulnerability	CVE-2009-0560	Cisco IPS Signature 18437-0 Cisco Security MARS	9.3
	Microsoft Office Excel Record Processing Integer Overflow Vulnerability	CVE-2009-0561	Cisco IPS Signature 18438-0 Cisco Security MARS	9.3
	Microsoft Office Excel Record Parsing Memory Pointer Corruption Vulnerability	CVE-2009-1134	Cisco IPS Signature 18441-0 Cisco Security MARS	9.3
Microsoft Security Bulletin MS09-022 Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution	Microsoft Windows Print Spooler Buffer Overflow Vulnerability	CVE-2009-0228	Cisco IOS tACL Cisco ASA/PIX/FWSM Cisco IOS Netflow	10.0
	Microsoft Windows Print Spooler File Read Information Disclosure Vulnerability	CVE-2009-0229	–	4.6
	Microsoft Windows Print Spooler Library Loading Privilege Escalation Vulnerability	CVE-2009-0230	Cisco IOS tACL Cisco ASA/PIX/FWSM Cisco IOS Netflow	8.3
Microsoft Security Bulletin MS09-023 Vulnerability in Windows Search Could Allow Information Disclosure	Microsoft Windows Search Script Execution Information Disclosure Vulnerability	CVE-2009-0239	–	2.6
Microsoft Security Bulletin MS09-024 Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution	Microsoft Office Works Converter Buffer Overflow Vulnerability	CVE-2009-1533	Cisco IPS Signature 18418-0 Cisco Security MARS	9.3
Microsoft Security Bulletin MS09-025 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege	Microsoft Windows Kernel Desktop Object Processing Privilege Escalation Vulnerability	CVE-2009-1123	–	6.8
	Microsoft Windows Kernel Pointer Validation Privilege Escalation Vulnerability	CVE-2009-1124	–	6.8
	Microsoft Windows Kernel Driver Class Registration Privilege Escalation Vulnerability	CVE-2009-1125	–	6.8
	Microsoft Windows Kernel Desktop Parameter Edit Privilege Escalation Vulnerability	CVE-2009-1126	–	6.8
Microsoft Security Bulletin MS09-026 Vulnerability in RPC Could Allow Elevation of Privilege	Microsoft Windows RPC Marshalling Engine Privilege Escalation Issue	CVE-2009-0568	–	9.3
Microsoft Security Bulletin MS09-027 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution	Microsoft Office Word Record Processing Buffer Overflow Vulnerability	CVE-2009-0563	Cisco IPS Signature 18559-0 Cisco Security MARS	9.3
	Microsoft Office Word Arbitrary Code Execution Vulnerability	CVE-2009-0565	Cisco IPS Signature 18560-0 Cisco Security MARS	9.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, Cisco Security Monitoring, Analysis, and Response System Incidents, and firewall inspection are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for June 2009

Impact on Cisco Products

Impact Assessment of June 2009 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.