March 10, 2009
Microsoft published its monthly security bulletin release on March 10, 2009. Three bulletins were released that address eight individual vulnerabilities. Microsoft rated one bulletin as Critical and two as Important. The Critical bulletin addresses vulnerabilities in the Microsoft Windows Kernel that could allow attackers to execute code with the privileges of the kernel. The Important bulletins address vulnerabilities in Secure Channel and the Windows DNS and WINS components that could allow attackers to perform spoofing attacks.
Cisco Security Intelligence Engineering
Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. When applicable, Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, Cisco Security Monitoring, Analysis, and Response System Incidents, and firewall inspection are among the techniques discussed in the bulletins.
Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for March 2009
Security Intelligence Best Practices help organizations secure business applications and processes by identifying, preventing, and adapting to threats. The following white paper will provide operators and administrators with knowledge about the Domain Name System (DNS) and its role and operations, along with implementation flaws in the protocol and best practices, network protections, and attack identification techniques that can be used to secure it.
DNS Best Practices, Network Protections, and Attack Identification (MS09-008: CVE-2009-0233 and CVE-2009-0234)
Impact on Cisco Products
Impact Assessment of March 2009 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.
Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.
Cisco Security IntelliShield Alert Manager and Cisco IPS
The following table identifies Cisco Security IntelliShield Alert Manager alerts and Cisco IPS signatures that are associated with this Microsoft release:
Return to Cisco Security Center