Cisco Event Response: Microsoft Security Bulletin Release for March 2010

March 9, 2010

Microsoft published its monthly security bulletin release on March 9, 2010. Two bulletins were released that address 8 individual vulnerabilities. Both bulletins are rated as Important. The first bulletin addresses vulnerabilities in Microsoft Windows Moviemaker and Microsoft Producer, and the second addresses Microsoft Office Excel. These vulnerabilities could allow an attacker to execute arbitrary code.

In addition to the two bulletins that were announced in the usual manner, Microsoft subsequently released an advisory to address a remote code execution vulnerability in Internet Explorer. Reports indicate that targeted attacks are exploiting this vulnerability. Patches were not available at the time of advisory release.


 


Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS10-016

Vulnerability in Windows Movie Maker Could Allow Remote Code Execution

Microsoft Windows Movie Maker Crafted Project File Arbitrary Code Execution Vulnerability
CVE-2010-0265

Cisco IPS Signature 24580-0
Cisco Security MARS

9.3

Microsoft Security Bulletin MS10-017

Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution

Microsoft Office Excel Record Processing Memory Corruption Vulnerability
CVE-2010-0257
Cisco IPS Signature 24639-0
Cisco Security MARS
9.3
Microsoft Office Excel Sheet Object Type Handling Arbitrary Code Execution Vulnerability
CVE-2010-0258
Cisco IPS Signature 24779-0
Cisco IPS Signature 24779-1
Cisco Security MARS
9.3
Microsoft Office Excel MDXTUPLE Record Processing Heap Overflow Vulnerability
CVE-2010-0260
Cisco IPS Signature 24559-0
Cisco Security MARS
9.3
Microsoft Office Excel MDSET Record Processing Heap Overflow Vulnerability
CVE-2010-0261
Cisco IPS Signature 24599-0
Cisco Security MARS
9.3
Microsoft Office Excel FNGROUPNAME Record Processing Uninitialized Memory Access Arbitrary Code Execution Vulnerability
CVE-2010-0262
Cisco IPS Signature 24719-0
Cisco Security MARS
9.3
Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability
CVE-2010-0263
Cisco IPS Signature 24579-0
Cisco IPS Signature 24579-1
Cisco Security MARS
9.3
Microsoft Office Excel DbOrParamQry Record Processing Arbitrary Code Execution Vulnerability
CVE-2010-0264
Cisco IPS Signature 24699-0
Cisco Security MARS
9.3

Microsoft Security Advisory (981374)

Vulnerability in Internet Explorer Could Allow Remote Code Execution

Microsoft Internet Explorer Invalid Pointer Reference Access Arbitrary Code Execution Vulnerability
CVE-2010-0806
9.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco Intrusion Prevention System (IPS) signatures and Cisco Security Monitoring, Analysis, and Response System Incidents are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for March 2010

Impact on Cisco Products

Impact Assessment of March 2010 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.