Cisco Event Response: Microsoft Security Bulletin Release for November 2008

November 11, 2008

Microsoft published its November monthly security bulletin release on November 11, 2008. Two bulletins were released that address four individual vulnerabilities. Microsoft rated one advisory as Important and one as Critical. The Critical bulletin addresses three vulnerabilities in XML Core Services, which is part of Microsoft Windows, that could allow an attacker to conduct cross-site scripting attacks or execute code with the privileges of the user. The Important bulletin addresses a flaw in Windows products that could allow an attacker to execute arbitrary code.

Cisco Security Intelligence Engineering

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. When applicable, Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, Cisco Security Agent endpoint protection, Cisco Security Monitoring, Analysis, and Response System Incidents, and firewall inspection are among the techniques discussed in the bulletins.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for November 11, 2008

Cisco Contact Center and Self Service Products Impact Assessment

Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Impact Assessment of November 2008 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products

Cisco Security IntelliShield Alert Manager and Cisco IPS

The following table identifies Cisco Security IntelliShield Alert Manager alerts and Cisco IPS signatures that are associated with this Microsoft release:

Microsoft Security Bulletin	Affected Product	Cisco IntelliShield Alert	CVE ID	Cisco IPS Signature	CVSS Base Score
Microsoft Security Bulletin MS08-068 Vulnerability in SMB Could Allow Remote Code Execution	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server Microsoft Windows Vista	Microsoft Windows SMB Protocol NTLM Credential Handling Arbitrary Code Execution Vulnerability	CVE-2008-4037	–	9.3
Microsoft Security Bulletin MS08-069 Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution	Microsoft XML Core Services	Microsoft XML Core Services Document Type Definitions Handling Cross-Domain Security Bypass Information Disclosure Vulnerability	CVE-2008-4029	7283.0 7283.1	4.3
		Microsoft XML Core Services Transfer-Encoding Header Handling Information Disclosure Vulnerability	CVE-2008-4033	7255-0 7255-1 7255-2	4.3
		Microsoft XML Core Services Memory Corruption Vulnerability	CVE-2007-0099	5640-0 5640-1 5640-2	9.3

Return to Cisco Security Center