Cisco Event Response: Microsoft Security Bulletin Release for November 2009

November 10, 2009

Microsoft published its monthly security bulletin release on November 10, 2009. Six bulletins were released that address 15 individual vulnerabilities. Three of the bulletins are rated as Critical, and the remainder are rated as Important.

The three Critical bulletins address vulnerabilities in Microsoft Windows. These vulnerabilities could allow an attacker to execute arbitrary code. The Important bulletins address vulnerabilities in Microsoft Excel, Word, and Windows that could result in arbitrary code execution or a denial of service.  The Important bulletins that address code execution in Excel and Word describe vulnerabilities for which an attacker must rely on user interaction to accomplish an exploit.


 

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS09-063

Vulnerability in Web Services on Devices API Could Allow Remote Code Execution

Microsoft Windows GDI+ PNG Image Processing Integer Overflow Vulnerability
CVE-2009-2512
Cisco IPS Signature 22079-0
Cisco ASA/PIX/FWSM
Cisco Security MARS
Cisco IOS Netflow
Cisco IOS tACL
Cisco IOS VACL
Cisco ACE
10.0

Microsoft Security Bulletin MS09-064

Vulnerability in License Logging Server Could Allow Remote Code Execution

Microsoft Windows License Logging Service Heap Overflow Vulnerability
CVE-2009-2523
Cisco IPS Signature 22059-0
Cisco ASA/PIX/FWSM
Cisco Security MARS
Cisco IOS Netflow
Cisco IOS tACL
Cisco IOS VACL
Cisco ACE
10.0

Microsoft Security Bulletin MS09-065

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

Microsoft Windows Kernel NULL Pointer Dereference Privilege Escalation Vulnerability
CVE-2009-1127
6.8
Microsoft Windows Kernel Data Validation Privilege Escalation Vulnerability
CVE-2009-2513
6.8
Microsoft Windows Kernel Font Processing Arbitrary Code Execution Vulnerability
CVE-2009-2514
Cisco IPS Signature 22080-0
Cisco ASA/PIX/FWSM
Cisco Security MARS
Cisco IOS Netflow
Cisco IOS tACL
Cisco IOS VACL
Cisco ACE
9.3

Microsoft Security Bulletin MS09-066

Vulnerability in Active Directory Could Allow Denial of Service

Microsoft Active Directory LDAP Request Processing Denial of Service Vulnerability
CVE-2009-1928
Cisco IPS Signature 21980-0
Cisco ASA/PIX/FWSM
Cisco Security MARS
Cisco IOS Netflow
Cisco IOS tACL
Cisco IOS VACL
Cisco ACE
7.8

Microsoft Security Bulletin MS09-067

Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution

Microsoft Office Excel Cache Memory Corruption Arbitrary Code Execution Vulnerability
CVE-2009-3127
Cisco IPS Signature 22120-0
Cisco Security MARS
9.3
Microsoft Office Excel SxView Record Processing Code Execution Vulnerability
CVE-2009-3128
Cisco IPS Signature 22083-0
Cisco Security MARS
9.3
Microsoft Office Excel Featheader Record Processing Arbitrary Code Execution Vulnerability
CVE-2009-3129
Cisco IPS Signature 21920-0
Cisco Security MARS
9.3
Microsoft Office Excel BIFF Record Parsing Arbitrary Code Execution Vulnerability
CVE-2009-3130
Cisco IPS Signature 22093-0
Cisco Security MARS
9.3
Microsoft Office Excel Formula Parsing Arbitrary Code Execution Vulnerability
CVE-2009-3131
Cisco IPS Signature 22081-0
Cisco Security MARS
9.3
Microsoft Office Excel Index Parsing Arbitrary Code Execution Vulnerability
CVE-2009-3132
Cisco IPS Signature 22122-0
Cisco Security MARS
9.3
Microsoft Office Excel Object Parsing Arbitrary Code Execution Vulnerability
CVE-2009-3133
Cisco IPS Signature 22086-0
Cisco Security MARS
9.3
Microsoft Office Excel Object Validation Arbitrary Code Execution Vulnerability
CVE-2009-3134
Cisco IPS Signature 22084-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS09-068

Vulnerability in Microsoft Office Word Could Allow Remote Code Execution

Microsoft Word Arbitrary Code Execution Vulnerability
CVE-2009-3135
Cisco IPS Signature 21979-0
Cisco Security MARS
9.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, Cisco IOS VLAN access control lists, Cisco Security Agent endpoint protection, Cisco Security Monitoring, Analysis, and Response System Incidents, Cisco ACE Application Control Engine, and firewall inspection are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for November 2009

Impact on Cisco Products

Impact Assessment of November 2009 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.