Cisco Event Response: Microsoft Security Bulletin Release for November 2010

November 9, 2010

Microsoft published its monthly security bulletin release on November 9, 2010. Three security bulletins were released that address 11 individual vulnerabilities. The bulletins address vulnerabilities in Microsoft Office, Microsoft Powerpoint, and Microsoft Forefront Unified Access Gateway. Exploitation of the vulnerabilities could allow attackers to execute arbitrary code on targeted systems or gain elevated privileges.

Cisco Security
Intelligence Operations

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin	Cisco IntelliShield Alert	CVE ID	Cisco Mitigations	CVSS Base Score
Microsoft Security Bulletin MS10-087 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution	Microsoft Office Rich Text Format Content Processing Buffer Overflow Vulnerability	CVE-2010-3333	Cisco IPS Signature 31239-0 Cisco Security MARS	9.3
	Microsoft Office Drawing Records Processing Arbitrary Code Execution Vulnerability	CVE-2010-3334	Cisco IPS Signature 31420-0 Cisco Security MARS	9.3
	Microsoft Office Exception Handling Memory Corruption Vulnerability	CVE-2010-3335	–	9.3
	Microsoft Office SPID Processing Arbitrary Code Execution Vulnerability	CVE-2010-3336	Cisco IPS Signature 31179-0 Cisco Security MARS	9.3
	Microsoft Office Insecure Library Loading Vulnerability	CVE-2010-3337	Cisco IPS Signature 31419-0 Cisco Security MARS	9.3
Microsoft Security Bulletin MS10-088 Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution	Microsoft Office PowerPoint Document Parsing Buffer Overflow Vulnerability	CVE-2010-2572	Cisco IPS Signature 30959-0 Cisco Security MARS	9.3
	Microsoft Office PowerPoint Heap Corruption Arbitrary Code Execution Vulnerability	CVE-2010-2573	Cisco IPS Signature 31439-0 Cisco Security MARS	9.3
Microsoft Security Bulletin MS10-089 Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege	Microsoft Forefront Unified Access Gateway Spoofing Vulnerability	CVE-2010-2732	Cisco IPS Signature 31219-0 Cisco Security MARS	2.9
	Microsoft Forefront Unified Access Gateway Web Monitor Cross-Site Scripting Vulnerability	CVE-2010-2733	Cisco IPS Signature 31159-0 Cisco Security MARS	4.3
	Microsoft Forefront Unified Access Gateway Mobile Web Portal Cross-Site Scripting Vulnerability	CVE-2010-2734	Cisco IPS Signature 31339-0 Cisco Security MARS	4.3
	Microsoft Forefront Unified Access Gateway signurl.asp Cross-Site Scripting Vulnerability	CVE-2010-3936	Cisco IPS Signature 31339-0 Cisco Security MARS	4.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco Intrusion Prevention System (IPS) signatures are discussed in this bulletin: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for November 2010

Impact on Cisco Products

Impact Assessment of November 2010 Microsoft Security Bulletin on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.