Cisco Event Response: Microsoft Security Bulletin Release for October 2008

October 14, 2008

Microsoft published its monthly security bulletin release on October 14, 2008. Eleven bulletins were released that address twenty individual vulnerabilities. Microsoft has rated four bulletins as Critical, six as Important, and one as Moderate. The advisories that address Critical vulnerabilities cover remote code execution flaws in Active Directory, Host Integration Server, Internet Explorer, and Microsoft Excel. Although each Critical vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the user, the Excel and Internet Explorer flaws require some level of user interaction. The six Important flaws cover vulnerabilities found in the Ancillary Function Driver, Internet Printing Service, Message Queuing, SMB, Virtual Address Descriptor, and Windows Kernel. The Important vulnerabilities allow for elevation of privileges or remote code execution but contain additional complexity that could limit their exploitation. The Moderate vulnerability exists in Microsoft Office and could lead to information disclosure.

Cisco Security Intelligence Engineering

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. When applicable, Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, and firewall inspection are among the techniques discussed in the bulletins.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for October 2008

Cisco Contact Center and Self Service Products Impact Assessment

Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Impact Assessment of October 2008 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products

Cisco Security IntelliShield Alert Manager and Cisco IPS

The following table identifies Cisco Security IntelliShield Alert Manager alerts and Cisco IPS signatures that are associated with this Microsoft release:

Microsoft Security Bulletin	Affected Product	Cisco IntelliShield Alert	CVE ID	Cisco IPS Signature	CVSS Base Score
Microsoft Security Bulletin MS08-056 Vulnerability in Microsoft Office Could Allow Information Disclosure	Microsoft Office	Microsoft Office CDO Protocol Handler Cross-Site Scripting Vulnerability	CVE-2008-4020	–	4.3
Microsoft Security Bulletin MS08-057 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution	Microsoft Office Microsoft Office for Mac Microsoft Open XML File Format Converter for Mac Microsoft Office Excel Viewer Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Microsoft Office SharePoint Server	Microsoft Office Excel Formula Parsing Integer Overflow Vulnerability	CVE-2008-4019	7245-0 7245-1	9.3
		Microsoft Office Excel Calendar Object Handling Arbitrary Code Execution Vulnerability	CVE-2008-3477	7246-0	9.3
		Microsoft Office Excel Binary Interchange File Format Handling Arbitrary Code Execution Vulnerability	CVE-2008-3471	7244-0	9.3
Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer	Microsoft Windows Microsoft Windows XP Professional Microsoft Windows Server Microsoft Windows Vista	Microsoft Internet Explorer Object-Based Window Location Cross-Domain Security Bypass Vulnerability	CVE-2008-2947	7247-0	9.3
		Microsoft Internet Explorer HTML Element Cross-Domain Vulnerability	CVE-2008-3472	–	9.3
		Microsoft Internet Explorer Event Handling Cross-Domain Vulnerability	CVE-2008-3473	–	9.3
		Microsoft Internet Explorer Cross-Domain Security Bypass Information Disclosure Vulnerability	CVE-2008-3474	7257-0	4.3
		Microsoft Internet Explorer Uninitialized Memory Access Vulnerability	CVE-2008-3475	5404-0	9.3
		Microsoft Internet Explorer HTML Object Processing Memory Corruption Vulnerability	CVE-2008-3476	5925-0	9.3
Microsoft Security Bulletin MS08-059 Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution	Microsoft Host Integration Server	Microsoft Host Integration Server RPC Processing Command Execution Vulnerability	CVE-2008-3466	7270-0	10.0
Microsoft Security Bulletin MS08-060 Vulnerability in Active Directory Could Allow Remote Code Execution	Microsoft Windows	Microsoft Active Directory LDAP Request Processing Denial of Service Vulnerability	CVE-2008-4023	–	10.0
Microsoft Security Bulletin MS08-061 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege	Microsoft Windows Microsoft Windows XP Professional Microsoft Windows Server Microsoft Windows Vista	Microsoft Windows Kernel Child Window Creation Privilege Escalation Vulnerability	CVE-2008-2250	–	6.8
		Microsoft Windows Kernel Double-Free Privilege Escalation Vulnerability	CVE-2008-2251	–	6.8
		Microsoft Windows Kernel Heap Overflow Privilege Escalation Vulnerability	CVE-2008-2252	–	6.8
Microsoft Security Bulletin MS08-062 Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution	Microsoft Windows Microsoft Windows XP Professional Microsoft Windows Server Microsoft Windows Vista	Microsoft Windows Internet Printing Protocol Remote Code Execution Vulnerability	CVE-2008-1446	–	6.5
Microsoft Security Bulletin MS08-063 Vulnerability in SMB Could Allow Remote Code Execution	Microsoft Windows Microsoft Windows XP Professional Microsoft Windows Server Microsoft Windows Vista	Microsoft Windows SMB Filename Processing Arbitrary Code Execution Vulnerability	CVE-2008-4038	7258-0	9.0
Microsoft Security Bulletin MS08-064 Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege	Microsoft Windows XP Professional Microsoft Windows Server Microsoft Windows Vista	Microsoft Windows Virtual Address Descriptor Privilege Escalation Vulnerability	CVE-2008-4036	–	6.8
Microsoft Security Bulletin MS08-065 Vulnerability in Message Queuing Could Allow Remote Code Execution	Microsoft Windows	Microsoft Windows Message Queuing Service RPC Request Handling Vulnerability	CVE-2008-3479	7259-0	10.0
Microsoft Security Bulletin MS08-066 Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege	Microsoft Windows XP Professional Microsoft Windows Serve	Microsoft Windows Kernel Ancillary Function Driver Privilege Escalation Vulnerability	CVE-2008-3464	–	6.8

Return to Cisco Security Center