Cisco Event Response: Microsoft Security Bulletin Release for October 2009

October 13, 2009

Microsoft published its monthly security bulletin release on October 13, 2009. Thirteen bulletins were released that address 33 individual vulnerabilities. Eight of the bulletins are rated as Critical, and the remainder are rated as Important.

The eight Critical bulletins address vulnerabilities in Microsoft Developer Tools, Forefront, Internet Explorer, Office, Silverlight, SQL Server, and Windows.  These vulnerabilities could allow an attacker to execute arbitrary code. The Important bulletins address vulnerabilities in Microsoft Windows that could result in arbitrary code execution, a denial of service, spoofing, or privilege escalation.


 


Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS09-050

Vulnerabilities in SMBv2 Could Allow Remote Code Execution

Microsoft Windows SMBv2 Infinite Loop Denial of Service Vulnerability
CVE-2009-2526
Cisco IPS Signatures 21619-0, 21619-1, 21619-2
Cisco ASA/PIX/FWSM
Cisco Security MARS
Cisco IOS Netflow
Cisco IOS tACL
Cisco IOS FPM
7.8
Microsoft Windows SMBv2 Command Value Arbitrary Code Execution Vulnerability
CVE-2009-2532
Cisco IPS Signature 21301-0
Cisco ASA/PIX/FWSM
Cisco Security MARS
Cisco IOS Netflow
Cisco IOS tACL
Cisco IOS FPM
10.0
Microsoft Windows SMB2 Remote Code Execution Vulnerability
CVE-2009-3103
Cisco IPS Signature 21301-0
Cisco ASA/PIX/FWSM
Cisco Security MARS
Cisco IOS Netflow
Cisco IOS tACL
Cisco IOS FPM
10.0

Microsoft Security Bulletin MS09-051

Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution

Microsoft Windows Media Runtime Voice Sampling Arbitrary Code Execution Vulnerability
CVE-2009-0555
Cisco IPS Signature 21460-0
Cisco Security MARS
9.3
Microsoft Windows Media Runtime Heap Corruption Vulnerability
CVE-2009-2525
Cisco IPS Signature 21459-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS09-052

Vulnerability in Windows Media Player Could Allow Remote Code Execution

Microsoft Windows Media Player ASF File Processing Heap Overflow Vulnerability
CVE-2009-2527
Cisco IPS Signature 21660-0, 21661-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS09-053

Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution

Microsoft Internet Information Services FTP Server Remote Wildcard Searching Denial of Service Vulnerability
CVE-2009-2521
Cisco IPS Signatures 21539-0, 21539-1, 21539-2
Cisco ASA/PIX/FWSM
Cisco Security MARS
Cisco IOS Netflow
Cisco IOS tACL
Cisco IOS FPM
4.0
Microsoft Internet Information Services FTPd Remote Buffer Overflow Vulnerability
CVE-2009-3023
Cisco ASA/PIX/FWSM
Cisco IOS Netflow
Cisco IOS tACL
Cisco IOS FPM
9.0

Microsoft Security Bulletin MS09-054

Cumulative Security Update for Internet Explorer

Microsoft Internet Explorer Data Stream Header Processing Memory Corruption Vulnerability
CVE-2009-1547
Cisco IPS Signature 21519-0
Cisco Security MARS
9.3
Microsoft Internet Explorer HTML Component Processing Arbitrary Code Execution Vulnerability
CVE-2009-2529
Cisco IPS Signature 21600-0
Cisco Security MARS
9.3
Microsoft Internet Explorer Uninitialized Object Memory Access Vulnerability
CVE-2009-2530
9.3
Microsoft Internet Explorer Uninitialized Memory Access Vulnerability
CVE-2009-2531
Cisco IPS Signature 21359-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS09-055

Cumulative Security Update of ActiveX Kill Bits

Microsoft Visual Studio Active Template Library OleLoadFromStream Remote Object Instantiation Vulnerability
CVE-2009-2493

Cisco IPS Signature 20059-0
Cisco ASA/PIX/FWSM
Cisco ACE
Cisco Security MARS

9.3

Microsoft Security Bulletin MS09-056

Vulnerabilities in Windows CryptoAPI Could Allow Spoofing

Microsoft Windows X.509 Common Name Null Character Truncation Vulnerability
CVE-2009-2510
Cisco IPS Signature 21380-0
Cisco Security MARS
5.8
Microsoft Windows X.509 Integer Overflow Spoofing Vulnerability
CVE-2009-2511
Cisco IPS Signature 21380-0
Cisco Security MARS
5.8

Microsoft Security Bulletin MS09-057

Vulnerability in Indexing Service Could Allow Remote Code Execution

Microsoft Windows Indexing Service ActiveX Control Memory Corruption Vulnerability
CVE-2009-2507
Cisco IPS Signatures 21599-0, 21599-1, 21599-2
Cisco ASA/PIX/FWSM
Cisco ACE
Cisco Security MARS
9.3

Microsoft Security Bulletin MS09-058

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege

Microsoft Windows Kernel Value Truncation Integer Underflow Vulnerability
CVE-2009-2515
6.8
Microsoft Windows Kernel NULL Pointer Dereference Vulnerability
CVE-2009-2516
6.8
Microsoft Windows Kernel Exception Handling Denial of Service Vulnerability
CVE-2009-2517
4.6

Microsoft Security Bulletin MS09-059

Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service

Microsoft Windows Local Security Authority Subsystem Service Integer Overflow Vulnerability
CVE-2009-2524
Cisco ASA/PIX/FWSM
Cisco IOS Netflow
Cisco IOS tACL
9.3

Microsoft Security Bulletin MS09-060

Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution

Microsoft Visual Studio Active Template Library Uninitialized Object Vulnerability
CVE-2009-0901
Cisco ASA/PIX/FWSM
Cisco ACE
9.3
Microsoft Visual Studio Active Template Library OleLoadFromStream Remote Object Instantiation Vulnerability
CVE-2009-2493
Cisco IPS Signature 20059-0
Cisco ASA/PIX/FWSM
Cisco ACE
Cisco Security MARS
9.3
Microsoft Active Template Library Null String Information Disclosure Vulnerability
CVE-2009-2495
7.1

Microsoft Security Bulletin MS09-061

Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution

Microsoft .NET Framework Pointer Verification Code Execution Vulnerability
CVE-2009-0090
Cisco IPS Signature 21580-0
Cisco Security MARS
9.3
Microsoft .NET Framework Type Verification Code Execution Vulnerability
CVE-2009-0091
Cisco IPS Signature 21623-0
Cisco Security MARS
9.3
Microsoft .NET Framework and Silverlight Common Language Runtime Arbitrary Code Execution Vulnerability
CVE-2009-2497
Cisco IPS Signature 21581-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS09-062

Vulnerabilities in GDI+ Could Allow Remote Code Execution

Microsoft Windows GDI+ WMF File Processing Integer Overflow Vulnerability
CVE-2009-2500
9.3
Microsoft Windows GDI+ PNG Image Processing Heap Overflow Vulnerability
CVE-2009-2501
Cisco IPS Signature 21499-0
Cisco Security MARS
9.3
Microsoft Windows GDI+ TIFF Image Processing Buffer Overflow Vulnerability
CVE-2009-2502
Cisco IPS Signature 21622-1
Cisco Security MARS
9.3
Microsoft Windows GDI+ TIFF Image Processing Memory Corruption Vulnerability
CVE-2009-2503
Cisco IPS Signature 21622-0
Cisco Security MARS
9.3
Microsoft Windows GDI+ .NET PropertyItem Processing Heap Overflow Vulnerability
CVE-2009-2504
Cisco IPS Signature 21520-0
Cisco Security MARS
9.3
Microsoft Office BMP Image Processing Integer Overflow Vulnerability
CVE-2009-2518
Cisco IPS Signature 21500-0
Cisco Security MARS
9.3
Microsoft Office Memory Corruption Vulnerability
CVE-2009-2528
Cisco IPS Signature 21559-0, 21559-1
Cisco Security MARS
9.3
Microsoft Windows GDI+ PNG Image Processing Integer Overflow Vulnerability
CVE-2009-3126
Cisco IPS Signature 21479-0
Cisco Security MARS
9.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, Cisco Security Agent endpoint protection, Cisco Security Monitoring, Analysis, and Response System Incidents, Cisco ACE Application Control Engine, Cisco IOS Flexible Packet Matching, and firewall inspection are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for October 2009

Impact on Cisco Products

Impact Assessment of October 2009 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.