Cisco Event Response: Microsoft Security Bulletin Release for October 2009

October 13, 2009

Microsoft published its monthly security bulletin release on October 13, 2009. Thirteen bulletins were released that address 33 individual vulnerabilities. Eight of the bulletins are rated as Critical, and the remainder are rated as Important.

The eight Critical bulletins address vulnerabilities in Microsoft Developer Tools, Forefront, Internet Explorer, Office, Silverlight, SQL Server, and Windows. These vulnerabilities could allow an attacker to execute arbitrary code. The Important bulletins address vulnerabilities in Microsoft Windows that could result in arbitrary code execution, a denial of service, spoofing, or privilege escalation.

Cisco Security
Intelligence Operations

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin	Cisco IntelliShield Alert	CVE ID	Cisco Mitigations	CVSS Base Score
Microsoft Security Bulletin MS09-050 Vulnerabilities in SMBv2 Could Allow Remote Code Execution	Microsoft Windows SMBv2 Infinite Loop Denial of Service Vulnerability	CVE-2009-2526	Cisco IPS Signatures 21619-0, 21619-1, 21619-2 Cisco ASA/PIX/FWSM Cisco Security MARS Cisco IOS Netflow Cisco IOS tACL Cisco IOS FPM	7.8
	Microsoft Windows SMBv2 Command Value Arbitrary Code Execution Vulnerability	CVE-2009-2532	Cisco IPS Signature 21301-0 Cisco ASA/PIX/FWSM Cisco Security MARS Cisco IOS Netflow Cisco IOS tACL Cisco IOS FPM	10.0
	Microsoft Windows SMB2 Remote Code Execution Vulnerability	CVE-2009-3103	Cisco IPS Signature 21301-0 Cisco ASA/PIX/FWSM Cisco Security MARS Cisco IOS Netflow Cisco IOS tACL Cisco IOS FPM	10.0
Microsoft Security Bulletin MS09-051 Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution	Microsoft Windows Media Runtime Voice Sampling Arbitrary Code Execution Vulnerability	CVE-2009-0555	Cisco IPS Signature 21460-0 Cisco Security MARS	9.3
	Microsoft Windows Media Runtime Heap Corruption Vulnerability	CVE-2009-2525	Cisco IPS Signature 21459-0 Cisco Security MARS	9.3
Microsoft Security Bulletin MS09-052 Vulnerability in Windows Media Player Could Allow Remote Code Execution	Microsoft Windows Media Player ASF File Processing Heap Overflow Vulnerability	CVE-2009-2527	Cisco IPS Signature 21660-0, 21661-0 Cisco Security MARS	9.3
Microsoft Security Bulletin MS09-053 Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution	Microsoft Internet Information Services FTP Server Remote Wildcard Searching Denial of Service Vulnerability	CVE-2009-2521	Cisco IPS Signatures 21539-0, 21539-1, 21539-2 Cisco ASA/PIX/FWSM Cisco Security MARS Cisco IOS Netflow Cisco IOS tACL Cisco IOS FPM	4.0
	Microsoft Internet Information Services FTPd Remote Buffer Overflow Vulnerability	CVE-2009-3023	Cisco ASA/PIX/FWSM Cisco IOS Netflow Cisco IOS tACL Cisco IOS FPM	9.0
Microsoft Security Bulletin MS09-054 Cumulative Security Update for Internet Explorer	Microsoft Internet Explorer Data Stream Header Processing Memory Corruption Vulnerability	CVE-2009-1547	Cisco IPS Signature 21519-0 Cisco Security MARS	9.3
	Microsoft Internet Explorer HTML Component Processing Arbitrary Code Execution Vulnerability	CVE-2009-2529	Cisco IPS Signature 21600-0 Cisco Security MARS	9.3
	Microsoft Internet Explorer Uninitialized Object Memory Access Vulnerability	CVE-2009-2530	–	9.3
	Microsoft Internet Explorer Uninitialized Memory Access Vulnerability	CVE-2009-2531	Cisco IPS Signature 21359-0 Cisco Security MARS	9.3
Microsoft Security Bulletin MS09-055 Cumulative Security Update of ActiveX Kill Bits	Microsoft Visual Studio Active Template Library OleLoadFromStream Remote Object Instantiation Vulnerability	CVE-2009-2493	Cisco IPS Signature 20059-0 Cisco ASA/PIX/FWSM Cisco ACE Cisco Security MARS	9.3
Microsoft Security Bulletin MS09-056 Vulnerabilities in Windows CryptoAPI Could Allow Spoofing	Microsoft Windows X.509 Common Name Null Character Truncation Vulnerability	CVE-2009-2510	Cisco IPS Signature 21380-0 Cisco Security MARS	5.8
	Microsoft Windows X.509 Integer Overflow Spoofing Vulnerability	CVE-2009-2511	Cisco IPS Signature 21380-0 Cisco Security MARS	5.8
Microsoft Security Bulletin MS09-057 Vulnerability in Indexing Service Could Allow Remote Code Execution	Microsoft Windows Indexing Service ActiveX Control Memory Corruption Vulnerability	CVE-2009-2507	Cisco IPS Signatures 21599-0, 21599-1, 21599-2 Cisco ASA/PIX/FWSM Cisco ACE Cisco Security MARS	9.3
Microsoft Security Bulletin MS09-058 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege	Microsoft Windows Kernel Value Truncation Integer Underflow Vulnerability	CVE-2009-2515	–	6.8
	Microsoft Windows Kernel NULL Pointer Dereference Vulnerability	CVE-2009-2516	–	6.8
	Microsoft Windows Kernel Exception Handling Denial of Service Vulnerability	CVE-2009-2517	–	4.6
Microsoft Security Bulletin MS09-059 Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service	Microsoft Windows Local Security Authority Subsystem Service Integer Overflow Vulnerability	CVE-2009-2524	Cisco ASA/PIX/FWSM Cisco IOS Netflow Cisco IOS tACL	9.3
Microsoft Security Bulletin MS09-060 Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution	Microsoft Visual Studio Active Template Library Uninitialized Object Vulnerability	CVE-2009-0901	Cisco ASA/PIX/FWSM Cisco ACE	9.3
	Microsoft Visual Studio Active Template Library OleLoadFromStream Remote Object Instantiation Vulnerability	CVE-2009-2493	Cisco IPS Signature 20059-0 Cisco ASA/PIX/FWSM Cisco ACE Cisco Security MARS	9.3
	Microsoft Active Template Library Null String Information Disclosure Vulnerability	CVE-2009-2495	–	7.1
Microsoft Security Bulletin MS09-061 Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution	Microsoft .NET Framework Pointer Verification Code Execution Vulnerability	CVE-2009-0090	Cisco IPS Signature 21580-0 Cisco Security MARS	9.3
	Microsoft .NET Framework Type Verification Code Execution Vulnerability	CVE-2009-0091	Cisco IPS Signature 21623-0 Cisco Security MARS	9.3
	Microsoft .NET Framework and Silverlight Common Language Runtime Arbitrary Code Execution Vulnerability	CVE-2009-2497	Cisco IPS Signature 21581-0 Cisco Security MARS	9.3
Microsoft Security Bulletin MS09-062 Vulnerabilities in GDI+ Could Allow Remote Code Execution	Microsoft Windows GDI+ WMF File Processing Integer Overflow Vulnerability	CVE-2009-2500	–	9.3
	Microsoft Windows GDI+ PNG Image Processing Heap Overflow Vulnerability	CVE-2009-2501	Cisco IPS Signature 21499-0 Cisco Security MARS	9.3
	Microsoft Windows GDI+ TIFF Image Processing Buffer Overflow Vulnerability	CVE-2009-2502	Cisco IPS Signature 21622-1 Cisco Security MARS	9.3
	Microsoft Windows GDI+ TIFF Image Processing Memory Corruption Vulnerability	CVE-2009-2503	Cisco IPS Signature 21622-0 Cisco Security MARS	9.3
	Microsoft Windows GDI+ .NET PropertyItem Processing Heap Overflow Vulnerability	CVE-2009-2504	Cisco IPS Signature 21520-0 Cisco Security MARS	9.3
	Microsoft Office BMP Image Processing Integer Overflow Vulnerability	CVE-2009-2518	Cisco IPS Signature 21500-0 Cisco Security MARS	9.3
	Microsoft Office Memory Corruption Vulnerability	CVE-2009-2528	Cisco IPS Signature 21559-0, 21559-1 Cisco Security MARS	9.3
	Microsoft Windows GDI+ PNG Image Processing Integer Overflow Vulnerability	CVE-2009-3126	Cisco IPS Signature 21479-0 Cisco Security MARS	9.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, Cisco Security Agent endpoint protection, Cisco Security Monitoring, Analysis, and Response System Incidents, Cisco ACE Application Control Engine, Cisco IOS Flexible Packet Matching, and firewall inspection are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for October 2009

Impact on Cisco Products

Impact Assessment of October 2009 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.