Cisco Event Response: Microsoft Security Bulletin Release for October 2010

October 12, 2010

Microsoft published its monthly security bulletin release on October 12, 2010. Sixteen security bulletins were released that address 49 individual vulnerabilities. The bulletins address vulnerabilities in the Microsoft .Net Framework, Microsoft Active Template Library, Microsoft Internet Explorer, Microsoft Office Excel, Microsoft Office Word, Windows, and Windows Media Player. Exploitation of the vulnerabilities could allow attackers to execute arbitrary code on targeted systems or gain elevated privileges.

 


Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS10-071

Cumulative Security Update for Internet Explorer

Microsoft Internet Explorer AutoComplete Information Disclosure Vulnerability
CVE-2010-0808
4.3
Microsoft Internet Explorer toStaticHTML Cross-Site Scripting Vulnerability
CVE-2010-3243
4.3
Microsoft Internet Explorer toStaticHTML String Parsing Cross-Site Scripting Vulnerability
CVE-2010-3324
Cisco IPS Signature 30419-0
Cisco Security MARS
4.3
Microsoft Internet Explorer Cascading Style Sheets Character Processing Cross-Domain Information Disclosure Vulnerability
CVE-2010-3325
4.3
Microsoft Internet Explorer Uninitialized Memory Access Arbitrary Code Execution Vulnerability
CVE-2010-3326
Cisco IPS Signature 30519-0
Cisco Security MARS
9.3
Microsoft Internet Explorer Anchor Element Information Disclosure Issue
CVE-2010-3327
9.3
Microsoft Internet Explorer Uninitialized Memory Access Arbitrary Code Execution Vulnerability
CVE-2010-3328
Cisco IPS Signature 30320-0
Cisco Security MARS
9.3
Microsoft Internet Explorer Uninitialized Memory Object Access Arbitrary Code Execution Vulnerability
CVE-2010-3329
Cisco IPS Signature 30299-0
Cisco Security MARS
Cisco ASA/FWSM
Cisco ACE
9.3
Microsoft Internet Explorer Cross-Domain Origin Bypass Information Disclosure Vulnerability
CVE-2010-3330
Cisco IPS Signature 30462-0
Cisco Security MARS
4.3
Microsoft Internet Explorer Uninitialized Object Memory Corruption Vulnerability
CVE-2010-3331
Cisco IPS Signature 30500-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS10-072

Vulnerabilities in toStaticHTML Could Allow Information Disclosure

Multiple Microsoft Products toStaticHTML Cross-Site Scripting Vulnerability
CVE-2010-3243
4.3
Multiple Microsoft Products toStaticHTML String Parsing Cross-Site Scripting Vulnerability
CVE-2010-3324
Cisco IPS Signature 30419-0
Cisco Security MARS
4.3

Microsoft Security Bulletin MS10-073

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

Microsoft Windows Kernel Use-After-Free Local Denial of Service Vulnerability
CVE-2010-2549
6.8
Microsoft Windows Kernel Keyboard Layout Handling Privilege Escalation Vulnerability
CVE-2010-2743
6.8
Microsoft Windows Kernel Window Class Validation Privilege Escalation Vulnerability
CVE-2010-2744
6.8

Microsoft Security Bulletin MS10-074

Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution

Microsoft Windows Microsoft Foundation Class Library Arbitrary Code Execution Vulnerability
CVE-2010-3227
7.6

Microsoft Security Bulletin MS10-075

Vulnerability in Media Player Network Sharing Service Could Cause Remote Code Execution

Microsoft Windows Media Player RTSP Packet Processing Arbitrary Code Execution Vulnerability
CVE-2010-3225
Cisco IPS Signature 30459-0
Cisco IOS NetFlow
Cisco ASA/FWSM
Cisco IOS tACL
10.0

Microsoft Security Bulletin MS10-076

Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution

Microsoft Windows Embedded OpenType Font Processing Arbitrary Code Execution Vulnerability
CVE-2010-1883
Cisco IPS Signature 30499-0
Cisco ASA/FWSM
Cisco ACE
9.3

Microsoft Security Bulletin MS10-077

Vulnerability in .NET Framework Could Allow Remote Code Execution

Microsoft .NET Framework x64 JIT Compiler Arbitrary Code Execution Vulnerability
CVE-2010-3228
9.3

Microsoft Security Bulletin MS10-078

Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege

Microsoft Windows OpenType Font Parsing Privilege Escalation Vulnerability
CVE-2010-2740
Cisco IPS Signature 30339-0
Cisco Security MARS
6.8
Microsoft Windows OpenType Font Validation Privilege Escalation Vulnerability
CVE-2010-2741
Cisco IPS Signature 30359-0
Cisco Security MARS
6.8

Microsoft Security Bulletin MS10-079

Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution

Microsoft Office Word Uninitialized Pointer Access Arbitrary Code Execution Vulnerability
CVE-2010-2747
9.3
Microsoft Office Word Improper Boundary Checking Arbitrary Code Execution Vulnerability
CVE-2010-2748
9.3
Microsoft Office Word Index Parsing Arbitrary Code Execution Vulnerability
CVE-2010-2750
9.3
Microsoft Office Word Stack Validation Arbitrary Code Execution Vulnerability
CVE-2010-3214
9.3
Microsoft Office Word Return Value Processing Arbitrary Code Execution Vulnerability
CVE-2010-3215
9.3
Microsoft Office Word Bookmark Handling Arbitrary Code Execution Vulnerability
CVE-2010-3216
9.3
Microsoft Office Word Pointer Processing Arbitrary Code Execution Vulnerability
CVE-2010-3217
9.3
Microsoft Office Word Heap Overflow Arbitrary Code Execution Vulnerability
CVE-2010-3218
9.3
Microsoft Office Word Document Index Parsing Arbitrary Code Execution Vulnerability
CVE-2010-3219
Cisco IPS Signature 30399-0
Cisco Security MARS
9.3
Microsoft Office Word Document Parsing Arbitrary Code Execution Vulnerability
CVE-2010-3220
Cisco IPS Signature 30382-0
Cisco Security MARS
9.3
Microsoft Office Word Record Processing Arbitrary Code Execution Vulnerability
CVE-2010-3221
9.3

Microsoft Security Bulletin MS10-080

Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution

Microsoft Office Excel Record Validation Integer Overflow Memory Corruption Vulnerability
CVE-2010-3230
Cisco IPS Signature 30381-0
Cisco Security MARS
9.3
Microsoft Office Excel Record Parsing Memory Corruption Vulnerability
CVE-2010-3231
Cisco IPS Signature 30539-0
Cisco Security MARS
9.3
Microsoft Office Excel Document Handling Arbitrary Code Execution Vulnerability
CVE-2010-3232
Cisco IPS Signature 30380-0
Cisco Security MARS
9.3
Microsoft Office Excel Lotus 1-2-3 Workbook Handling Arbitrary Code Execution Vulnerability
CVE-2010-3233
9.3
Microsoft Office Excel Cell Formula Processing Arbitrary Code Execution Vulnerability
CVE-2010-3234
9.3
Microsoft Office Excel Formula Value Processing Arbitrary Code Execution Vulnerability
CVE-2010-3235
9.3
Microsoft Office Excel Array Processing Arbitrary Code Execution Vulnerability
CVE-2010-3236
9.3
Microsoft Office Excel Merge Cell Processing Arbitrary Code Execution Vulnerability
CVE-2010-3237
Cisco IPS Signature 30461-0
Cisco Security MARS
9.3
Microsoft Office Excel Function Processing Arbitrary Code Execution Vulnerability
CVE-2010-3238
9.3
Microsoft Office Excel Record Parsing Out-of-Bounds Memory Operation Vulnerability
CVE-2010-3239
Cisco IPS Signature 30279-0
Cisco Security MARS
9.3
Microsoft Office Excel Real-Time Data Record Processing Arbitrary Code Execution Vulnerability
CVE-2010-3240
9.3
Microsoft Office Excel Document Parsing Memory Corruption Vulnerability
CVE-2010-3241
9.3
Microsoft Office Excel Ghost Record Parsing Arbitrary Code Execution Vulnerability
CVE-2010-3242
Cisco IPS Signature 30659-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS10-081

Vulnerability in Windows Common Control Library Could Allow Remote Code Execution

Microsoft Windows Explorer Common Controls Heap Overflow Vulnerability
CVE-2010-2746
9.3

Microsoft Security Bulletin MS10-082

Vulnerability in Windows Media Player Could Allow Remote Code Execution

Microsoft Windows Media Player Object Deallocation Memory Corruption Vulnerability
CVE-2010-2745
9.3

Microsoft Security Bulletin MS10-083

Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution

Microsoft Office COM Object Validation Arbitrary Code Execution Vulnerability
CVE-2010-1263
9.3

Microsoft Security Bulletin MS10-084

Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege

Microsoft Windows Local Procedure Call Privilege Escalation Vulnerability
CVE-2010-3222
6.8

Microsoft Security Bulletin MS10-085

Vulnerabilities in SChannel Could Allow Denial of Service

Microsoft Windows SChannel Malformed Certificate Handling Denial of Service Vulnerability
CVE-2010-3229
7.1

Microsoft Security Bulletin MS10-086

Vulnerability in Windows Shared Cluster Disks Could Allow Tampering

Microsoft Windows Disk Cluster Administrative Share Permission Issue
CVE-2010-3223
N/A

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco Security Monitoring, Analysis, and Response System Incidents, Cisco ACE Application Control Engine, and firewall inspection, normalization, and access control lists are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for October 2010

Impact on Cisco Products

Impact Assessment of October 2010 Microsoft Security Bulletin on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.