Cisco Event Response: Microsoft Security Bulletin Release for October 2011

October 11, 2011

Microsoft published its monthly security bulletin release on October 11, 2011. Eight total bulletins were released that address 23 individual vulnerabilities. The bulletins address vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Host Integration Server, Microsoft .NET and Silverlight, and Microsoft Forefront Unified Access Gateway. The vulnerabilities could allow an attacker to cause a denial of service condition, gain access to sensitive information, or execute arbitrary code on a targeted system.

 


Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS11-075

Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution

Microsoft Windows Active Accessibility Insecure Library Loading Vulnerability
CVE-2011-1247
Cisco IOS tACL, Cisco IOS NetFlow, Cisco ASA/FWSM
9.3

Microsoft Security Bulletin MS11-076

Vulnerability in Windows Media Center Could Allow Remote Code Execution

Microsoft Windows Media Center Insecure Library Loading Arbitrary Code Execution Vulnerability
CVE-2011-2009
Cisco IPS Signature 39787/0, Cisco Security MARS
9.3

Microsoft Security Bulletin MS11-077

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

Microsoft Windows Win32k Kernel Driver Null Pointer Dereference Privilege Escalation Vulnerability
CVE-2011-1985
Cisco IPS Signature 39786/0, Cisco Security MARS
6.8
Microsoft Windows Win32k Kernel Driver TrueType Font Processing Denial of Service Vulnerability
CVE-2011-2002
Cisco IOS tACL, Cisco IOS NetFlow, Cisco ASA/FWSM, Cisco ACE
7.1
Microsoft Windows Win32k Kernel Driver Font Library Processing Buffer Overflow Vulnerability
CVE-2011-2003
Cisco IPS Signature 39686/0, Cisco IOS tACL, Cisco IOS NetFlow, Cisco ASA/FWSM, Cisco ACE
9.3
Microsoft Windows Win32k Kernel Driver Use-After-Free Privilege Escalation Vulnerability
CVE-2011-2011
6.8

Microsoft Security Bulletin MS11-078

Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution

Microsoft .NET and Silverlight Class Inheritance Arbitrary Code Execution Vulnerability
CVE-2011-1253
Cisco IPS Signature 39606/0, Cisco Security MARS
9.3

Microsoft Security Bulletin MS11-079

Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution

Microsoft Forefront Unified Access Gateway HTTP Response Splitting Vulnerability
CVE-2011-1895
Cisco IPS Signature 39687/0, Cisco Security MARS
4.3
Microsoft Forefront Unified Access Gateway Reflected Cross-Site Scripting Vulnerability
CVE-2011-1896
Cisco IPS Signature 39706/0 Cisco Security MARS
4.3
Microsoft Forefront Unified Access Gateway JavaScript Reflection Cross-Site Scripting Vulnerability
CVE-2011-1897
Cisco IPS Signature 39626/0, Cisco Security MARS
4.3
Microsoft Forefront Unified Access Gateway Java Applet Arbitrary Code Execution Vulnerability
CVE-2011-1969
9.3
Microsoft Forefront Unified Access Gateway Null Session Cookie Processing Denial of Service Vulnerability
CVE-2011-2012
Cisco IPS Signature 39846/0, Cisco Security MARS
5.0

Microsoft Security Bulletin MS11-080

Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege

Microsoft Windows Ancillary Function Driver Local Privilege Escalation Vulnerability
CVE-2011-2005
Cisco IPS Signature 39666/0, Cisco Security MARS
6.8

Microsoft Security Bulletin MS11-081

Cumulative Security Update for Internet Explorer

Microsoft Internet Explorer Scroll Event Object Processing Arbitrary Code Execution Vulnerability
CVE-2011-1993
Cisco IPS Signature 39746/0, Cisco Security MARS
9.3
Microsoft Internet Explorer oleauto32.dll Memory Corruption Vulnerability
CVE-2011-1995
Cisco IPS Signature 39546/0, Cisco MARS
9.3
Microsoft Internet Explorer option Element Processing Arbitrary Code Execution Vulnerability
CVE-2011-1996
Cisco IPS Signature 39726/0, Cisco Security MARS
9.3
Microsoft Internet Explorer OnLoad Event Processing Arbitrary Code Execution Vulnerability
CVE-2011-1997
Cisco IPS Signature 39566/0, Cisco Security MARS
9.3
Microsoft Internet Explorer jscript9.dll Memory Corruption Vulnerability
CVE-2011-1998
Cisco IPS Signature 39826/0, Cisco Security MARS
9.3
Microsoft Internet Explorer select Element Processing Arbitrary Code Execution Vulnerability
CVE-2011-1999
Cisco IPS Signature 39608/0, Cisco Security MARS
9.3
Microsoft Internet Explorer Body element Object Processing Arbitrary Code Execution Vulnerability
CVE-2011-2000
Cisco IPS Signature 39766/0, Cisco Security MARS
9.3
Microsoft Internet Explorer Virtual Function Table Processing Arbitrary Code Execution Vulnerability
CVE-2011-2001
Cisco IPS Signature 39806/0, Cisco Security MARS
9.3

Microsoft Security Bulletin MS11-082

Vulnerabilities in Host Integration Server Could Allow Denial of Service

Microsoft Host Integration Server Packet Processing Denial of Service Vulnerability
CVE-2011-2007
Cisco IPS Signature 39607/0, Cisco IOS tACL, Cisco IOS NetFlow, Cisco ASA/FWSM, Cisco Security MARS
5.0
Microsoft Host Integration Server Packet Processing Denial of Service Vulnerability
CVE-2011-2008
Cisco IOS tACL, Cisco IOS NetFlow, Cisco ASA/FWSM
5.0

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco IOS access control lists; Cisco Intrusion Prevention System (IPS) signatures; Cisco IOS NetFlow; Cisco Security Monitoring, Analysis, and Response System Incidents; Cisco ACE Application Control Engine; and firewall inspection, and access control lists are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for October 2011

Impact on Cisco Products

Customers should evaluate the Microsoft security bulletins and associated software updates for any potential impacts to Cisco Contact Center products. Please refer to the Cisco Customer Contact Software Policy for using Microsoft security updates on products deployed on a retail installation of Windows operating system for additional information.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.