Cisco Event Response: Microsoft Security Bulletin Release for September 2009

September 8, 2009

Microsoft published its monthly security bulletin release on September 8, 2009. Five bulletins were released that address eight individual vulnerabilities. Microsoft rated all of the bulletins, which address vulnerabilities in the Microsoft Windows operating system, as Critical. Exploits of the vulnerabilities could allow a remote attacker to execute arbitrary code.

 

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS09-045

Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution

Microsoft Windows JavaScript Engine Arbitrary Code Execution Vulnerability
CVE-2009-1920
Cisco IPS Signature 20699-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS09-046

Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution

Microsoft Windows DHTML Editing Component ActiveX Control Remote Code Execution Vulnerability
CVE-2009-2519
Cisco IPS Signature 20800-0
Cisco ASA/PIX/FWSM
Cisco ACE
Cisco Security MARS
Cisco IOS Netflow
9.3

Microsoft Security Bulletin MS09-047

Vulnerabilities in Windows Media Format Could Allow Remote Code Execution

Microsoft Windows ASF Header Processing Arbitrary Code Execution Vulnerability
CVE-2009-2498
Cisco IPS Signature 20779-0
Cisco Security MARS
9.3
Microsoft Windows MP3 Playback Memory Corruption Vulnerability
CVE-2009-2499
Cisco IPS Signature 20780-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS09-048

Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution

Multiple Vendor TCP/IP Window Size Processing Denial of Service Vulnerability
CVE-2008-4609
Cisco Security MARS
Cisco IOS Netflow
Cisco IPS Signature 20643
7.8
Microsoft Windows TCP/IP Timestamp Packet Processing Code Execution Vulnerability
CVE-2009-1925
Cisco IPS Signature 1330-16
Cisco ASA/PIX/FWSM
Cisco ACE
Cisco Security MARS
Cisco IOS Netflow
10.0
Microsoft Windows TCP/IP Connection Exhaustion Denial of Service Vulnerability
CVE-2009-1926
Cisco IPS Signature 20644-0, 1330-18
Cisco Security MARS
Cisco IOS Netflow
7.8

Microsoft Security Bulletin MS09-049

Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution

Microsoft Windows Wireless LAN Frame Parsing Arbitrary Code Execution Vulnerability
CVE-2009-1132
9.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, Cisco Security Monitoring, Analysis, and Response System Incidents, Cisco ACE Application Control Engine, and firewall inspection are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for September 2009

Impact on Cisco Products

Impact Assessment of September 2009 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.