Cisco Event Response: Microsoft Security Bulletin Release for September 2009

September 8, 2009

Microsoft published its monthly security bulletin release on September 8, 2009. Five bulletins were released that address eight individual vulnerabilities. Microsoft rated all of the bulletins, which address vulnerabilities in the Microsoft Windows operating system, as Critical. Exploits of the vulnerabilities could allow a remote attacker to execute arbitrary code.

Cisco Security
Intelligence Operations

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin	Cisco IntelliShield Alert	CVE ID	Cisco Mitigations	CVSS Base Score
Microsoft Security Bulletin MS09-045 Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution	Microsoft Windows JavaScript Engine Arbitrary Code Execution Vulnerability	CVE-2009-1920	Cisco IPS Signature 20699-0 Cisco Security MARS	9.3
Microsoft Security Bulletin MS09-046 Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution	Microsoft Windows DHTML Editing Component ActiveX Control Remote Code Execution Vulnerability	CVE-2009-2519	Cisco IPS Signature 20800-0 Cisco ASA/PIX/FWSM Cisco ACE Cisco Security MARS Cisco IOS Netflow	9.3
Microsoft Security Bulletin MS09-047 Vulnerabilities in Windows Media Format Could Allow Remote Code Execution	Microsoft Windows ASF Header Processing Arbitrary Code Execution Vulnerability	CVE-2009-2498	Cisco IPS Signature 20779-0 Cisco Security MARS	9.3
	Microsoft Windows MP3 Playback Memory Corruption Vulnerability	CVE-2009-2499	Cisco IPS Signature 20780-0 Cisco Security MARS	9.3
Microsoft Security Bulletin MS09-048 Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution	Multiple Vendor TCP/IP Window Size Processing Denial of Service Vulnerability	CVE-2008-4609	Cisco Security MARS Cisco IOS Netflow Cisco IPS Signature 20643	7.8
	Microsoft Windows TCP/IP Timestamp Packet Processing Code Execution Vulnerability	CVE-2009-1925	Cisco IPS Signature 1330-16 Cisco ASA/PIX/FWSM Cisco ACE Cisco Security MARS Cisco IOS Netflow	10.0
	Microsoft Windows TCP/IP Connection Exhaustion Denial of Service Vulnerability	CVE-2009-1926	Cisco IPS Signature 20644-0, 1330-18 Cisco Security MARS Cisco IOS Netflow	7.8
Microsoft Security Bulletin MS09-049 Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution	Microsoft Windows Wireless LAN Frame Parsing Arbitrary Code Execution Vulnerability	CVE-2009-1132	–	9.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, Cisco Security Monitoring, Analysis, and Response System Incidents, Cisco ACE Application Control Engine, and firewall inspection are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for September 2009

Impact on Cisco Products

Impact Assessment of September 2009 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.