Microsoft Windows Security Bulletin MS03-039 for Cisco CallManager

September 12, 2003

• More Field Notices

Products Affected

Problem Description

Microsoft Corporation recently announced a security vulnerability in its Windows Operating System which hosts several Cisco applications including Cisco CallManager server, Cisco Conference Connection (CCC), Cisco Emergency Responder (CER), Cisco IP Contact Center (IPCC) Express and PA applications. This security vulnerability is in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface.

Additional information can be found on the Microsoft Website at the following location:

http://www.microsoft.com/technet/security/bulletin/ms03-039.asp

Background

A stack-based buffer overflow condition has been discovered in the Microsoft RPC interface for DCOM. This is a core function of the Windows kernel, and cannot be disabled. Since this is a kernel function, implemented via SVCHOST.EXE, successful attacks result in System privilege. Specially crafted messages sent to port 135 exploit the buffer overflow

Problem Symptoms

As of Thursday September 11 2003, there are no known worms that exploit the vulnerability. Problem symptoms will be updated as soon as information becomes available.

Workaround/Solution

The Cisco tested MS03-039, win-K9-MS03-039.exe, hotfix has been posted to Cisco Connection Online (CCO). You can download this and other Operating System (OS) updates from Cisco Connection Online

• Minimum OS requirements: OS 2000.2.4 or 2000.2.5. Cisco recommends upgrading to one of the tested versions of the OS, but any Cisco provided OS for the supported applications with Windows 2000 Service Pack (SP)2, SP3, or SP4 will be supported for this hotfix.

• Affected Cisco IP Telephony Applications: All versions of Cisco CallManager and all compatible versions of Cisco IP Interactive Voice Response (IP IVR), Cisco IP Call Center Express (IPCC Express), Cisco Personal Assistant (PA), Cisco Emergency Responder (CER), Cisco Conference Connection (CCC), and Cisco Internet Service Node (ISN).

• Supported Servers: All Cisco Media Convergence Servers (MCS), Cisco Integrated Communications System, ICS-7750 EXCEPT on SPEs running Cisco Unity, and Cisco-approved, customer-provided Compaq/HP and IBM servers

• This Microsoft hotfix MS03-039 supersedes MS02-026. Please apply win-K9-MS03-039.exe. win-K9-MS03-026.exe has been removed from CCO

To receive proactive email notification for future OS or Cisco CallManager software postings follow this URL: http://www.cisco.com/warp/public/779/largeent/software_patch.html

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

• Open a service request on Cisco.com
• By email
• By telephone