Microsoft announced eight security bulletins that contain 21 vulnerabilities as part of the monthly security bulletin release on April 14, 2009. A summary of these bulletins is on the Microsoft website at http://www.microsoft.com/technet/security/bulletin/ms09-ap r.mspx. This document highlights the vulnerabilities that can be effectively identified and/or mitigated using Cisco network devices.
The vulnerabilities that have a client software attack vector, require user interaction, or can be exploited through web-based attacks such as cross-site scripting or phishing are in the following list:
One vulnerability for MS09-016 (CVE Identifier CVE-2009-0077) has a network mitigation. Cisco devices provide a countermeasure for the vulnerability that has a network attack vector, which will be discussed in detail later in this document.
Information about affected and unaffected products is available in the respective Microsoft advisories and the IntelliShield alerts that are referenced in the following table. In addition, multiple Cisco products use Microsoft operating systems as their base operating system. Cisco products that may be affected by the vulnerabilities described in the referenced Microsoft advisories are detailed in the "Associated Products" table in the "Product Sets" section.
MS09-016, Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (KB961759): These vulnerabilities have been assigned CVE identifiers CVE-2009-0077 and CVE-2009-0237.
Vulnerability CVE-2009-0077 can be exploited remotely without authentication and without user interaction. Successful exploitation of this vulnerability may result in a denial of service (DoS) condition. Repeated attempts to exploit this vulnerability could result in a sustained DoS condition. The attack vector for exploitation of CVE-2009-0077 is through HTTP using TCP port 80 packets.
Vulnerability CVE-2009-0237 can be exploited remotely without authentication and requires user interaction. Successful exploitation of this vulnerability may allow arbitrary script execution or allow information disclosure, which enables an attacker to learn information about the affected device. The attack vector is through HTTP using TCP port 80. Due to the nature of cross-site scripting vulnerabilities, no additional information will be presented in this bulletin. For additional information about cross-site scripting attacks and the methods used to exploit these vulnerabilities, refer to the Cisco Applied Mitigation Bulletin Understanding Cross-Site Scripting (XSS) Threat Vectors.
The vulnerabilities that have a client software attack vector, require user interaction, or can be exploited through web-based attacks such as cross-site scripting or phishing are in the following list:
These vulnerabilities are best mitigated at the endpoint through software updates, user education, desktop administration best practices, and endpoint protection software such as Cisco Security Agent Host Intrusion Prevention System (HIPS) or antivirus products.
One vulnerability for MS09-016 (CVE Identifier CVE-2009-0077) has a network mitigation. Cisco devices provide a countermeasure for the vulnerability that has a network attack vector, which will be discussed in detail later in this document.
On Cisco PIX Security Appliances, Cisco ASA Adaptive Security Appliances, and Firewall Service Modules (FWSM) for Cisco Catalyst 6500 Switches and Cisco 7600 Routers, packets exploiting this vulnerability are dropped by default which offers effective mitigation for vulnerability CVE-2009-0077.
This protection mechanism filters and drops packets that are attempting to exploit the vulnerability that has a network attack vector.
On Cisco ACE Application Control Engine Appliance and Module, packets exploiting this vulnerability are dropped by default which offers effective mitigation for vulnerability CVE-2009-0077.
Effective use of Cisco Intrusion Prevention System (IPS) event actions provides visibility into and protection against attacks that attempt to exploit these vulnerabilities as discussed later in this document.
Cisco ASA and Cisco PIX security appliances can provide visibility through the counter values displayed in the output from show commands.
The Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) appliance can also provide visibility through incidents, queries, and event reporting.
Risk Management
Organizations are advised to follow their standard risk evaluation and mitigation processes to determine the potential impact of these vulnerabilities. Triage refers to sorting projects and prioritizing efforts that are most likely to be successful. Cisco has provided documents that can help organizations develop a risk-based triage capability for their information security teams. Risk Triage for Security Vulnerability Announcements and Risk Triage and Prototyping can help organizations develop repeatable security evaluation and response processes.
Caution: The effectiveness of any mitigation technique depends on specific customer situations such as product mix, network topology, traffic behavior, and organizational mission. As with any configuration change, evaluate the impact of this configuration prior to applying the change.
Specific information about mitigation and identification is available for these devices:
The TCP normalization feature identifies abnormal packets that the security appliance can act on when they are detected; for example, the security appliance can allow, drop, or clear the packets. The TCP normalizer includes non-configurable actions and configurable actions. Typically, non-configurable actions that drop or clear connections apply to packets that are considered malicious. TCP Normalization is available beginning in software release 7.0(1) for the Cisco ASA 5500 Series Adaptive Security Appliance and the Cisco PIX 500 Series Security Appliance and in software release 3.1(1) for the Firewall Services Module.
TCP normalization is enabled by default and drops packets that may exploit CVE-2009-0077. Protection against packets that may exploit CVE-2009-0077 is a non-configurable TCP normalization action; no configuration changes are required to enable this functionality.
For the Cisco ASA 5500 Series Adaptive Security Appliance and the Cisco PIX 500 Series Security Appliance the show asp drop command can identify the number of packets that the TCP normalization feature has dropped, as shown in the following example:
firewall# show asp drop frame
tcp-rstfin-ooo TCP RST/FIN out of order (tcp-rstfin-ooo) 11
firewall#
In the preceding example, TCP normalization has dropped 11 RST or FIN packets with the incorrect TCP sequence number. Absence of TCP RST/FIN out of order (tcp-rstfin-ooo) output indicates that TCP normalization on the firewall has not dropped any RST or FIN packets with incorrect TCP sequence numbers.
Due to architectural differences, the show asp drop output is not available for the Firewall Services Module.
For additional information about debugging accelerated security path dropped packets or connections, reference the Cisco Security Appliance Command Reference for show asp drop.
TCP normalization is a Layer 4 feature that consists of a series of checks that the Cisco ACE performs at various stages of a flow, beginning with the initial connection setup through the closing of a connection.Many of the segment checks can be controlled or altered by configuring one or more advanced TCP connection settings. The ACE uses these TCP connection settings to decide which checks to perform and whether to discard a TCP segment based on the results of the checks. The ACE discards segments that appear to be abnormal or malformed.
TCP normalization is enabled by default and drops packets that may exploit CVE-2009-0077. Protection against packets that may exploit CVE-2009-0077 is a non-configurable TCP normalization action; no configuration changes are required to enable this functionality.
The Cisco ACE Application Control Engine Appliance and Module does not provide show command output for packets dropped while attempting to exploit CVE-2009-0077.
Administrators can use the Cisco Intrusion Prevention System (IPS) appliances and services modules to provide threat detection and help prevent attempts to exploit several of the vulnerabilities described in this document. The following table provides an overview of CVE identifiers and the respective Cisco IPS signatures that will trigger events on potential attempts to exploit these vulnerabilities.
CVE ID
Signature Release
Signature ID
Signature Name
Enabled
Severity
Fidelity*
Notes
CVE-2009-0100
S393
16414-0
Microsoft Excel Remote Code Execution
Yes
High
85
CVE-2009-0238
S393
16413-0
Microsoft Excel Remote Code Execution
Yes
High
85
S385
15733-0
MS Excel Invalid Object Arbitrary Code Execution
Yes
High
90
CVE-2008-4841
S393
16514-0
WordPad Word 97 Text Converter Vulnerability
Yes
High
90
CVE-2009-0087
S393
16373-0
Buffer Overflow In Wordpad And Office Text Converters
Yes
High
90
CVE-2009-0088
S393
16433-0
Microsoft Office Text Converter Buffer Overflow
Yes
High
90
CVE-2009-0235
S393
16475-0
Microsoft Wordpad Word 97 Text Converter Code Execution Vulnerability
Yes
High
90
CVE-2009-0084
S393
16513-0
Microsoft DirectShow MJPEG Decompression Vulnerability
Yes
High
90
CVE-2009-0086
S179
5245-0
HTTP 1.1 Chunked Encoding Transfer
Yes
Medium
100
S393
12693-0
Define Tranfer-Encoding Chunked
No
Low
55
CVE-2009-0550
S393
16476-0
Windows HTTP Services Credential Reflection Vulnerability
Yes
90
High
Meta
16476-1
Windows HTTP Services Credential Reflection Vulnerability
Yes
60
Info
Meta-Component #1
16476-2
Windows HTTP Services Credential Reflection Vulnerability
Yes
60
Info
Meta-Component #2
16476-3
Windows HTTP Services Credential Reflection Vulnerability
Yes
60
Info
Meta-Component #3
16476-4
Windows HTTP Services Credential Reflection Vulnerability
Yes
60
Info
Meta-Component #4
CVE-2009-0551
S393
16415-0
MS IE Remote Code Execution
Yes
High
95
CVE-2009-0552
S393
16416-0
MS IE Remote Code Execution
Yes
High
95
CVE-2009-0553
S393
16473-0
Internet Explorer Memory Corruption Vulnerability
Yes
High
80
CVE-2009-0554
S393
16474-0
IE Uninitialized Memory Corruption
Yes
High
80
CVE-2009-0237
S393
16494-0
ISA Server Cross Site Scripting Vulnerability
Yes
High
95
* Fidelity is also referred to as Signature Fidelity Rating (SFR) and is the relative measure of the accuracy of the signature (predefined). The value ranges from 0 through 100 and is set by Cisco Systems, Inc.
Administrators can configure Cisco IPS sensors to perform an event action when an attack is detected. The configured event action performs preventive or deterrent controls to help protect against an attack that is attempting to exploit the vulnerabilities listed in the preceding table.
Cisco IPS sensors are most effective when deployed in inline protection mode combined with the use of an event action. Automatic Threat Prevention for Cisco IPS 6.x sensors that are deployed in inline protection mode provides threat prevention against an attack that is attempting to exploit the vulnerability that is described in this document. Threat prevention is achieved through a default override that performs an event action for triggered signatures with a riskRatingValue greater than 90.
Cisco IPS 5.x sensors that are deployed in inline protection mode require an event action configured on a per-signature basis. Alternatively, administrators can configure an override that can perform an event action for any signatures that are triggered and are calculated as a high-risk threat. Using an event action on sensors deployed in inline protection mode provides the most effective exploit prevention.
The following data has been compiled through remote monitoring services provided by the Cisco Remote Management Services team from a sample group of Cisco IPS sensors running Cisco IPS Signature Update version S393 or greater. The purpose of this data is to provide visibility into attempts to exploit the vulnerabilities released as part of the Microsoft April Security Update released on April 14, 2009. This data was gathered from events triggered on May 12, 2009.
CVE ID
Signature ID
Percentage of Sensors Reporting the Signature
Percentage of Sensors Reporting the Signature Among Top Ten Most-Seen Events
Identification: Cisco Security Monitoring, Analysis, and Response System Incidents
The Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) appliance can create incidents on events for the following Microsoft Security Bulletins. After the S393 dynamic signature update has been downloaded, using the following keywords for each of the respective IPS signatures and a query type of All Matching Event Raw Messages on the Cisco Security MARS appliance will provide a report that lists the incidents created by these IPS signatures.
Microsoft ID
Signature IDs
MARS Query Keywords
MS09-009
16413-0
NR-16413
16414-0
NR-16414
15733-0
NR-15733
MS09-010
16373-0
NR-16373
16433-0
NR-16433
16475-0
NR-16475
16514-0
NR-16514
MS09-011
16513-0
NR-16513
MS09-013
5245-0
NR-5245
12693-0
NR-12693
16476-0
NR-16476
16476-1
NR-16476
16476-2
NR-16476
16476-3
NR-16476
16476-4
NR-16476
MS09-014
16476-0
NR-16476
16476-1
NR-16476
16476-2
NR-16476
16476-3
NR-16476
16476-4
NR-16476
16415-0
NR-16415
16416-0
NR-16416
16473-0
NR-16473
16474-0
NR-16474
MS09-016
16494-0
NR-16494
Beginning with the 4.3.1 and 5.3.1 releases of Cisco Security MARS appliances, support for the Cisco IPS dynamic signature updates feature has been added. This feature downloads new signatures from Cisco.com or from a local web server, correctly processes and categorizes received events that match those signatures, and includes them in inspection rules and reports. These updates provide event normalization and event group mapping, and they also enable the MARS appliance to parse new signatures from the IPS devices.
Caution: If dynamic signature updates are not configured, events that match these new signatures appear as unknown event type in queries and reports. Because MARS will not include these events in inspection rules, incidents may not be created for potential threats or attacks that occur within the network.
By default, this feature is enabled but requires configuration. If it is not configured, the following Cisco Security MARS rule will be triggered:
System
Rule: CS-MARS IPS Signature Update Failure
When this feature is enabled and configured, administrators can determine the current signature version downloaded by MARS by selecting Help > About and reviewing the IPS Signature Version value.
Additional information about dynamic signature updates and instructions for configuring dynamic signature updates are available for the Cisco Security MARS 4.3.1 and 5.3.1 releases.
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vuln erability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.
Version 4, April 30, 2009 10:23 AM: IPS signature event data from Cisco Remote Management Services is available for IPS signatures from April 28, 2009.
Version 3, April 23, 2009, 3:15 PM: IPS signature event data from Cisco Remote Management Services is available for IPS signatures from April 21, 2009.
Version 2, April 17, 2009, 4:33 PM: IPS signature event data from Cisco Remote Management Services is available for IPS signatures from April 16, 2009.
Version 1, April 14, 2009, 3:15 PM: This initial version of the Cisco Applied Mitigation Bulletin addresses the Microsoft Security Bulletin Release for April 2009.
Datacenter Edition Base | Datacenter Edition, 64-bit Base | Enterprise Edition Base | Enterprise Edition, 64-bit Base | Essential Business Server Premium Base | Essential Business Server Premium, 64-bit Base | Essential Business Server Standard Base | Itanium-Based Systems Edition Base | Standard Edition Base | Standard Edition, 64-bit Base | Web Server Base | Web Server, 64-bit Base
Microsoft, Inc.
Windows Vista
Business Base, SP1 | Business x64 Edition Base, SP1 | Enterprise Base, SP1 | Enterprise x64 Edition Base, SP1 | Home Basic Base, SP1 | Home Basic x64 Edition Base, SP1 | Home Premium Base, SP1 | Home Premium x64 Edition Base, SP1 | Ultimate Base, SP1 | Ultimate x64 Edition Base, SP1
Microsoft, Inc.
Windows XP
Home Edition Base, SP1, SP2, SP3 | Professional Edition Base, SP1, SP2, SP3 | Professional x64 (AMD/EM64T) Base, SP2
Associated Products:
Cisco
Cisco Broadband Troubleshooter
3.1 Base | 3.2 Base | Original Release Base
Cisco
Cisco Building Broadband Service Manager (BBSM)
2.5 .1 | 3.0 Base | 4.0 .1, Base | 4.2 Base | 4.3 Base | 4.4 Base | 4.5 Base | 5.0 Base | 5.1 Base | 5.2 Base | Original Release Base
Cisco
Cisco CNS Network Registrar
2.5 Base | 3.0 Base | 3.5 .1, Base | 5.0 Base | 5.5 .13, Base | 6.0 .5, .5.2, .5.3, .5.4 | 6.1 .1, .1.1, .1.2, .1.3, .1.4, Base
Cisco
Cisco Collaboration Server
3.0 Base | 3.01 Base | 3.02 Base | 4.0 Base | 5.0 Base
Cisco
Cisco Collaboration Server Dynamic Content Adapter
1.0 Base | 2.0 (1)_SR2, Base | Original Release Base
Cisco IP Interoperability and Collaboration System
1.0 (1.1)
Cisco
Cisco IP Queue Manager
2.2 Base
Cisco
Cisco Media Blender
3.0 Base | 4.0 Base | 5.0 (0)_SR1, (0)_SR2, Base | Original Release Base
Cisco
Cisco Networking Services for Active Directory
Original Release Base
Cisco
Cisco Outbound Option
Original Release Base
Cisco
Cisco Personal Assistant
1.0 (1), Base | 1.1 Base | 1.3 .1, .2, .3, .4, Base | 1.4 .2, .3, .4, .5, .6, Base
Cisco
Cisco Remote Monitoring Suite Option
1.0 Base | 2.0 (0)_SR1, Base
Cisco
Cisco Secure Access Control Server (ACS) for Windo
2.6 Base | 2.6.3.2 Base | 2.6.4 Base | 2.6.4.4 Base | 3.0 Base | 3.0.1 Base | 3.0.1.40 Base | 3.0.2 Base | 3.0.3 Base | 3.0.3.6 Base | 3.0.4 Base | 3.1.1 Base | 3.1.1.27 Base | 3.1.2 Base | 3.2 Base | 3.2.1 Base | 3.2.3 Base | 3.3.1 Base | 3.3.1.16 Base | 3.3.2.2 Base | 3.3.3.11 Base | 4.0 Base | 4.0.1 Base | 4.0.1.27 Base | 4.1.1.23 Base
Cisco
Cisco Secure Access Control Server Solution Engine
3.1 .1, Base | 3.2 .1.20, .2.5 , .3, Base | 3.3 .1, .1.16, .2.2, .3, .4, .4.12, Base | 4.0 .1, .1.42, .1.44, .1.49, Base | 4.1 .1.23, .1.23.3, .3, .3.12, Base
Cisco
Cisco Secure User Registration Tool (URT)
1.2 .1, Base | 2.0 .7, .8, Base | 2.5 .1, .2, .3, .4, .5, Base | Original Release Base
2.0 Base | 2.1 Base | 2.2 .1, Base | 3.0 .1, .2, Base | 3.1 Base | 3.2 Base | 4.0 Base | 4.1 .4, .6, .6.6.1, Base | 4.6 Base | 4.7 Base | 5.0 .0.867.2, .1.873.2, .2, .2.105.1, .2.110.1, .2.92.1, .2.99.1, Base | 6.0 .0.405.1, .0.407.1, .0.412.1, Base | 7.0 .0.370.1, .0.372.1, .0.377.1 , .0.389.1, .0.400.1, .395.1, Base | 7.2 .0.199.1, Base | Original Release Base
Cisco
Cisco Unified Communications Manager
1.0 Base | 2.0 Base | 3.0 Base | 3.0.3(a) Base | 3.1 .1, .2, .3a, Base | 3.1(1) Base | 3.1(2) Base | 3.1(2)SR3 Base | 3.1(3) Base | 3.1(3)SR2 Base | 3.1(3)SR4 Base | 3.2 Base | 3.2(3)SR3 Base | 3.3 Base | 3.3(2)SPc Base | 3.3(3) Base | 3.3(3)ES61 Base | 3.3(3)SR3 Base | 3.3(3)SR4a Base | 3.3(3a) Base | 3.3(4) Base | 3.3(4)ES25 Base | 3.3(4)SR2 Base | 3.3(4c) Base | 3.3(5) Base | 3.3(5)ES24 Base | 3.3(5)SR1 Base | 3.3(5)SR1a Base | 3.3(5)SR2 Base | 3.3(5)SR2a Base | 3.3(5)SR3 Base | 3.3(59) Base | 3.3(61) Base | 3.3(63) Base | 3.3(64) Base | 3.3(65) Base | 3.3(66) Base | 3.3(67.5) Base | 3.3(68.1) Base | 3.3(71.0) Base | 3.3(74.0) Base | 3.3(76) Base | 3.3(78) Base | 4.0 .1, .2 | 4.0(2a)ES40 Base | 4.0(2a)ES56 Base | 4.0(2a)SR2b Base | 4.0(2a)SR2c Base | 4.1 Base | 4.1(17) Base | 4.1(19) Base | 4.1(2) Base | 4.1(2)ES33 Base | 4.1(2)ES50 Base | 4.1(2)SR1 Base | 4.1(22) Base | 4.1(23) Base | 4.1(25) Base | 4.1(26) Base | 4.1(27.7) Base | 4.1(28.2) Base | 4.1(3) Base | 4.1(3)ES Base | 4.1(3)ES07 Base | 4.1(3)ES24 Base | 4.1(3)SR Base | 4.1(3)SR1 Base | 4.1(3)SR2 Base | 4.1(3)SR3 Base | 4.1(3)SR3b Base | 4.1(3)SR3c Base | 4.1(3)SR4 Base | 4.1(3)SR4b Base | 4.1(3)SR4d Base | 4.1(3)SR5 Base | 4.1(30.4) Base | 4.1(36) Base | 4.1(39) Base | 4.1(4) Base | 4.1(9) Base | 4.2(1.02) Base | 4.2(1.05.3) Base | 4.2(1.06) Base | 4.2(1.07) Base | 4.2(1) Base | 4.2(1)SR1b Base | 4.2(3.08) Base | 4.2(3.13) Base | 4.2(3.2.3) Base | 4.2(3.3) Base | 4.2(3) Base | 4.2(3)SR1 Base | 4.2(3)SR2 Base | 4.3(1.57) Base | 4.3(1) Base | 4.3(1)SR Base | Original Release Base
4.3 Base | 5.2 Base | 5.3 Base | 5.4 Base | 6.0 Base
Cisco
Cisco Unified MeetingPlace Express
1.1 Base | 1.2 Base | 2.0 Base
Cisco
Cisco Unity
2.0 Base | 2.1 Base | 2.2 Base | 2.3 Base | 2.4 Base | 2.46 Base | 3.0 .1, Base | 3.1 .2, .3, .5, .6, Base | 3.2 Base | 3.3 Base | 4.0 .1, .2, .3, .3b, .4, .5, Base | 4.1 .1, Base | 4.2 .1, .1 ES27, Base | 5.0 (1) | 7.0 (2) | Original Release Base
Cisco
Cisco Unity Express
1.0.2 Base | 1.1.1 Base | 1.1.2 Base | 2.0.1 Base | 2.0.2 Base | 2.1.1 Base | 2.1.2 Base | 2.1.3 Base | 2.2.0 Base | 2.2.1 Base | 2.2.2 Base | 2.3.0 Base | 2.3.1 Base
Cisco
Cisco Wireless Control System (WCS) Software
1.0 Base | 2.0 44.14, 44.24, Base | 2.2 .0, .111.0 | 3.0 .101.0 , .105.0, Base | 3.1 .20.0, .33.0, .35.0, Base | 3.2 .23.0, .25.0, .40.0, .51.0, .64.0, Base | 4.0 .1.0, .43.0, .66.0, .81.0, .87.0, .96.0, .97.0, Base | 4.1 .83.0, Base
Cisco
CiscoWorks IP Telephony Environment Monitor (ITEM)
1.3 Base | 1.4 Base | 2.0 Base
Cisco
CiscoWorks LAN Management Solution (LMS)
1.3 Base | 2.2 Base | 2.5 Base | 2.6 Base
Cisco
CiscoWorks QoS Policy Manager (QPM)
2.0 .1, .2, .3, Base | 2.1 .2 | 3.0 .1, Base | 3.1 Base | 3.2 .1, .2, .3, Base
Cisco
CiscoWorks Routed WAN Management Solution (RWAN)
1.0 Base | 1.1 Base | 1.2 Base | 1.3 .1, Base
Cisco
CiscoWorks Small Network Management Solution (SNMS
1.0 Base | 1.5 Base
Cisco
CiscoWorks VPN/Security Management Solution (VMS)
1.0 Base | 2.0 Base | 2.1 Base | 2.2 Base | 2.3 Base
Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the
Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service.
This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment. Cisco is pleased to offer a free trial of the service.
To register for full access, please visit the IntelliShield trial registration page.
LEGAL DISCLAIMER The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
