|
|
|
|
|
Microsoft Bulletin Update |
 |
|
|
|
 |
| Providing 24x7x365 remote security management, monitoring, and remediation for today's networks. |
|
| Did you know IPS customers already have Cisco IntelliShield search access? |
 |
| Register your free account here |
|
|
|
|
|
Your feedback makes our bulletin better! Please tell us what you love and what you would change at ips-news@cisco.com.
Please click here to view a web version of this bulletin.
Visit the Cisco Event Response for more information, analysis, and guidance on this month's
Microsoft Security Bulletin Release.
Please click here to download the latest IPS signature update package (sensor only).
Please click here to download the latest Cisco Security Manager (CSM) signature update package.
Download the S657 sensor package (sensor only).
|
Important Notes
|
IOS IPS Important Notice
IOS IPS customers running version 12.4T, 15.0M, or 15.1M - a critical software defect has been identified which may cause your router to reload and be stuck in a boot loop if IOS IPS signature version S639 or later is installed on the device. Recovery of impacted devices is possible only via a serial console connection through the device's ROMMON mode. For customers who are using IOS IPS signatures S638 or earlier, there is no issues. Customers wishing to upgrade the IOS IPS signature version to S639 or later must first be running a fixed version of IOS on the device prior to upgrading the IPS signatures. Fixed versions of IOS include: 15.2(4)M, 15.1(3)T4, 15.2(3)T1, 15.1(4)M5, 12.4(24)T8 and later. Please refer to defect CSCtz27137 for additional details and steps to recover impacted devices. A link to download the latest Cisco IOS software for your device is provided below. If you need further assistance please contact Cisco TAC.
IOS Software Download |
| |
WARNING: CISCO.COM IP ADDRESS CHANGE IN AUTO UPDATE CONFIGURATION
The 7.0(8)E4 service pack changes the default value of Cisco server IP address from 198.133.219.25 to 72.163.4.161 in the Auto Update URL configuration. Firewall rules may need to be updated to allow sensor connectivity to this new IP Address if the Cisco.com Auto Updates have been configured on your sensor. |
| |
| |
Supported Sensor Software Versions
|
Signature updates are currently tested on the following sensor software releases according to the terms
defined in the End-of-Sale Policy for Signature File Release on Intrusion Detection and Prevention (IDS/IPS) Sensors:
6.0(6) (Released: 29/MAR/2010)
6.2(4) (Released: 27/JUN/2011)
7.0(6) (Released: 13/SEP/2011) (upgrade soon!)
7.0(7) (Released: 31/JAN/2012) (upgrade soon!)
7.0(8) (Released: 29/MAY/2012) (new!)
7.1(3) (Released: 06/DEC/2011) (upgrade soon!)
7.1(4) (Released: 05/MAR/2012) (new!)
Please upgrade to one of these sensor software versions to ensure correct sensor operation and effective signature coverage.
|
|
| Release S657 - July 11, 2012 |
Release Summary
+ 6 Retired Signatures
|
New Vulnerability and Exploit Protections
Microsoft Internet Explorer Remote Arbitrary Code Execution Vulnerability
Vulnerability Disclosed: 1/14/2010, CVSS Base: 9.3, Temporal: 8.4
Microsoft Internet Explorer contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the user.
The vulnerability is due to an invalid pointer reference. An unauthenticated, remote attacker could exploit this vulnerability by creating a malicious website and convincing a targeted user to visit the site. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user.
Functional code that exploits this vulnerability on systems that run Internet Explorer 6 is publicly available.
Microsoft has confirmed this vulnerability and released software updates.
More Details:
CVE-2010-0249
Microsoft Office Rich Text Format Content Processing Buffer Overflow Vulnerability
Vulnerability Disclosed: 11/9/2010, CVSS Base: 9.3, Temporal: 6.9
Microsoft Office contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code.
The vulnerability is due to improper boundary restrictions when processing Office documents. An unauthenticated, remote attacker could exploit the vulnerability by convincing the user to view a malicious document. If successful, the attacker could execute arbitrary code with the privileges of the user.
A functional exploit that is a part of the Metasploit framework is publicly available.
Microsoft has confirmed the vulnerability in a security bulletin and released software updates.
More Details:
CVE-2010-3333
Applied Mitigation Bulletin: 21766
CVE-2010-3333
Applied Mitigation Bulletin: 21766
CVE-2010-3333
Applied Mitigation Bulletin: 21766
Cisco TelePresence Recording Server Remote Command Injection Vulnerability
Vulnerability Disclosed: 7/11/2012, CVSS Base: 8.3, Temporal: 6.9
Cisco TelePresence Recording Server contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands with elevated privileges.
The vulnerability is due to errors when processing malicious requests. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious requests to a targeted device. If successful, the attacker could execute arbitrary commands on the device with elevated privileges.
Cisco has confirmed this vulnerability in a security advisory and has released updated software.
More Details:
CVE-2012-3076
Cisco PSIRT: cisco-sa-20120711-ctrs
Cisco TelePresence Immersive Endpoint Devices API Remote Command Execution Vulnerability
Vulnerability Disclosed: 7/11/2012, CVSS Base: 8.3, Temporal: 6.9
Cisco TelePresence application programming interfaces (APIs) that are hosted on Cisco TelePresence endpoint devices contain a vulnerability related to Cisco TelePresence Immersive Endpoint System that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted device.
The vulnerability is due to improper processing of malformed requests by the affected software. An unauthenticated, remote attacker on an adjacent network could exploit this vulnerability by sending malicious requests to the device. If successful, the attacker could execute arbitrary commands on the device with elevated privileges, possibly resulting in a complete compromise.
Cisco has confirmed the vulnerability in a security advisory and released software updates.
More Details:
CVE-2012-3074
Cisco PSIRT: cisco-sa-20120711-cts
|
Updated Vulnerability and Exploit Protections
Microsoft Internet Explorer Remote Arbitrary Code Execution Vulnerability
Vulnerability Disclosed: 1/14/2010, CVSS Base: 9.3, Temporal: 8.4
Microsoft Internet Explorer contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the user.
The vulnerability is due to an invalid pointer reference. An unauthenticated, remote attacker could exploit this vulnerability by creating a malicious website and convincing a targeted user to visit the site. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user.
Functional code that exploits this vulnerability on systems that run Internet Explorer 6 is publicly available.
Microsoft has confirmed this vulnerability and released software updates.
More Details:
CVE-2010-0249
Microsoft Office Rich Text Format Content Processing Buffer Overflow Vulnerability
Vulnerability Disclosed: 11/9/2010, CVSS Base: 9.3, Temporal: 6.9
Microsoft Office contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code.
The vulnerability is due to improper boundary restrictions when processing Office documents. An unauthenticated, remote attacker could exploit the vulnerability by convincing the user to view a malicious document. If successful, the attacker could execute arbitrary code with the privileges of the user.
A functional exploit that is a part of the Metasploit framework is publicly available.
Microsoft has confirmed the vulnerability in a security bulletin and released software updates.
More Details:
CVE-2010-3333
Applied Mitigation Bulletin: 21766
CVE-2010-3333
Applied Mitigation Bulletin: 21766
CVE-2010-3333
Applied Mitigation Bulletin: 21766
Cisco TelePresence System Software Common Gateway Interface Command Injection Vulnerability
Vulnerability Disclosed: 2/23/2011, CVSS Base: 9.0, Temporal: 7.4
Cisco TelePresence System Software contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on a targeted system.
The vulnerability is due to improper sanitization of user-supplied input to Common Gateway Interface (CGI) scripts. An authenticated, remote attacker could exploit the vulnerability by sending malicious requests to the vulnerable application. If successful, the attacker could execute arbitrary commands on the system.
Cisco has confirmed the vulnerability in a security advisory and released software updates.
More Details:
CVE-2011-0373
CVE-2011-0374
Cisco PSIRT: 112230
Applied Mitigation Bulletin: 112900
Cisco PSIRT: cisco-sa-20110223-telepresence-cts
Microsoft Internet Explorer oleauto32.dll Memory Corruption Vulnerability
Vulnerability Disclosed: 10/11/2011, CVSS Base: 9.3, Temporal: 6.9
Microsoft Internet Explorer versions 6, 7, 8, and 9 contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability is due to improper handling of malformed web pages. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious website. If successful, the attacker could execute arbitrary code on the system with the privileges of the user.
Microsoft has confirmed this vulnerability in a security bulletin and has released updated software.
More Details:
CVE-2011-1995
Applied Mitigation Bulletin: 24318
CVE-2011-1995
Applied Mitigation Bulletin: 24318
CVE-2011-1995
Applied Mitigation Bulletin: 24318
CVE-2011-1995
Applied Mitigation Bulletin: 24318
CVE-2011-1995
Applied Mitigation Bulletin: 24318
|
| |
Retired Signatures
|
* Inline sensor with Event Action Override set to "deny-packet-inline" at Risk Rating 90 (Cisco default configuration)
|
|
Sensor Update Information
|
Signature Updates
Signature updates may be downloaded automatically by Cisco Security Manager (CSM), IPS Manager Express (IME) and Cisco Security Monitoring, Analysis, and Response System (CS-MARS). The following links are for manual downloads.
Sensor Appliance Updates
IPS 4200-series sensors, IPS 4300-series sensors, IDSM2 Catalyst module, AIM-IPS module, ASA-AIP IPS modules
IOS IPS Updates
IOS IPS in Mainline and T-Train Releases prior to 12.4(11)T (Includes NEW Basic and Advanced Set)
IOS IPS in 12.4(11)T or later T-Train |
Cisco.com FTP Access Change
Cisco will no longer be distributing software that requires a contract or login credentials via ftp.cisco.com from October 2010. Most IPS users will not be affected unless you have manually configured this to download from ftp.cisco.com.
IPS software and signature updates will continue to be available from Cisco.com. These can be retrieved using the built-in authenticated download capabilities in the IDM, IME, MARS and CSM management and monitoring applications or manually from the Software Download area on Cisco.com. Please see the FAQ for more information on manually downloading updates from the Software Download area.
Please direct any questions or concerns regarding this change to ftp_download_feedback@cisco.com.
|
New Product Announcements
|
End of Life and End of Sale Announcements
|
Security Research Library
|
Increase your knowledge of today's vulnerabilities, tomorrow's threats, and the technology necessary to keep up.
Cisco Security Intelligence Operations
Comprehensive threat intelligence, analysis, and defense to help inform and protect organizations. |
Cyber Risk Reports
Weekly strategic intelligence product that highlights current security activity and mid- to long-range perspectives, also available as a podcast.  |
Cisco IntelliShield Alerts
Up-to-the-minute, actionable intelligence, in-depth vulnerability analysis, and highly reliable threat validation to assist in proactive prevention. |
Cisco Applied Mitigation Bulletins
Techniques that use Cisco product abilities to detect and mitigate the most important security events and vulnerabilities. |
Virus Watch
Current virus trends from SenderBase © |
Spam Watch
Current spam trends from SenderBase © |
Security Multimedia Library
Podcasts, video datasheets, webcasts and videos with solutions for today's problems. |
Cisco Security Intelligence Operations Best Practices
Guidance on specific technologies and problem sets to help organizations secure business applications and processes by identifying, preventing, and adapting to threats. |
Cisco Security Services
Professional services to support your Self-Defending Network. |
Cisco Security Solutions
Discover the breadth of Cisco solutions available to solve your organization's security issues. |
Cisco Security Blog
Collaborate with the Cisco Security Community and gain insights into emerging security threats, trends, and best practices.
|
|
|
|
This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document at any time.
Contacts | Feedback | Subscribe | Unsubscribe
Terms & Conditions | Privacy Statement | Trademarks of Cisco Systems Inc.
© 1992-2012 Cisco Systems Inc. All rights reserved.
|
|
|
