User Group for Cisco Security Product Updates, Discussion and Tips.
Applied Mitigation Bulletin
—————————
http://tools.cisco.com/security/center/viewAlert.x?alertId=16944
IntelliShield Vulnerability Alert
———————————
http://tools.cisco.com/security/center/viewAlert.x?alertId=16941
PSIRT Hot Page
————–
https://psirt.cisco.com/PSIRThot/MS08-067
Please read below how your Cisco products can help you mitagate the effects of this vulnerability:
http://tools.cisco.com/security/center/viewAlert.x?alertId=16944
Microsoft released one out-of-band security bulletin that contains one vulnerability on October 23, 2008. A summary of this bulletin is on the Microsoft website at http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx. This document highlights the vulnerability that can be effectively identified and/or mitigated using Cisco network devices.
The vulnerability that has a network mitigation is in the following list. Cisco devices provide several countermeasures for the vulnerability that has a network attack vector, which will be discussed in detail later in this document.
Information about affected and unaffected products is available in the respective Microsoft advisories and the IntelliShield alerts that are referenced in the following table. In addition, multiple Cisco products use Microsoft operating systems as their base operating system. Cisco products that may be affected by the vulnerabilities described in the referenced Microsoft advisories are detailed in the “Associated Products” table in the “Product Sets” section.
| Microsoft ID | Description | CVE ID | IntelliShield Alert ID |
|---|---|---|---|
| MS08-067 | Vulnerability in Server Service Could Allow Remote Code Execution (958644) | CVE-2008-4250 | 16941 |
One Out-of-Band Microsoft Security Bulletin will be covered in this Applied Mitigation Bulletin. The following vulnerability is summarized in this document:
MS08-067, Vulnerability in Server Service Could Allow Remote Code Execution (958644): This vulnerability has been assigned CVE identifier CVE-2008-4250. This vulnerability can be exploited remotely without authentication for Windows 2000, Windows XP, and Windows Server 2003 systems and with authentication for Windows Vista and Windows Server 2008 and without user interaction. Successful exploitation of the vulnerability for CVE-2008-4250 may allow arbitrary code execution. Repeated attempts to exploit this vulnerability could result in a sustained DoS condition. The attack vector for exploitation of CVE-2008-4250 is through Remote Procedure Call (RPC) packets using TCP port 139 or TCP port 445.
Security User Group Meetings are back!!!
November’s User Group will focus on Cisco’s Web Applications Firewall. Traditional Firewalls simply pass port 80 & port 443 as allowable traffic for web applications. Unfortunately, over 2/3rds of today’s new attacks are application-layer attacks. Attacks, such as cross-site scripting or SQL Injection attacks are aimed at web servers in an effort to steal identities, credit cards, etc.
The Cisco ACE Web Application Firewall combines deep Web application analysis with high-performance Extensible Markup Language (XML) inspection and management to address the full range of these threats. It secures and protects Web applications from common attacks such as identity theft, data theft, application disruption, fraud, and targeted attacks.
The Cisco ACE Web Application Firewall is especially designed to help organizations that store, process, and transmit credit card data comply with the current Payment Card Industry (PCI) Data Security Standard (DSS), requirements. Because of its unique blend of HTML and XML security, the Cisco ACE Web Application Firewall provides a full compliance solution for the PCI DSS sections 6.5 and 6.6, which mandate the implementation of a Web application firewall by June 30, 2008.
Benefits of the Cisco ACE Web Application Firewall include:
Please register now and join us from 11:00-2:00 for a “Lunch N Learn” technical deep dive into our Web Application Firewall Solution:
Please see the Event Calendar at the top right for addesses in each city.
Microsoft published its monthly security bulletin release on October 14, 2008. Eleven bulletins were released that address twenty individual vulnerabilities.
|
Microsoft has rated four bulletins as Critical, six as Important, and one as Moderate. The advisories that address Critical vulnerabilities cover remote code execution flaws in Active Directory, Host Integration Server, Internet Explorer, and Microsoft Excel. Although each Critical vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the user, the Excel and Internet Explorer flaws require some level of user interaction. The six Important flaws cover vulnerabilities found in the Ancillary Function Driver, Internet Printing Service, Message Queuing, SMB, Virtual Address Descriptor, and Windows Kernel. The Important vulnerabilities allow for elevation of privileges or remote code execution but contain additional complexity that could limit their exploitation. The Moderate vulnerability exists in Microsoft Office and could lead to information disclosure. |
Cisco’s suite of security solutions provides immediate protection for these vulnerabilities. Detailed vulnerability information, analysis, and Cisco-specific mitigation information is available on the IntelliShield Event Response for this Microsoft Security Bulletin Release. For continuously updated information on specific vulnerabilities or IntelliShield alerts, please visit the Cisco Security Center.
Please see the Cisco Applied Mitigation Bulletin for detailed technical mitigation information.
http://tools.cisco.com/security/center/viewAlert.x?alertId=16889
