Product |
---|
Cisco CTI and CTI OS - 4.x, 5.x, 6.0(0) and 7.0(0); with the most up to date Service Release |
Cisco Collaboration Server - 5.0; with the most up to date Service Release |
Cisco Internet Service Node - 1.0(1), 2.0 and 2.1 |
Cisco Voice Portal - 3.0; with the most up to date Service Release |
Cisco eMail Manager - 5.0; with the most up to date Service Release |
ICM Enterprise - 4.6.2, 5.0(0), 6.0(0) and 7.0(0); with the most up to date Service Release |
ICM Hosted - 4.6.2, 5.0(0) and 7.0(0); with the most up to date Service Release |
IPCC Enterprise - 4.6.2, 5.0(0) 6.0(0) and 7.0(0); with the most up to date Service Release |
IPCC Hosted - 4.6.2, 5.0(0) and 7.0(0); with the most up to date Service Release |
On October 11, 2005, Microsoft released the following security updates:
MS05-044 - Moderate
Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)
Affected Software:
Microsoft Windows Server 2003
Microsoft Windows XP Service Pack 1
MS05-045 - Moderate
Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)
Affected Supported Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows Server 2003 Service Pack 1
MS05-046 - Important
Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)
Affected Supported Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows Server 2003 Service Pack 1
MS05-047 - Important
Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privileged (905749)
Affected Supported Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
MS05-048 - Important
Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)
Affected Supported Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows Server 2003 Service Pack 1
MS05-049 - Important
Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)
Affected Supported Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows Server 2003 Service Pack 1
MS05-050 - Critical
Vulnerability in DirectShow Could Allow Remote Code Execution (904706)
Affected Supported Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows Server 2003 Service Pack 1
MS05-051 - Critical
Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)
Affected Supported Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows Server 2003 Service Pack 1
MS05-052 - Critical
Cumulative Security Update for Internet Explorer (896688)
Affected Supported Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows Server 2003 Service Pack 1
For additional information on Microsoft security updates, see the Microsoft Security Updates page.
Cisco evaluates Microsoft security notices and updates for potential impact to Cisco Contact Center products.
The qualification process results in one of four categorical ratings being applied to a given update: Impacting, Not Impacting, Deferred, or Not Applicable.
The four ratings are defined in the Cisco Customer Contact Software Policy for use of Third-Party Software and Security Updates document.
For the security updates listed in Problem Description section of this bulletin, Cisco has assigned the updates to the following categories:
Impacting
MS05-047 - Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privileged
MS05-049 - Vulnerabilities in Windows Shell Could Allow Remote Code Execution
MS05-050 - Vulnerability in DirectShow Could Allow Remote Code Execution
MS05-051 - Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution
Deferred
MS05-045 - Vulnerability in Network Connection Manager Could Allow Denial of Service
MS05-052 - Cumulative Security Update for Internet Explorer
Not Applicable
MS05-044 - Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering
MS05-046 - Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution
MS05-048 - Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution
Due to the nature of some of the vulnerabilities addressed by a number of critical, important and moderate security updates, which are only exploitable if a user visited a malicious Web or FTP site or viewed a malicious e-mail message that could potentially allow remote code execution, they are deferred and rolled up into the next service release testing of the supported applications. The vulnerability addressed by MS05-044 is only applicable if the Enable Folder View for FTP Sites Internet Explorer setting is changed from the default of being disabled.
While an attacker who successfully exploited these vulnerabilities could take complete control of an affected system or cause a denial of service attack, Production Contact Center application servers should not be used for chat, e-mail or to browse unknown and potentially dangerous Web or FTP Sites.
Proper care should be taken in deciding on which updates to apply to your systems. For additional information on the security measures to be considered in an ICM environment, refer to the Security Best Practices for Cisco Intelligent Contact Management Software Guide.
Product |
Version(s) |
Tested (Y/I*) |
Components Tested (All or Specific) |
---|---|---|---|
ICM/IPCC |
7.0(0) SR1 |
Y |
All ICM Components Tested |
ICM/IPCC |
6.0(0) SR4 |
Y |
All ICM Components Tested |
ICM/IPCC |
5.0(0) SR11 |
Y |
All ICM Components Tested |
Note: *"I" indicates that testing is in progress and will be updated when complete.
Customers should follow Microsoft's guidelines regarding when and how they should apply these updates. Refer to the Microsoft website for full details of the potential exposure from the caveat is referenced on the Microsoft Security page.
Security Bulletin MS05-051 conflicts with recommended non-default file access control lists, leading to Internet Script Editor logon failure.
File system hardening recommendations in the Security Best Practices for Cisco Intelligent Contact Management Software Guide suggest removing the EVERYONE group from all the drives' file access control list (ACL) permission settings. When applied to the Windows system drive (%SYSTEMDRIVE%), the following errors will result when attempting to login Internet Script Editor Users after MS05-0511 is installed:
An error message pops up in Internet Script Editor:
"The user credentials you supplied were not accepted by the server. Please contact the Web server's administrator to verify you have permission to log on."
HTTP 500 error may be logged in the IIS log file
An event that is similar to the following may be logged in the System log:
Event Type: Error Event Source: DCOM Event Category: None Event ID: 10010 Date: Time: User: NT AUTHORITY\SYSTEM Computer: Server Description: The server did not register with DCOM within the required timeout. Event Type: Warning Event Source: W3SVC Event Category: None Event ID: 36 Date: Time: User: N/A Computer: Server Description: The server failed to load application '/LM/W3SVC/1/ROOT'. The error was 'Server execution failed '.
For additional information specific to this message please visit the Microsoft Online Support site.
Please follow the solution provided in the Microsoft Knowledge Base Article KB 909444, Systems that have changed the default Access Control List permissions on the %windir%\registration directory may experience various problems after you install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC, to restore the default permissions to the COM+ catalog.
Cisco has assessed, and where deemed appropriate, validated the Microsoft security patches addressed in this bulletin along with any workarounds for the problems found. Deferred security updates will be folded in to regression testing of the listed products' next service release or major release, whichever comes first.
Cisco recommends that Contact Center customers separately assess all security patches released by Microsoft and install those deemed appropriate for their environments.
Cisco will continue to provide a service of separately assessing and where necessary, validating higher severity security patches that may be relevant to the Contact Center Enterprise software products.
Visit the Microsoft website to acquire the fixes. Keep in mind that you should download the appropriate fixes based on the version of the Microsoft operating system deployed in your environment and service pack level.
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.
Unleash the Power of TAC's Virtual Assistance