Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Recommended Microsoft Security Updates for Cisco TelePresence Content Server Release 6.0.x

advertisement 
Recommended Microsoft Security Updates for
Cisco TelePresence Content Server
Release 6.0.x
July 27, 2015
This bulletin lists the Microsoft Security Updates that are recommended for installation on the Cisco
TelePresence Content Server Release 6.0.x. This bulletin is applicable to all versions of the Content
Server with Windows 2008 R2.
Contents
•
Installation, page 1
•
Windows 2008 R2 Security Updates, page 2
•
Patches that Resolve Nessus-Identified Vulnerabilities, page 8
•
Related Documentation, page 10
•
Obtaining Documentation and Submitting a Service Request, page 10
Installation
For each security update, click the link to go directly to the Microsoft web site and do the following:
1.
Read the Microsoft Security Bulletin.
2.
Download the Security Update by clicking the link on the Security Bulletin web page for Windows
Server 2008 R2.
3.
Install the update by following the procedure provided by Microsoft.
Cisco Systems, Inc.
www.cisco.com
Windows 2008 R2 Security Updates
Windows 2008 R2 Security Updates
Microsoft Knowledge Base Article
Executable File
Windows Kernel Patches for Windows 2008 R2 for Content Server 6.0.x
Vulnerability in Digital Signatures Could Allow
Denial of Service (KB2868626)
Windows6.1-KB2868626-x64.msu
Vulnerability in Windows Service Control
Manager Could Allow Elevation of Privilege
(KB2872339)
Windows6.1-KB2872339-x64.msu
Vulnerabilities in Kernel-Mode Drivers Could
Allow Elevation of Privilege (KB2876315)
Windows6.1-KB2876315-x64.msu
Vulnerability in Windows Media Format Runtime Windows6.1-KB2803821-v2-x64.msu
Could Allow Remote Code Execution
(KB2847883)
Vulnerability in Microsoft DirectShow Could
Allow Remote Code Execution (KB2845187)
Windows6.1-KB2845187-x64.msu
Vulnerability in TCP/IP Could Allow Denial of
Service (KB2790655)
Windows6.1-KB2790655-x64.msu
Vulnerability in IP-HTTPS Component Could
Allow Security Feature Bypass (KB2765809)
Windows6.1-KB2765809-x64.msu
Vulnerabilities in Microsoft Internet Information Windows6.1-KB2716513-x64.msu
Services (IIS) Could Allow Information
Windows6.1-KB2719033-x64.msu
Disclosure (KB2733829)
Vulnerabilities in Windows Shell Could Allow
Remote Code Execution (KB2727528)
Windows6.1-KB2727528-x64.msu
Vulnerabilities in Windows Networking
Components Could Allow Remote Code
Execution (KB2733594)
Windows6.1-KB2705219-v2-x64.msu
Windows6.1-KB2712808-x64.msu
Vulnerability in Windows Kernel-Mode Drivers Windows6.1-KB2913602-x64
Could Allow Elevation of Privilege (KB2913602)
Vulnerability in Windows Could Allow Remote
Code Execution (KB2893294)
Windows6.1-KB2893294-x64
Vulnerability in Windows Ancillary Function
Driver Could Allow Information Disclosure
(KB2875783)
Windows6.1-KB2875783-x64
Vulnerability in Windows Graphics Device
Interface Could Allow Remote Code Execution
(KB2876331)
Windows6.1-KB2876331-x64
Vulnerability in ICMPv6 could allow Denial of
Service (KB2868623)
Windows6.1-KB2868623-x64
Vulnerability in Windows Defender Could Allow Windows6.1-KB2847927-x64
Elevation of Privilege (KB2847927)
Vulnerability in Remote Desktop Client Could
Allow Remote Code Execution (KB2828223)
Windows6.1-KB2813347-x64
Recommended Microsoft Security Updates for Cisco TelePresence Content Server Release 6.0.x
2
Windows 2008 R2 Security Updates
Microsoft Knowledge Base Article
Executable File
Vulnerability in Microsoft Windows Could Allow Windows6.1-KB2785220-x64
Security Feature Bypass (KB2785220)
Vulnerability in Windows File Handling
Windows6.1-KB2758857-x64
Component Could Allow Remote Code Execution
(KB2758857)
Vulnerability in Kerberos Could Allow Denial of Windows6.1-KB2743555-x64
Service (KB2743555)
Vulnerability in TLS Could Allow Information
Disclosure (KB2655992)
Windows6.1-KB2655992-x64
Vulnerability in Windows Shell Could Allow
Remote Code Execution (KB2691442)
Windows6.1-KB2691442-x64
Vulnerability in Microsoft DirectShow Could
Allow Remote Code Execution (KB2929961)
Windows6.1-KB2929961-x64
Vulnerabilities in Windows Kernel-Mode Driver Windows6.1-KB2930275-x64
Could Allow Elevation of Privilege (KB2930275)
Vulnerability in Security Account Manager
Remote (SAMR) Protocol Could Allow Security
Feature Bypass (KB2934418)
Windows6.1-KB2923392-x64
Windows6.1-KB2922229-x64
Vulnerability in Windows File Handling
Component Could Allow Remote Code Execution
(KB2922229)
Vulnerability in Group Policy Preferences Could
Allow Elevation of Privilege (KB2962486)
Windows6.1- KB2928120-x64.msu
Vulnerability in Windows Shell Handler Could
Allow Elevation of Privilege (KB2962488)
Windows6.1-KB2926765-x64.msu
Vulnerability in TCP Protocol Could Allow
Denial of Service (KB2962478)
Windows6.1-KB2957189-x64.msu
Vulnerabilities in Microsoft Graphics Component Windows6.1-KB2957509-x64.msu
Could Allow Remote Code Execution
(KB2967487)
Vulnerabilities in Microsoft Graphics Component Windows6.1-KB2957503-x64.msu
Could Allow Remote Code Execution
(KB2967487)
Vulnerability in Windows Journal Could Allow
Remote Code Execution (KB2975689)
Windows6.1-KB2971850-x64.msu
Vulnerability in On-Screen Keyboard Could
Allow Elevation of Privilege (KB2975685)
Windows6.1-KB2973201-x64.msu
Vulnerability in Ancillary Function Driver (AFD) Windows6.1-KB2961072-x64.msu
Could Allow Elevation of Privilege (KB2975684)
Vulnerability in DirectShow Could Allow
Elevation of Privilege (KB2975681)
Windows6.1-KB2972280-x64.msu
Vulnerabilities in Kernel-Mode Drivers Could
Allow Elevation of Privilege (KB2984615)
Windows6.1-KB2993651-x64.msu
Recommended Microsoft Security Updates for Cisco TelePresence Content Server Release 6.0.x
3
Windows 2008 R2 Security Updates
Microsoft Knowledge Base Article
Executable File
Vulnerabilities in Kernel-Mode Drivers Could
Allow Elevation of Privilege (KB2984615)
Windows6.1-KB2976897-x64.msu
Vulnerability in LRPC Could Allow Security
Feature Bypass (KB2978668)
Windows6.1-KB2978668-x64.msu
Vulnerability in Windows Installer Service Could Windows6.1-KB2918614-x64.msu
Allow Elevation of Privilege (KB2962490)
Vulnerabilities in Windows OLE Could Allow
Remote Code Execution (KB3011443)
Windows6.1-KB3006226-x64.msu
Vulnerabilities in Windows OLE Could Allow
Remote Code Execution (KB3011443)
Windows6.1-KB3010788-x64.msu
Vulnerability in Schannel Could Allow Remote
Code Execution (KB2992611)
Windows6.1-KB2992611-x64.msu
Windows6.1-KB3018238-x64.msu
Vulnerability in Kerberos Could Allow Elevation Windows6.1-KB3011780-x64.msu
of Privilege (KB3011780)
Vulnerability in Windows Audio Service Could
Allow Elevation of Privilege (KB3005607)
Windows6.1-KB3005607-x64.msu
Vulnerability in Remote Desktop Protocol Could Windows6.1-KB3003743-x64.msu
Allow Security Feature Bypass (KB3003743)
Vulnerability in Kernel-Mode Driver Could
Allow Denial of Service (KB3002885)
Windows6.1-KB3002885-x64.msu
Vulnerability in Microsoft Graphics Component
Could Allow Information Disclosure
(KB3013126)
Windows6.1-KB3013126-x64.msu
Vulnerability in Windows Application
Compatibility Cache Could Allow Elevation of
Privilege (KB3023266)
Windows6.1-KB3023266-x64.msu
Vulnerability in Windows User Profile Service
Windows6.1-KB3021674-x64.msu
Could Allow Elevation of Privilege (KB3021674)
Vulnerability in Windows Components Could
Allow Elevation of Privilege (KB3025421)
Windows6.1-KB3019978-x64.msu
Vulnerability in Network Location Awareness
Service Could Allow Security Feature Bypass
(KB3022777)
Windows6.1-KB3022777-x64.msu
Vulnerability in Network Policy Server RADIUS Windows6.1-KB3014029-x64.msu
Implementation Could Cause Denial of Service
(KB3014029)
Vulnerability in Windows Kernel-Mode Driver
Windows6.1-KB3019215-x64.msu
Could Allow Elevation of Privilege (KB3019215)
Vulnerabilities in Windows Kernel-Mode Driver
Could Allow Remote Code Execution
(KB3036220)
Windows6.1-KB3013455-x64.msu
Recommended Microsoft Security Updates for Cisco TelePresence Content Server Release 6.0.x
4
Windows 2008 R2 Security Updates
Microsoft Knowledge Base Article
Executable File
Vulnerabilities in Windows Kernel-Mode Driver
Could Allow Remote Code Execution
(KB3036220)
Windows6.1-KB3023562-x64.msu
Vulnerability in Group Policy Could Allow
Remote Code Execution (KB3000483)
Windows6.1-KB3000483-x64.msu
Vulnerability in Group Policy Could Allow
Security Feature Bypass (KB3004361)
Windows6.1-KB3004361-x64.msu
Vulnerability in Microsoft Windows Could Allow Windows6.1-KB3031432-x64.msu
Elevation of Privilege (KB3031432)
Vulnerability in Microsoft Graphics Component
Could Allow Information Disclosure
(KB3029944)
Windows6.1-KB3029944-x64.msu
Vulnerabilities in Microsoft Windows Could
Allow Remote Code Execution (KB3041836)
Windows6.1-KB3033889-x64.msu
Vulnerabilities in Microsoft Windows Could
Allow Remote Code Execution (KB3041836)
Windows6.1-KB3039066-x64.msu
Vulnerabilities in Kernel-Mode Driver Could
Allow Elevation of Privilege (KB3034344)
Windows6.1-KB3034344-x64.msu
Vulnerability in PNG Processing Could Allow
Information Disclosure (KB3035132)
Windows6.1-KB3035132-x64.msu
Vulnerabilities in Windows Kernel Could Allow
Elevation of Privilege (KB3038680)
Windows6.1-KB3035131-x64.msu
Vulnerability in NETLOGON Could Allow
Spoofing (KB3002657)
Windows6.1-KB3002657-x64.msu
Vulnerability in Windows Task Scheduler Could
Allow Security Feature Bypass (KB3030377)
Windows6.1-KB3030377-x64.msu
Vulnerability in HTTP.sys Could Allow Remote
Code Execution (KB3042553)
Windows6.1-KB3042553-x64.msu
Vulnerability in Microsoft Graphics Component
Could Allow Remote Code Execution
(KB3046306)
Windows6.1-KB3046306-x64.msu
Vulnerability in Windows Task Scheduler Could
Allow Elevation of Privilege (KB3046269)
Windows6.1-KB3046269-x64.msu
Vulnerabilities in Microsoft Windows Could
Allow Elevation of Privilege (KB3049576)
Windows6.1-KB3045685-x64.msu
Vulnerabilities in Microsoft Windows Could
Allow Elevation of Privilege (KB3049576)
Windows6.1-KB3045999-x64.msu
Vulnerabilities in Microsoft Font Drivers Could
Allow Remote Code Execution (KB3057110)
Windows6.1-KB3045171-x64.msu
Vulnerability in Windows Journal Could Allow
Remote Code Execution (KB3046002)
Windows6.1-KB3046002-x64.msu
Vulnerability in Service Control Manager Could
Allow Elevation of Privilege (KB3055642)
Windows6.1-KB3055642-x64.msu
Recommended Microsoft Security Updates for Cisco TelePresence Content Server Release 6.0.x
5
Windows 2008 R2 Security Updates
Microsoft Knowledge Base Article
Executable File
Vulnerabilities in Windows Kernel-Mode Drivers Windows6.1-KB3045171-x64.msu
Could Allow Elevation of Privilege (KB3057191)
Vulnerability in Microsoft Management Console
File Format Could Allow Denial of Service
(KB3051768)
Windows6.1-KB3051768-x64.msu
Vulnerability in Schannel Could Allow
Information Disclosure (KB3061518)
Windows6.1-KB3061518-x64.msu
Vulnerabilities in Windows Kernel-Mode Drivers Windows6.1-KB3057839-x64.msu
Could Allow Elevation of Privilege (KB3057839)
Vulnerability in Windows Kernel Could Allow
Elevation of Privilege (KB3063858)
Windows6.1-KB3063858-x64.msu
Vulnerability in Windows Shell Handler Could
Allow Elevation of Privilege(KB 2961033)
Windows6.1-KB2926765-x64.msu
Vulnerability in Microsoft Common Controls
Could Allow Remote Code
Execution(KB3059317)
Windows6.1-KB3059317-x64.msu
Category 2: Windows Patches for Application Server
Vulnerability in the Microsoft XML Editor Could SQLServer2005-KB2494113-x86-ENU
Allow Information Disclosure (KB2543893)
Vulnerability in Microsoft XML Core Services
Could Allow Information Disclosure
(KB2916036)
Windows6.1-KB2916036-x64
Vulnerability in Microsoft XML Core Services
Could Allow Information Disclosure
(KB2966061)
Windows6.1-KB2939576-x64.msu
Vulnerability in XML Core Services Could Allow Windows6.1-KB2993958-x64.msu
Remote Code Execution (KB2993958)
Vulnerability in XML Core Services Could Allow Windows6.1-KB3046482-x64.msu
Security Feature Bypass (KB3046482)
Category 3: Windows Patches for Application and Frameworks
Vulnerabilities in .NET Framework Could Allow NDP40-KB2858302-v2-x64
Remote Code Execution (KB2878890)
Vulnerability in Open Data Protocol Could Allow NDP40-KB2736428-x64
Denial of Service (KB2769327)
Vulnerability in .NET Framework Could Allow
Elevation of Privilege (KB2800277)
NDP40-KB2789642-x64
Vulnerabilities in .NET Framework Could Allow NDP40-KB2901110-v2-x64
Elevation of Privilege (KB2916607)
NDP40-KB2898855-v2-x64
Vulnerability in .NET Framework Could Allow
Elevation of Privilege (KB2958732)
Windows6.1-KB2931356-x64.msu
Vulnerability in .NET Framework Could Allow
Elevation of Privilege (KB2958732)
NDP40-KB2931365-x64.exe
Recommended Microsoft Security Updates for Cisco TelePresence Content Server Release 6.0.x
6
Windows 2008 R2 Security Updates
Microsoft Knowledge Base Article
Executable File
Vulnerability in .NET Framework Could Allow
Security Feature Bypass (KB2984625)
Windows6.1-KB2937610-x64.msu
Vulnerability in .NET Framework Could Allow
Security Feature Bypass (KB2984625)
Windows6.1-KB2943357-x64.msu
Vulnerability in .NET Framework Could Allow
Denial of Service (KB2990931)
Windows6.1-KB2972211-x64.msu
Vulnerability in .NET Framework Could Allow
Denial of Service (KB2990931)
Windows6.1-KB2973112-x64.msu
Vulnerability in .NET Framework Could Allow
Denial of Service (KB2990931)
NDP40-KB2972215-x64.exe
Vulnerabilities in .NET Framework Could Allow Windows6.1-KB2968294-x64.msu
Remote Code Execution (KB3000414)
Vulnerabilities in .NET Framework Could Allow Windows6.1-KB2972100-x64.msu
Remote Code Execution (KB3000414)
Vulnerabilities in .NET Framework Could Allow Windows6.1-KB2979570-x64.msu
Remote Code Execution (KB3000414)
Vulnerabilities in .NET Framework Could Allow NDP40-KB2972106-x64.exe
Remote Code Execution (KB3000414)
Vulnerabilities in .NET Framework Could Allow NDP40-KB2979575-v2-x64.exe
Remote Code Execution (KB3000414)
Vulnerability in .NET Framework Could Allow
Elevation of Privilege (KB3005210)
Vulnerability in .NET Framework Could Allow
Elevation of Privilege (KB3005210)
Windows6.1-KB2978120-x64.msu
NDP40-KB2978125-x64.exe
Vulnerability in .NET Framework Could Allow
Information Disclosure (KB3048010)
Windows6.1-KB3037574-x64.msu
Vulnerability in .NET Framework Could Allow
Information Disclosure (KB3048010)
NDP40-KB3037578-x64.exe
Vulnerabilities in .NET Framework Could Allow Windows6.1-KB3023215-x64.msu
Elevation of Privilege (KB3057134)
Vulnerabilities in .NET Framework Could Allow Windows6.1-KB3032655-x64.msu
Elevation of Privilege (KB3057134)
Vulnerabilities in .NET Framework Could Allow NDP40-KB3023221-x64.exe
Elevation of Privilege (KB3057134)
Vulnerabilities in .NET Framework Could Allow NDP40-KB3032662-x64.exe
Elevation of Privilege (KB3057134)
Not supported for Content Server Release 6.0.x:
•
Vulnerability in Media Decompression Could Allow Remote Code Execution (KB2780091)
•
Vulnerability in Windows Common Controls Could Allow Remote Code Execution (KB2720573)
•
Vulnerability in NFS Server Could Allow Denial of Service (KB2790978)
•
Vulnerability in SQL Server Could Allow Elevation of Privilege (KB2754849)
Recommended Microsoft Security Updates for Cisco TelePresence Content Server Release 6.0.x
7
Patches that Resolve Nessus-Identified Vulnerabilities
Patches that Resolve Nessus-Identified Vulnerabilities
Nessus is a vulnerability scanner developed by Tenable Network Security. The scanner produces
vulnerability checks called plugins which are sometimes resolved by Microsoft patches. The
recommended Microsoft patches for the Content Server are listed below.
Plugin ID
Description
Executable File/Resolution
20007
SSL Version 2 (v2) Protocol
Detection.
Run the script for Windows
Server 2008R2. See the
Release 6.0.1 script for Nessus
Plugin Patches on Cisco.com.
SSL Certificate with wrong
Hostname.
The Content Server needs to use a
publicly signed certificate instead
of the default self-signed
certificate.
Severity Level: Medium
45411
Severity Level: Medium
For more information, see the
Cisco TelePresence Content
Server Administrator Guide.
48762
Severity Level: High
Insecure Library Loading could http://technet.microsoft.com/enallow Remote Code Execution. us/security/advisory/2269637
See the “Plugin 48762” section
for the executables.
51192
Severity Level: Medium
SSL Certificate cannot be
trusted.
Obtain a publicly signed
certificate instead of the default
certificate.
For more information, see the
Cisco TelePresence Content
Server Administrator Guide.
53382
Severity Level: High
55129
Severity Level: Medium
57582
Microsoft Foundation Class
Library could allow Remote
code execution.
Patch not recommended. Might
cause error on installation or
un-installation of the Content
Server.
Microsoft XML editor could
allow Information Disclosure.
SQLServer2005-KB2494113-x8
6-ENU
SSL Self Signed Certificate.
Obtain a publicly signed
certificate instead of the default
certificate.
Severity Level: Medium
For more information, see the
Cisco TelePresence Content
Server Administrator Guide.
Recommended Microsoft Security Updates for Cisco TelePresence Content Server Release 6.0.x
8
Patches that Resolve Nessus-Identified Vulnerabilities
Plugin ID
Description
Executable File/Resolution
57608
SMB signing required.
Review the Supporting
information about resolve the
issue.
Severity Level: Medium
Run the script to resolve the
issue. See the Release 6.0.1 script
for Nessus Plugin Patches on
Cisco.com.
63155
Severity Level: High
71323
Severity Level: High
Microsoft Windows Unquoted
Service Path Enumerator.
Run the script to resolve the
issue. See the Release 6.0.1 script
for Nessus Plugin Patches on
Cisco.com.
Insecure ASP.Net Site
Configuration could allow
Elevation of Privilege.
Microsoft security Advisory
2905274
NDP40-B2894842-x64.exe
Plugin 48762
These are the executables for addressing Plugin 48762.
Note
Before installing patches, execute script and fix-it.
Microsoft Knowledge Base Article
Executable File
A new CWDIllegalInDll Search registry entry is MicrosoftFixit50522
available to control the Dll search path algorithm Windows6.1-KB2264107-v2-x64
Run the script to resolve the issue. See the
Release 6.0.1 script for Nessus Plugin Patches on
Cisco.com.
Vulnerabilities in .NET Framework Could Allow
Remote Code Execution (KB2745030)
.Net Framework v4.0-KB2737019
NDP40-KB2737019-x64.exe
.Net Framework v4.0-KB2729449
NDP40-KB2729449-x64.exe
Vulnerability in Color Control Panel Could Allow Windows6.1-KB2643719-x64.msu
Remote Code Execution (KB2643719)
Vulnerability in Windows Mail and Windows
Meeting Space Could Allow Remote Code
Execution (KB2620704)
Windows6.1-KB2620704-x64.msu
Vulnerability in Microsoft Active Accessibility
Could Allow Remote Code Execution
(KB2623699)
Windows6.0-KB2564958-x64.msu
Vulnerability in Windows Components Could
Allow Remote Code Execution (KB2570974)
Windows6.1-KB2570947-x64.msu
Recommended Microsoft Security Updates for Cisco TelePresence Content Server Release 6.0.x
9
Related Documentation
Microsoft Knowledge Base Article
Executable File
Vulnerability in Data Access Components Could
Allow Remote Code Execution (KB2560656)
Windows6.1-KB2560656-x64.msu
Insecure library loading could allow remote code Windows6.1-KB2533623-x64
execution (MS Knowledge Base Article 2533623)
Vulnerabilities in Windows Media Could Allow
Remote Code Execution (KB2479943)
Windows6.1-KB2479943-x64.msu
Vulnerability in Windows Address Book Could
Allow Remote Code Execution (KB2423809)
Windows6.1-KB2423089-x64.msu
Vulnerability in Microsoft Windows Could Allow Windows6.1-KB2385678-x64.msu
Remote Code Execution (KB2385678)
Related Documentation
Cisco TelePresence Content Server Documentation
http://www.cisco.com/en/US/products/ps11347/tsd_products_support_series_home.html
Information About Accessibility and Cisco Products
For information about the accessibility of this product, contact the Cisco accessibility team at
accessibility@cisco.com.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a
service request, and gathering additional information, see What’s New in Cisco Product Documentation
at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical
documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The
RSS feeds are a free service.
This document is to be used in conjunction with the documents listed in the “Related Documentation” section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of
Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The
use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any
examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only.
Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2014 Cisco Systems, Inc. All rights reserved.
Recommended Microsoft Security Updates for Cisco TelePresence Content Server Release 6.0.x
10
Related documents
How to register on HIT server
How to register on HIT server
MSU AHC Special Events Grant Final Report Form
MSU AHC Special Events Grant Final Report Form
Appreciation Night - Minot State University
Appreciation Night - Minot State University
CMPS 1033 – Introductory Topics in Computing – Web Design (Honors)
CMPS 1033 – Introductory Topics in Computing – Web Design (Honors)
Download
advertisement