Microsoft announced four security bulletins that contain eight vulnerabilities as part of the monthly security bulletin release on Sept 9, 2008. A summary of these bulletins is on the Microsoft website at http://www.microsoft.com/technet/security/bulletin/ms08-sep.mspx. This document highlights the vulnerabilities that can be effectively identified and/or mitigated using Cisco network devices.

The vulnerabilities that have a client software attack vector, require user interaction, or can be exploited through web-based attacks such as cross-site scripting or phishing are in the following list:

• MS08-052

• MS08-053

• MS08-054

• MS08-055

The vulnerabilities that have a network mitigation are in the following list. Cisco devices provide several countermeasures for the vulnerabilities that have a network attack vector, which are discussed in detail in the response document.

• MS08-053

• MS08-054

Information about affected and unaffected products is available in the respective Microsoft advisories and the IntelliShield alerts that are referenced below. In addition, multiple Cisco products use Microsoft operating systems as their base operating system. Cisco products that may be affected by the vulnerabilities described in the referenced Microsoft advisories are detailed in the “Associated Products” table in the “Product Sets” section.

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. When applicable, Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, and firewall inspection are among the techniques discussed in the bulletins.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin for September 2008