Cisco Security Intelligence Operations and Microsoft Tuesday
Earlier today Microsoft published their Security Bulletins for March 2010. The availability of patches mark the beginning of a flurry of activity for IT organizations everywhere. In the video below, I summarize this month’s bulletins:
In addition to those bulletins, Microsoft also published Microsoft Security Advisory 981374. This advisory addresses a vulnerability in Internet Explorer which could be exploited to execute artibrary code.
Each month Cisco Security Intelligence Operations (SIO) produces intelligence around Microsoft’s Security Bulletin Release and I thought that I would provide an overview of what is available. Although I am highlighting this information in the context of Microsoft Tuesday, note that Cisco SIO produces similar collateral for other security relevant events from a variety of vendors as well as the open source community.
The Event Response takes center stage. This month’s Event Response is available and if you’re interested in previous month’s Event Responses please visit our archive. In addition to summarizing Microsoft Security Bulletins and applicable Cisco Mitigations, the Event Response also points you to the actual Microsoft Security Bulletins, IntelliShield Alerts, and Applied Mitigation Bulletins. A key component of the Event Response is the “Impact on Cisco Products” section. Cisco customers can use this information to understand how Cisco products are impacted by the vulnerabilities announced by Microsoft.
IntelliShield Alerts are packed with useful information for both end-users and IT Administrators. Each Alert provides an analysis of the vulnerability from our Threat Operation Center experts as well as a detailed list of vulnerable products. You can see this month’s IntelliShield Alerts here: 1, 2, 3, 4, 5, 6, 7, and 8. I should also mention that the IntelliShield team recently published Alert 20000!
Applied Mitigation Bulletins describe how you can use Cisco technology to identify and mitigate attempts to exploit vulnerabilities. They provide detailed steps that administrators can use to configure a variety of Cisco technologies including Cisco IOS, firewalls, and IPS offerings. IPS customers can also subscribe to the IPS Threat Defense Bulletin. This Bulletin is sent to subscribers via e-mail when an IPS Signature Update is available. SIO released a Threat Defense Bulletin earlier today and signatures are available for all of the vulnerabilities that Microsoft announced.
I encourage you to peruse this information. There is sure to be useful content for you no matter what role you fill in your organization.