PB425877
Summary
Microsoft released the August 2007 Security Advisory Bulletin on August 14, 2007. Nine bulletins were released that address 14 individual vulnerabilities.
Details of the August Bulletin
Details of the vulnerabilities are documented by Microsoft1. The six bulletins rated as Critical address remote code execution vulnerabilities in OLE Automation, XML Core Services, Excel, Internet Explorer, Graphics Rendering Engine, and the Vector Markup Language. Microsoft also released three bulletins rated as Important to correct vulnerabilities in remote code execution for Windows Media Player and Windows Gadgets, and an escalation of privilege vulnerability in Virtual PC and Server. Attackers must rely on user interaction to exploit the eight arbitrary code execution vulnerabilities. This factor reduces the potential for exploitation.
Cisco Security Agent Response
Cisco Security Agent offers proactive protection against exploits and variants that are trying to take advantage of published and unpublished vulnerabilities. Cisco Security Agent is designed to protect servers, desktops, and POS devices from these threats by using rules-based policies. This allows customers to have protection against new and unknown threats without having to update the product with attack-based "signatures."
The following is an estimation of how endpoints protected by Cisco Security Agent will perform when faced with attacks based on these newly disclosed vulnerabilities using the Cisco provided default policies. No actual exploit testing using these vulnerabilities has been performed to date so there may be a difference in the real-world Cisco Security Agent test results against actual exploits.
Critical
MS07-042: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
Based on the information provided in the Microsoft advisory this vulnerability is similar to a prior Microsoft XML Core Services vulnerability (CVE-2006-5745). It is expected that Cisco Security Agent would have similar effectiveness to Remote Code Execution attacks as tested against CVE-2006-5745 by an independent third party http://www.priveon.com/dmdocuments/PV-A-060005A.pdf.
MS07-043: Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)
Based on the information provided in the Microsoft advisory this vulnerability is similar to a prior Vector Markup Language vulnerability (MS06-055). It is expected that Cisco Security Agent would have similar effectiveness to Remote Code Execution attacks as tested against MS06-055 http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps5057/prod_bulletin0900aecd8054549b.html.
MS07-044: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (940965)
Based on the information provided in the Microsoft advisory this Excel vulnerability is similar to a prior Microsoft Word vulnerability (MS07-014). It is expected that Cisco Security Agent would have similar effectiveness to Remote Code Execution attacks as tested against MS07-014 http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps5057/prod_bulletin0900aecd8060b074.html.
MS07-045: Cumulative Security Update for Internet Explorer (937143)
Based on the information provided in the Microsoft advisory the three Internet Explorer vulnerabilities are similar to a prior Vector Markup Language vulnerability (MS06-055). It is expected that Cisco Security Agent would have similar effectiveness to Remote Code Execution attacks as tested against MS06-055 http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps5057/prod_bulletin0900aecd8054549b.html.
MS07-046: Vulnerability in GDI Could Allow Remote Code Execution (938829)
Based on the information provided in the Microsoft advisory this vulnerability is similar to a prior GDI vulnerability (MS06-001). It is expected that Cisco Security Agent would have similar effectiveness to Remote Code Execution attacks as tested against MS06-001 http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps5057/prod_bulletin0900aecd80420fde.html
MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)
Based on the information provided in the Microsoft advisory the three Internet Explorer vulnerabilities are similar to a prior Vector Markup Language vulnerability (MS06-055). It is expected that Cisco Security Agent would have similar effectiveness to Remote Code Execution attacks as tested against MS06-055 http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps5057/prod_bulletin0900aecd8054549b.html
Important
MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution (936782)
Based on the information provided in the Microsoft advisory this vulnerability is similar to a prior GDI vulnerability (MS06-001). It is expected that Cisco Security Agent would have similar effectiveness to Remote Code Execution attacks as tested against MS06-001 http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps5057/prod_bulletin0900aecd80420fde.html
MS07-048: Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)
Since currently shipping versions of Cisco Security Agent do not run on Microsoft Vista it would not provide protection against these vulnerabilities.
MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
Since currently shipping versions of Cisco Security Agent do not run on Microsoft Virtual PC and Virtual Server it would not provide protection against these vulnerabilities.
1Microsoft: http://www.microsoft.com/technet/security/bulletin/ms07-aug.mspx