Product Support Notice

Transcription

1 PSN # PSN002704u Product Support Notice 2009 Avaya Inc. All Rights Reserved. Original publication date: 30-Nov-09. This is Issue #01, published date: 30-Nov-09. Severity/risk level Medium Urgency Immediately Name of problem Modular Messaging 5.2 Microsoft Patch List Products affected Modular Messaging (MM) 5.2 Problem description Avaya applies a set of Microsoft patches as part of the base installation of MM installed in the factory. The majority of these patches are security updates. Resolution The following are included in the base software for MM 5.2. This list applies to systems with Exchange and Domino backends and MSS backends with MAS software on a S3500 and S8800. The list for systems with MSS backends with MAS software on a S8730 follows this list. Common Name KB Article Number Type Description MS KB Security Vulnerability in Windows CSRSS could allow remote code MS KB Security Vulnerability in Microsoft Agent could allow remote code KB Update You receive an access violation error and the system may appear to become unresponsive when you try to install an update from Windows Update or from Microsoft Update MS KB Security Vulnerability in Microsoft Foundation Classes could allow for MS KB Security Cumulative security update for Outlook Express and for Windows Mail MS KB Security Vulnerability in Windows Media Format could allow MS KB Security Vulnerability in Windows Active Directory could allow MS KB Security Vulnerability in Windows Media Player could allow MS KB Security Vulnerability in Vector Markup Language could allow MS KB Security Vulnerabilities in the.net Framework could allow MS KB Security Vulnerabilities in RPC could allow denial of service KB Update A microcode reliability update is available that improves the reliability of systems that use Intel processors MS KB Security Vulnerability in Windows URI Handling could allow MS KB Security Vulnerability in Windows URI Handling could allow MS KB Security Vulnerability in Windows Media file format could allow

2 MS KB Security Vulnerability in Internet Information Services could allow MS KB Security Vulnerability in Internet Information Services could allow elevation of privileges MS KB Security Vulnerability in WebDAV Mini Redirector could allow MS KB Security Description of the security update for Windows 2000, for Windows XP, for Windows Server 2003, and for Windows Vista: February 12, 2008 KB Update An update to turn off default SNP features is available for Windows Server 2003 based and Small Business Server 2003 based computers MS KB Security Vulnerability in DNS client could allow spoofing MS KB Security Critical security update of ActiveX kill bits MS KB Security Vulnerabilities in Pragmatic General Multicast (PGM) could allow denial of service MS KB Security Description of the security update for DNS in Windows Server 2003, in Windows XP, and in Windows 2000 Server (client side): July 8, 2008 MS KB Security Security update for Outlook Express and Windows Mail MS KB Security Vulnerabilities in Microsoft Windows Image Color Management could allow MS KB Security Vulnerability in Event System could allow remote code MS KB Security Vulnerability in Server service could allow remote code MS KB Security Description of the security update for XML Core Services 3.0: November 11, 2008 MS KB Security Vulnerability in SMB could allow MS KB Security Description of the security update for Windows Media Format Runtime 7.1, 9.0, 9.5, and 11 and Media Foundation: December 9, 2008 MS KB Security Description of the security update for Windows Media Player 6.4: December 9, 2008 MS KB Security Vulnerabilities in GDI could allow remote code KB Update December 2008 cumulative time zone update for Microsoft Windows operating systems MS KB Security Vulnerability in GDI could allow MS KB Security Vulnerability in the Microsoft Ancillary Function driver could allow elevation of privilege MS KB Security Vulnerabilities in SMB could allow remote code KB Update Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits MS KB Security Vulnerability in SChannel could allow spoofing MS KB Security Description of the security update for GDI+ for all editions of Windows XP, of Windows Vista, of Windows Server 2003, and of Windows Server 2008 and for Windows Server 2000 with Internet Explorer 6 SP Avaya Inc. All Rights Reserved. Page 2

3 MS KB Security Vulnerabilities in Windows Kernel could allow remote code KB update How to disable the Autorun functionality in Windows MS KB Security Vulnerability in Microsoft DirectShow could allow MS KB Security Description of the security update for Windows Service Isolation: April 2009 MS KB Security Description of the security update for MSDTC Transaction Facility: April 2009 MS KB Security Vulnerabilities in Windows HTTP services could allow MS KB Security Blended threat vulnerability in SearchPath could allow elevation of privilege MS KB Security Cumulative security update for Internet Explorer MS KB Security Description of the update for Windows WordPad Converter: April 14, 2009 MS KB Security Description of the security update for DNS server: March 10, 2009 MS KB Security Vulnerabilities in the Windows Print Spooler could allow MS KB Security Vulnerabilities in Windows Kernel could allow elevation of privilege MS KB Security Vulnerability in RPC could allow elevation of privilege MS KB Security Vulnerabilities in Internet Information Services (IIS) could allow elevation of privilege KB SP List of changes and fixed issues in the.net Framework 3.5 Service Pack 1 MS KB Security Vulnerabilities in Microsoft DirectShow could allow MS KB Security Vulnerabilities in the Embedded OpenType Font Engine could allow KB Tool The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows Server 2008, Windows XP, or Windows 2000 MS KB Security Cumulative Security Update of ActiveX Kill Bits MS KB Update Cumulative security update for Internet Explorer KB Update Error message when you try to install a large Windows Installer package or a large Windows Installer patch package in Windows Server 2003 Service Pack 2: "Error 1718 File was rejected by digital signature policy" MS KB Security Description of the security update for XML Core Services 6.0: November 11, 2008 KB Update All the PCL inbox printer drivers become unsigned after you install the Microsoft.NET Framework 3.5 Service Pack 1 MS KB Security Description of the update for Windows WordPad Converter: April 14, 2009 KB Update How to remove the.net Framework Assistant for Firefox KB Tool The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious 2009 Avaya Inc. All Rights Reserved. Page 3

4 software from computers that are running Windows 7, Windows Vista, Windows Server 2003, Windows Server 2008, Windows XP, or Windows 2000 August 2009 MS KB Security Vulnerabilities in the Embedded OpenType Font Engine could allow KB Update Extended Protection for Authentication MS KB Security Vulnerability in Message Queuing could allow elevation of privilege MS KB Security Vulnerabilities in Windows Media file processing could allow MS KB Security Description of the security update for Windows Media Player: August 11, 2009 MS KB Security Description of the security update for the DHTML editing component ActiveX control: August 11, 2009 MS KB Security Description of the security update for Remote Desktop Client version 6.0 and 6.1: August 11, 2009 MS KB Security Cumulative security update for Internet Explorer MS KB Security Description of the security update for Windows Media Format Runtime, Windows Media Services, and Media Foundation: September 8, 2009 MS KB Security Vulnerability in JScript Scripting Engines could allow KB Update Update Remote Desktop Connection (Terminal Services Client 6.0) KB Update Some Microsoft XPS features are not available in Windows Server 2003 and in Windows XP MS KB Security Vulnerability in the DHTML Editing Component ActiveX control could allow MS KB Security Vulnerability in SChannel could allow spoofing MS KB Security Vulnerabilities in Windows TCP/IP could allow remote code MS KB Security Description of the security update for Outlook Express KB Security Description of the security update for the Active Template Library MS KB Security Vulnerability in Telnet could allow remote code MS KB Security Description of the security update for Microsoft MSWebDVD ActiveX Control in Windows XP and Windows Server 2003 MS KB Security Vulnerability in the Workstation Service could allow elevation of privilege KB Update August 2009 cumulative time zone update for Microsoft Windows operating systems MS KB Security Vulnerability in Internet Information Services could allow MS KB Security Vulnerability in Internet Information Services could allow elevation of privileges MS KB Security Description of the security update for XML Core Services 6.0 KB Update All the PCL inbox printer drivers become unsigned after you install the Microsoft.NET Framework 3.5 Service Pack Avaya Inc. All Rights Reserved. Page 4

5 MS KB Security Description of the security update for DNS server MS KB Security Vulnerabilities in Internet Information Services (IIS) could allow elevation of privilege KB Update Update to.net Framework 3.5 SP1 for the.net Framework Assistant 1.0 for Firefox MS KB Security Description of the security update for the Microsoft.NET Framework 2.0 Service Pack 2 and the Microsoft.NET Framework 3.5 Service MS KB Security Cumulative security update for Internet Explorer MS KB Security Cumulative Security Update of ActiveX Kill Bits MS KB Security Vulnerability in the Local Security Authority Subsystem Service could allow denial of service MS KB Security Description of the security update for Windows Media Audio Voice Decoder MS KB Security Description of the security update for Audio Compression Manager MS KB Security Vulnerabilities in CryptoAPI could allow spoofing MS KB Security Vulnerability in Windows Media Player could allow MS KB Security Vulnerabilities in Windows kernel could allow elevation of privilege MS KB Security Addresses a vulnerability in Microsoft.NET MS KB Security Vulnerability in Indexing Service could allow remote code MS KB Security Description of the security update for the Microsoft.NET Framework 1.1 Service Pack 1 on Windows Server 2003 (32 bit) This list applies to systems with MSS backends with MAS software on a S8730. Common KB Article Type Description Name Number MS KB Security Vulnerability in Windows CSRSS could allow remote code MS KB Security Vulnerability in Microsoft Agent could allow remote code KB Update You receive an access violation error and the system may appear to become unresponsive when you try to install an update from Windows Update or from Microsoft Update MS KB Security Vulnerability in Microsoft Foundation Classes could allow for MS KB Security Cumulative security update for Outlook Express and for Windows Mail MS KB Security Vulnerability in Windows Media Format could allow MS KB Security Vulnerability in Windows Active Directory could allow MS KB Security Vulnerability in Windows Media Player could allow MS KB Security Vulnerability in Vector Markup Language could allow 2009 Avaya Inc. All Rights Reserved. Page 5

6 MS KB Security Vulnerabilities in the.net Framework could allow MS KB Security Vulnerabilities in RPC could allow denial of service KB Update A microcode reliability update is available that improves the reliability of systems that use Intel processors MS KB Security Vulnerability in Windows URI Handling could allow MS KB Security Vulnerability in Windows URI Handling could allow MS KB Security Vulnerability in Windows Media file format could allow MS KB Security Vulnerability in WebDAV Mini Redirector could allow MS KB Security Description of the security update for Windows 2000, for Windows XP, for Windows Server 2003, and for Windows Vista: February 12, 2008 KB Update An update to turn off default SNP features is available for Windows Server 2003 based and Small Business Server 2003 based computers MS KB Security Vulnerability in DNS client could allow spoofing MS KB Security Critical security update of ActiveX kill bits MS KB Security Vulnerabilities in Pragmatic General Multicast (PGM) could allow denial of service MS KB Security Description of the security update for DNS in Windows Server 2003, in Windows XP, and in Windows 2000 Server (client side): July 8, 2008 MS KB Security Security update for Outlook Express and Windows Mail MS KB Security Vulnerabilities in Microsoft Windows Image Color Management could allow MS KB Security Vulnerability in Event System could allow remote code MS KB Security Description of the security update for XML Core Services 3.0: November 11, 2008 MS KB Security Vulnerability in SMB could allow remote code MS KB Security Description of the security update for Windows Media Format Runtime 7.1, 9.0, 9.5, and 11 and Media Foundation: December 9, 2008 MS KB Security Description of the security update for Windows Media Player 6.4: December 9, 2008 MS KB Security Vulnerabilities in GDI could allow remote code KB Update December 2008 cumulative time zone update for Microsoft Windows operating systems MS KB Security Vulnerability in GDI could allow remote code MS KB Security Vulnerability in the Microsoft Ancillary Function driver could allow elevation of privilege MS KB Security Vulnerabilities in SMB could allow remote code 2009 Avaya Inc. All Rights Reserved. Page 6

7 KB Update Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits MS KB Security Vulnerability in SChannel could allow spoofing MS KB Security Description of the security update for GDI+ for all editions of Windows XP, of Windows Vista, of Windows Server 2003, and of Windows Server 2008 and for Windows Server 2000 with Internet Explorer 6 SP1 MS KB Security Vulnerabilities in Windows Kernel could allow KB update How to disable the Autorun functionality in Windows MS KB Security Vulnerability in Microsoft DirectShow could allow MS KB Security Description of the security update for Windows Service Isolation: April 2009 MS KB Security Description of the security update for MSDTC Transaction Facility: April 2009 MS KB Security Vulnerabilities in Windows HTTP services could allow MS KB Security Blended threat vulnerability in SearchPath could allow elevation of privilege MS KB Security Cumulative security update for Internet Explorer MS KB Security Description of the update for Windows WordPad Converter: April 14, 2009 MS KB Security Vulnerabilities in the Windows Print Spooler could allow MS KB Security Vulnerabilities in Windows Kernel could allow elevation of privilege MS KB Security Vulnerability in RPC could allow elevation of privilege KB SP List of changes and fixed issues in the.net Framework 3.5 Service Pack 1 MS KB Security Vulnerabilities in Microsoft DirectShow could allow MS KB Security Cumulative Security Update of ActiveX Kill Bits MS KB Update Cumulative security update for Internet Explorer MS KB Security Description of the update for Windows WordPad Converter: April 14, 2009 KB Tool The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows 7, Windows Vista, Windows Server 2003, Windows Server 2008, Windows XP, or Windows 2000 August 2009 MS KB Security Vulnerabilities in the Embedded OpenType Font Engine could allow MS KB Security Cumulative security update for Internet Explorer KB Update Update Remote Desktop Connection (Terminal Services Client 6.0) KB Update Some Microsoft XPS features are not available in Windows Server 2003 and in Windows XP 2009 Avaya Inc. All Rights Reserved. Page 7

8 MS KB Security Vulnerability in the DHTML Editing Component ActiveX control could allow MS KB Security Vulnerability in SChannel could allow spoofing MS KB Security Vulnerability in Internet Information Services could allow MS KB Security Vulnerability in Internet Information Services could allow elevation of privileges MS KB Security Description of the security update for XML Core Services 6.0 KB Update All the PCL inbox printer drivers become unsigned after you install the Microsoft.NET Framework 3.5 Service Pack 1 MS KB Security Description of the security update for DNS server MS KB Security Vulnerabilities in Internet Information Services (IIS) could allow elevation of privilege KB Update Update to.net Framework 3.5 SP1 for the.net Framework Assistant 1.0 for Firefox MS KB Security Vulnerability in the Local Security Authority Subsystem Service could allow denial of service Workaround or alternative remediation Remarks Patch Notes The information in this section concerns the patch, if any, recommended in the Resolution above. Backup before applying the patch Download Patch install instructions Verification Failure Patch uninstall instructions Service-interrupting? No Security Notes The information in this section concerns the security risk, if any, represented by the topic of this PSN. Security risks Avaya Security Vulnerability Classification Not Susceptible Mitigation 2009 Avaya Inc. All Rights Reserved. Page 8

9 For additional support, contact your Authorized Service Provider. Depending on your coverage entitlements, additional support may incur charges. Support is provided per your warranty or service contract terms unless otherwise specified. Avaya Support Contact Telephone U.S. Remote Technical Services Enterprise U.S. Remote Technical Services Small Medium Enterprise U.S. Remote Technical Services BusinessPartners for Enterprise Product BusinessPartners for Small Medium Product Please contact your distributor. Canada Caribbean and Latin America Europe, Middle East, and Africa Asia Pacific Disclaimer: ALL INFORMATION IS BELIEVED TO BE CORRECT AT THE TIME OF PUBLICATION AND IS PROVIDED AS IS. AVAYA INC., ON BEHALF OF ITSELF AND ITS SUBSIDIARIES AND AFFILIATES (HEREINAFTER COLLECTIVELY REFERRED TO AS AVAYA ), DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND FURTHERMORE, AVAYA MAKES NO REPRESENTATIONS OR WARRANTIES THAT THE STEPS RECOMMENDED WILL ELIMINATE SECURITY OR VIRUS THREATS TO CUSTOMERS SYSTEMS. IN NO EVENT SHALL AVAYA BE LIABLE FOR ANY DAMAGES WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH THE INFORMATION OR RECOMMENDED ACTIONS PROVIDED HEREIN, INCLUDING DIRECT, INDIRECT, CONSEQUENTIAL DAMAGES, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF AVAYA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE INFORMATION PROVIDED HERE DOES NOT AFFECT THE SUPPORT AGREEMENTS IN PLACE FOR AVAYA PRODUCTS. SUPPORT FOR AVAYA PRODUCTS CONTINUES TO BE EXECUTED AS PER EXISTING AGREEMENTS WITH AVAYA. All trademarks identified by or TM are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners Avaya Inc. All Rights Reserved. Page 9