CallPilot Server Security Update and MS08-067 - Nortel Response
October 24th, 2008The attached is an advanced copy of a new bulletin that will be posted to the Partner Information Center (PIC) (http://my.nortel.com) and Technical Support (www.nortel.com/support) websites soon. It supplements a recent Clarify Security Advisory bulletin, providing the latest CallPilot-specific server security information as it pertains to Microsoft Security advisory bulletin for MS08-067. This newly disclosed vulnerability is potentially wormable and viewed to be a highly critical problem.
Nortel has successfully completed testing and approves application of the security update to CallPilot release 3.0, 4.0, and 5.0 servers. Full details are within the attached bulletin.
P-2008-0008-Global-Rev10: CallPilot Server Security Update
CallPilot Server Security Update (1002.3 KiB)
You need to log in to download this file.
As well, the following two additional updates may be offered by Windows Update and are authorized for application to servers (reference Appendix-D).
KB956391 - Cumulative Security Update for ActiveX Killbits for Windows Server
KB890830 - Windows Malicious Software Removal Tool - October 2008
Important note: KB951072, also offered up by Windows Update, CANNOT be applied to the server at this time. KB951072 is a cumulative time zone update for Microsoft Windows Operating systems and deals with time zone/DST changes in:
- Baghdad, Iraq DST change
- Argentina, new time zone
- Santiago, Chile DST change
- Morocco and Pakistan, new time zones with DST change
Further guidance on this DST update will be made available once additional testing and CallPilot updates have been completed.
Notes regarding the approved security updates for CallPilot 3.0/4.0/5.0 servers:
- Only apply Windows Server 2003/Service Pack 2 (SP2) via the CallPilot PEPs as documented
- Apply the latest Security Update PEP** for additional hardening beyond Microsoft security updates
- Apply additional approved Microsoft security updates using Windows Update directly from the server
- Apply additional approved Windows Server 2003 updates as outlined in Appendix-D (if prompted)
- DO NOT install IE 7
You must be logged in to post a comment.