Resources
Cooper Industries > Cooper Power Systems > Resources  >  Security Support

Security Support

The vast majority of reported cyber incidents result from attacks that target known vulnerabilities in operating systems. In most cases, software updates and mitigating measures had already been published but had not been applied.

Timely patch management is thus a key requirement in ensuring the continued safe operation of control systems. For this reason, NERC CIP-007 R3 requires that utilities implement a Security Patch Management program for tracking, evaluating, testing, and installing applicable cyber security software patches for all Cyber Assets within the Electronic Security Perimeter.

Many of Cooper Power Systems products are based on Microsoft technology. Microsoft publishes security updates for its operating systems and applications on a regular basis. However, the deployment of a security update is a costly operation that can result in disruption of service. The decision that a utility needs to make is whether the cost of the update outweighs the risk faced from a potential attack stemming from an unpatched system.

As part of its program to help utilities meet NERC CIP requirements, Cooper Power Systems evaluates the applicability of Microsoft security updates to its products with the goal of providing utilities with a recommendation within 10 days of release.

Show all     Hide all

  • Report Definitions

    Report Definitions

    • Notification Date: Date that the Cooper Power Systems was notified of the Microsoft security update.
    • Current Status: Current status of testing by Cooper Power Systems. (Not Tested, Evaluating, Testing, Testing Complete)
    • Test Complete Date: Date that Cooper Power Systems completed the testing. If no testing is completed, an value of N/A is entered.
    • Affected Software: Microsoft operating systems and software affected by the security update.
    • Cooper Power Systems Recommendation: Whether or not the security update is recommended by Cooper Power Systems. (Hold, Do Not Install, Install, Install Optional).

  • Microsoft Patch Report

    Title Description Recommendation
    MS12-029 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352) Install Optional
    MS12-030 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830) Install Optional
    MS12-031 Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981) Install Optional
    MS12-032 Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338) Install
    MS12-033 Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533) Install
    MS12-034 Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) Install
    MS12-035 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777) Install

    April 2012

    Title Description Recommendation
    MS12-023 Cumulative Security Update for Internet Explorer (2675157) Install
    MS12-024 Vulnerability in Windows Could Allow Remote Code Execution (2653956) Install
    MS12-025 Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605) Install
    MS12-026 Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860) Not Applicable
    MS12-027 Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258) Install
    MS12-028 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185) Install Optional

    March 2012

    Title
    		 Description
    		 Recommendation
    MS12-017 Vulnerability in DNS Server Could Allow Denial of Service (2647170) Not Applicable
    MS12-018 Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653) Install
    MS12-019 Vulnerability in DirectWrite Could Allow Denial of Service (2665364) Install
    MS12-020 Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387) Install
    MS12-021 Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019) Not Applicable
    MS12-022 Vulnerability in Expression Design Could Allow Remote Code Execution (2651018) Not Applicable

    February 2012

    Title
    		 Description
    		 Recommendation

    MS12-008

    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465) 

    Install

    MS12-009

    Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640) 

    Install

    MS12-010

    Cumulative Security Update for Internet Explorer (2647516) 

    Install

    MS12-011

    Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841) 

    Install Optional

    MS12-012

    Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719) 

    Install

    MS12-013

    Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428) 

    Install

    MS12-014

    Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637) 

    Install

    MS12-015

    Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510) 

    Install Optional

    MS12-016

    Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026) 

    Install

    January 2012

    Title
    		 Description
    		 Recommendation
    MS11-100 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) Install
    MS12-001 Vulnerability in Windows Kernel Could Allow Security
    Feature Bypass (2644615)     		Install
    MS12-002 Vulnerability in Windows Object Packager Could Allow
    Remote Code Execution (2603381)     		Install
    MS12-003 Vulnerability in Windows Client/Server Run-time
    Subsystem Could Allow Elevation of Privilege (2646524)     		Install
    MS12-004 Vulnerabilities in Windows Media Could Allow Remote
    Code Execution (2636391)     		Install
    MS12-005 Vulnerability in Microsoft Windows Could Allow Remote
    Code Execution (2584146)     		Install
    MS12-006 Vulnerability in SSL/TLS Could Allow Information
    Disclosure (2643584)     		Install
    MS12-007 Vulnerability in AntiXSS Library Could Allow Information
    Disclosure (2607664)     		Not Applicable

    December 2011 Report

    Title Description Recommendation
    MS11-087 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)  Install
    MS11-088 Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)  Install Optional
    MS11-089 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)  Install 
    MS11-090 Cumulative Security Update of ActiveX Kill Bits (2618451)  Install
    MS11-091 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)  Install Optional
    MS11-092 Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)  Install
    MS11-093 Vulnerability in OLE Could Allow Remote Code Execution (2624667)  Install
    MS11-094 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)  Install Optional
    MS11-095 Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)  Install
    MS11-096 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)  Install Optional
    MS11-097 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)  Install
    MS11-098 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)  Install
    MS11-099 Cumulative Security Update for Internet Explorer (2618444)  Install

    November 2011 Report

    Title
    		 Description
    		 Recommendation
    MS11-083
         		Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Install
    MS11-084
    		 Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) Install
    MS11-085
    		 Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) Install
    MS11-086
    		 Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) Not Applicable

    October 2011 Report

    Title Description Recommendation

    MS11-075

    Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)

    Install

    MS11-076

    Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)

    Install

    MS11-077

    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)

    Install

     MS11-078

    Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)

    Install

    MS11-079

    Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)

    Install Optional

    MS11-080

    Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)

    Install

    MS11-081

    Cumulative Security Update for Internet Explorer (2586448)

    Install

    MS11-082

    Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)

    Not Applicable

    September 2011 Report

    Title Description Recommendation
    MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege Install Optional
    MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution Install
    MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution Install Optional
    MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution Install Optional
    MS11-074 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege Install Optional

    August 2011 Report

    Title Description Recommendation
    MS11-057 Cumulative Security Update for Internet Explorer (2559049) Install
    MS11-058 Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485) Not Applicable
    MS11-059 Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656) Install
    MS11-060 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978) Not Applicable
    MS11-061 Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250) Not Applicable
    MS11-062 Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454) Install
    MS11-063 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680) Install
    MS11-064 Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894) Install
    MS11-065 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222) Install
    MS11-066 Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943) Install
    MS11-067 Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230) Not Applicable
    MS11-068 Vulnerability in Windows Kernel Could Allow Denial of Service (2556532) Install
    MS11-069 Vulnerability in .NET Framework Could Allow Information Disclosure (2567951) Install

    July 2011 Report

    Title Description Recommendation
    MS11-053 Vulnerability in Bluetooth Stack Could Allow Remote Code Execution Install
    MS11-054 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege Install
    MS11-055 Vulnerability in Microsoft Visio Could Allow Remote Code Execution Not Applicable
    MS11-056 Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege Install