Cisco Event Response: Microsoft Security Bulletin Release for April 2013

April 9, 2013

Microsoft published its monthly security bulletin release on April 9, 2013. Microsoft released nine bulletins that addressed 14 vulnerabilities. The bulletins address vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft SharePoint Server, and Microsoft Defender. The vulnerabilities could allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, access sensitive information, cause a denial of service condition, or gain elevated privileges.

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
Search CVEs
Cisco Mitigations
Base Score

Microsoft Security Bulletin MS13-028

Cumulative Security Update for Internet Explorer

Microsoft Internet Explorer Memory Object Handling Use-After-Free Arbitrary Code Execution Vulnerability
Microsoft Internet Explorer Memory Object Processing Use-After-Free Arbitrary Code Execution Vulnerability

Microsoft Security Bulletin MS13-029

Vulnerability in Remote Desktop Client Could Allow Remote Code Execution

Microsoft Windows Remote Desktop Protocol ActiveX Control Arbitrary Code Execution Vulnerability
ASA/ASASM/FWSM App Inspection, Cisco ACE App Inspection, Cisco IPS Signature 2092-0, Cisco Security Manager

Microsoft Security Bulletin MS13-030

Vulnerability in SharePoint Could Allow Information Disclosure

Microsoft SharePoint Enterprise Server Unauthorized Access Information Disclosure Vulnerability

Microsoft Security Bulletin MS13-031

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege

Microsoft Windows Kernel Memory Object Processing Privilege Escalation Vulnerability
Microsoft Windows Kernel Memory Object Handling Privilege Escalation Vulnerability

Microsoft Security Bulletin MS13-032

Vulnerability in Active Directory Could Lead to Denial of Service

Microsoft Windows Active Directory Component Memory Handling Denial of Service Vulnerability
Cisco IOS tACLs, ASA/ASASM/FWSM tACLs, Cisco IPS Signature 2095-0, Cisco Security Manager

Microsoft Security Bulletin MS13-033

Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege

Microsoft Windows Client/Server Runtime Subsystem Memory Corruption Vulnerability

Microsoft Security Bulletin MS13-034

Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege

Microsoft Windows Defender Pathname Processing Privilege Escalation Vulnerability

Microsoft Security Bulletin MS13-035

Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege

Microsoft SharePoint Server HTML String Processing Cross-Site Scripting Vulnerability
Cisco IPS Signature 2088-0, Cisco Security Manager

Microsoft Security Bulletin MS13-036

Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege

Microsoft Windows Win32k Kernel Driver Memory Object Processing Privilege Escalation Vulnerability
Microsoft Windows Kernel OpenType Font Parsing Denial of Service Vulnerability
Microsoft Windows Win32k Kernel Driver Memory Object Handling Privilege Escalation Vulnerability
Microsoft Windows NTFS Kernel Driver Memory Object Processing Privilege Escalation Vulnerability

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco IOS access control lists; Cisco Intrusion Prevention System (IPS) signatures; Cisco IOS NetFlow; Cisco ACE Application Control Engine and Module; and firewall inspection, normalization, and access control lists are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for April 2013

Security Intelligence Tactical Resources help organizations secure business applications and processes by identifying, preventing, and adapting to threats. Understanding Cross-Site Scripting (XSS) Threat Vectors and Understanding Cross-Site Request Forgery Threat Vectors will provide operators and administrators with knowledge about cross-site exploitation related to MS13-029 and MS13-035.

Cisco Security Manager helps enable enterprises to manage and scale security operations efficiently and accurately. Its end-to-end tools provide consistent policy enforcement, quick troubleshooting of security events, and summarized reports from across the security deployment.

Cisco NAC Appliance (formerly Cisco Clean Access) uses your organization's network infrastructure to enforce security policy compliance on all devices that attempt to gain access.

Cisco Identity Services Engine gathers information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network. It provides network visibility for advanced discovery and troubleshooting and combines authentication, authorization, and accounting (AAA), posture, profiling, and guest management.

Impact on Cisco Products

Customers should evaluate the Microsoft security bulletins and associated software updates for any potential impacts to Cisco Contact Center products. Please refer to the Cisco Customer Contact Software Policy for Using Microsoft Security Updates on Products Deployed on a Retail Installation of Windows Operating System for additional information.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.