Cisco Event Response: Microsoft Security Bulletin Release for March 2012

March 13, 2012

Microsoft published its monthly security bulletin release on March 13, 2012. Microsoft released six bulletins that addressed seven vulnerabilities. The bulletins address vulnerabilities in Microsoft Windows operating systems, Microsoft Visual Studio, and Microsoft Expression Design. The vulnerabilities could allow an attacker to gain escalated privileges, cause a denial of service condition, or execute code on a targeted system.


Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin

Cisco IntelliShield Alert

Description: Search CVEs

Cisco Mitigations

Base Score
Description: CVSS Q&A

Microsoft Security Bulletin MS12-017

Vulnerability in DNS Server Could Allow Denial of Service

Microsoft Windows DNS Server Denial of Service Vulnerability


Cisco IOS uRPF, Cisco IOS NetFlow, Cisco IPS Signature 1038-0


Microsoft Security Bulletin MS12-018

Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

Microsoft Windows Kernel PostMessage Function Privilege Escalation Vulnerability



Microsoft Security Bulletin MS12-019

Vulnerability in DirectWrite Could Allow Denial of Service

Microsoft Windows DirectWrite Denial of Service Vulnerability



Microsoft Security Bulletin MS12-020

Vulnerabilities in Remote Desktop Could Allow Remote Code Execution

Microsoft Windows Remote Desktop Uninitialized Memory Access Arbitrary Code Execution


Cisco IOS tACL, Cisco IOS NetFlow, Cisco ASA/ASASM/FWSM, Cisco Security Manager, Cisco IPS signature 1039-0


Microsoft Windows Remote Desktop Denial of Service Vulnerability


Cisco IOS tACL, Cisco IOS NetFlow, Cisco ASA/ASASM/FWSM, Cisco Security Manager


Microsoft Security Bulletin MS12-021

Vulnerability in Visual Studio Could Allow Elevation of Privilege

Microsoft Visual Studio Insecure Add-in Loading Privilege Escalation Vulnerability



Microsoft Security Bulletin MS12-022

Vulnerability in Expression Design Could Allow Remote Code Execution

Microsoft Expression Design Insecure Library Loading Arbitrary Code Execution Vulnerability

CVE-2012-0016 Cisco IOS tACL, Cisco IOS NetFlow, Cisco ASA/ASASM/FWSM, Cisco Security Manager, Cisco IPS Signature 31979-0 9.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco IOS access control lists; Cisco Intrusion Prevention System (IPS) signatures; Cisco IOS NetFlow; and Cisco ACE Application Control Engine are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for March 2012

Cisco Security Manager helps enable enterprises to manage and scale security operations efficiently and accurately. Its end-to-end tools provide consistent policy enforcement, quick troubleshooting of security events, and summarized reports from across the security deployment.

Cisco NAC Appliance (formerly Cisco Clean Access) uses your organization's network infrastructure to enforce security policy compliance on all devices that attempt to gain access.

Cisco Identity Services Engine gathers information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network. It provides network visibility for advanced discovery and troubleshooting and combines authentication, authorization, and accounting (AAA), posture, profiling, and guest management.

Impact on Cisco Products

Customers should evaluate the Microsoft security bulletins and associated software updates for any potential impacts to Cisco Contact Center products. Please refer to the Cisco Customer Contact Software Policy for Using Microsoft Security Updates on Products Deployed on a Retail Installation of Windows Operating System for additional information.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.