Cisco Event Response: Microsoft Security Bulletin Release for April 2011

April 12, 2011

Microsoft published its monthly security bulletin release on April 12, 2011. Seventeen bulletins were released that address sixty-four individual vulnerabilities. The bulletins address vulnerabilities in Microsoft Excel, the Microsoft Foundation Class (MFC) Library, Microsoft Internet Explorer, Microsoft .Net Framework, Microsoft Office, Microsoft PowerPoint, and Microsoft Windows. The most severe of the vulnerabilities could allow an attacker to execute arbitrary code on a targeted system.

 


Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS11-018

Cumulative Security Update for Internet Explorer

Microsoft Internet Explorer Layout Handling Memory Corruption Vulnerability
CVE-2011-0094
Cisco IPS Signature 35245-0
Cisco Security MARS
9.3
Microsoft Internet Explorer MHTML Handling Use-After-Free Vulnerability
CVE-2011-0346
-
9.3
Microsoft Internet Explorer Frame Tag Information Disclosure Vulnerability
CVE-2011-1244
-
5.8
Microsoft Internet Explorer JavaScript Information Disclosure Vulnerability
CVE-2011-1245

Cisco IPS Signature 35367-0
Cisco Security MARS

4.3
Microsoft Internet Explorer Object Management Memory Corruption Vulnerability
CVE-2011-1345
Cisco IPS Signature 35386-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS11-019

Vulnerabilities in SMB Client Could Allow Remote Code Execution

Microsoft Internet Explorer Object Management Memory Corruption Vulnerability
CVE-2011-0654

Cisco IPS Signature 35125-0
Cisco IOS tACL
Cisco ASA/FWSM
Cisco IOS NetFlow
Cisco Security MARS

10.0
Microsoft Windows SMB Client Response Processing Arbitrary Code Execution Vulnerability
CVE-2011-0660
Cisco IOS tACL
Cisco ASA/FWSM
Cisco IOS NetFlow
9.3

Microsoft Security Bulletin MS11-020

Vulnerability in SMB Server Could Allow Remote Code Execution

Microsoft Windows Server Message Block Server Packet Processing Arbitrary Code Execution Vulnerability
CVE-2011-0661
Cisco IOS tACL
Cisco ASA/FWSM
Cisco IOS NetFlow
10.0

Microsoft Security Bulletin MS11-021

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution

Microsoft Office Excel Integer Overrun Vulnerability
CVE-2011-0097
Cisco IPS Signature 35527-0
Cisco Security MARS
9.3
Microsoft Office Excel Heap Overflow Vulnerability
CVE-2011-0098
Cisco IPS Signature 35509-0
Cisco Security MARS
9.3
Microsoft Office Excel Array Indexing Vulnerability
CVE-2011-0978
Cisco IPS Signature 35466-0
Cisco Security MARS
9.3

Microsoft Office Excel Linked Corruption Vulnerability

CVE-2011-0979
Cisco IPS Signature 35466-0
Cisco Security MARS
9.3

Microsoft Office Excel Dangling Pointer Vulnerability

CVE-2011-0980
Cisco IPS Signature 35427-0
Cisco Security MARS
9.3
Microsoft Office Excel Record Parsing WriteAV Vulnerability
CVE-2011-0101
Cisco IPS Signature 35426-0
Cisco Security MARS
9.3
Microsoft Office Excel Memory Corruption Vulnerability
CVE-2011-0103
Cisco IPS Signature 35366-0
Cisco Security MARS
9.3
Microsoft Office Excel Record Processing Buffer Overflow Vulnerability
CVE-2011-0104
Cisco IPS Signature 35428-0
Cisco Security MARS
9.3
Microsoft Office Excel Variable Initialization Arbitrary Code Execution Vulnerability
CVE-2011-0105
9.3

Microsoft Security Bulletin MS11-022

Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution

Microsoft Office Powerpoint OfficeArt Atom Processing Remote Code Execution Vulnerability
CVE-2011-0976
9.3
Microsoft Office PowerPoint Invalid Record Processing Arbitrary Code Execution Vulnerability
CVE-2011-0656
9.3
Microsoft Office PowerPoint Record Processing Arbitrary Code Execution Vulnerability
CVE-2011-0655
9.3

Microsoft Security Bulletin MS11-023

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

Microsoft Office Component Library Loading Vulnerability
CVE-2011-0977
Cisco IPS Signature 35145-0
Cisco Security MARS
9.3
Microsoft Office Graphic Object Processing Vulnerability
CVE-2011-0107
Cisco IPS Signature 31419-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS11-024

Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution

Microsoft Windows Fax Cover Page Editor Arbitrary Code Execution Vulnerability
CVE-2010-3974
Cisco IPS Signature 35306-0
Cisco ASA/FWSM
Cisco ACE
Cisco Security MARS
9.3

Microsoft Security Bulletin MS11-025

Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution

Microsoft MFC Library Arbitrary Code Execution Vulnerability
CVE-2010-3190
Cisco IPS Signature 31419-0
Cisco IOS tACL
Cisco ASA/FWSM
Cisco IOS NetFlow
Cisco ACE
Cisco Security MARS
9.3

Microsoft Security Bulletin MS11-026

Vulnerability in MHTML Could Allow Information Disclosure

Microsoft Windows MHTML Protocol Handler Script Execution Vulnerability
CVE-2011-0096
Cisco IPS Signature 33379-0
Cisco Security MARS
5.8

Microsoft Security Bulletin MS11-027

Cumulative Security Update for ActiveX Kill Bits

Microsoft Internet Explorer Developer Tools ActiveX Control Arbitrary Code Execution Vulnerability
CVE-2010-0811
Cisco IPS Signature 26202-0
Cisco ASA/FWSM
Cisco ACE
Cisco Security MARS
9.3
Microsoft WMI Administrative Tools Object Viewer ActiveX Control Arbitrary Code Execution Vulnerability
CVE-2010-3973
Cisco IPS Signature 35507-0
Cisco ASA/FWSM
Cisco ACE
Cisco Security MARS
9.3
Microsoft Windows Messenger ActiveX Control Arbitrary Code Execution Vulnerability
CVE-2011-1243
Cisco IPS Signature 35506-0
Cisco ASA/FWSM
Cisco ACE
Cisco Security MARS
9.3

Microsoft Security Bulletin MS11-28

Vulnerability in .NET Framework Could Allow Remote Code Execution

Microsoft Windows .NET Framework Stack Corruption Vulnerability
CVE-2011-3958
9.3

Microsoft Security Bulletin MS11-029

Vulnerability in GDI+ Could Allow Remote Code Execution

Microsoft Windows GDI+ EMF Image Processing Integer Overflow Vulnerability
CVE-2011-0041
Cisco IPS Signature 35205-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS11-030

Vulnerability in DNS Client Service Could Allow Remote Code Execution

Microsoft Windows DNS Client Service Arbitrary Code Execution Vulnerability
CVE-2011-0657
Cisco IPS Signature 35327-0
Cisco IOS tACL
Cisco ASA/FWSM
Cisco IOS NetFlow
Cisco Security MARS
10.0

Microsoft Security Bulletin MS11-031

Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution

Microsoft Windows Scripting Engine Memory Corruption Vulnerability
CVE-2011-0663
9.3

Microsoft Security Bulletin MS11-032

Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution

Microsoft Windows OpenType Compact Font Format Driver Arbitrary Code Execution Vulnerability
CVE-2011-0034
Cisco ASA/FWSM
Cisco ACE
9.3

Microsoft Security Bulletin MS11-033

Vulnerability in WordPad Text Converters Could Allow Remote Code Execution

Microsoft Office WordPad Converters Arbitrary Code Execution Vulnerability
CVE-2011-0028
Cisco IPS Signature 35326-0
Cisco Security MARS
9.3

Microsoft Security Bulletin MS11-034

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

Microsoft Windows Kernel Local Privilege Escalation Vulnerability
CVE-2011-0662
6.8

Microsoft Windows Kernel Driver Privilege Escalation Vulnerability

CVE-2011-0665
6.8

Microsoft Windows Kernel Driver Privilege Elevation Vulnerability

CVE-2011-0666
6.8

Microsoft Windows win32k.sys Kernel Driver Privilege Escalation Vulnerability

CVE-2011-0667
6.8

Microsoft Windows Kernel Device Driver Privilege Escalation Vulnerability

CVE-2011-0670
6.8

Microsoft Windows Kernel Device Driver Privilege Elevation Vulnerability

CVE-2011-0671
6.8

Microsoft Windows Kernel Device Driver Use-After-Free Vulnerability

CVE-2011-0672
6.8

Microsoft Windows Kernel Device Driver Null Pointer Dereference Vulnerability

CVE-2011-0673
6.8

Microsoft Windows Kernel Device Driver Null Pointer Dereference Vulnerability

CVE-2011-0674
6.8

Microsoft Windows win32k.sys Kernel Device Driver Use After Free Vulnerability

CVE-2011-0675
6.8

Microsoft Windows win32k.sys Kernel Driver Null Pointer Dereference Vulnerability

CVE-2011-0676
6.8

Microsoft Windows win32k.sys Kernel Device Driver Null Pointer Dereference Vulnerability

CVE-2011-0677
6.8

Microsoft Windows Kernel win32k.sys Device Driver Null Pointer Dereference Vulnerability

CVE-2011-1225
6.8

Microsoft Windows Kernel win32k.sys Driver Null Pointer Dereference Vulnerability

CVE-2011-1226
6.8

Microsoft Windows Kernel Null Pointer Dereference Local Privilege Escalation Vulnerability

CVE-2011-1227
6.8

Microsoft Windows Kernel Null Pointer Dereference Local Privilege Elevation Vulnerability

CVE-2011-1228
6.8

Microsoft Windows Kernel Driver Null Pointer Dereference Local Privilege Escalation Vulnerability

CVE-2011-1229
6.8

Microsoft Windows Kernel Driver Null Pointer Dereference Local Privilege Elevation Vulnerability

CVE-2011-1230
6.8

Microsoft Windows Kernel win32k.sys Driver Null Pointer Dereference Local Privilege Escalation Vulnerability

CVE-2011-1231
6.8

Microsoft Windows Kernel win32k.sys Driver Null Pointer Dereference Local Privilege Elevation Vulnerability

CVE-2011-1232
6.8

Microsoft Windows win32k.sys Kernel Device Driver Null Pointer Dereference Local Privilege Escalation Vulnerability

CVE-2011-1233
6.8

Microsoft Windows Kernel Driver Use-After-Free Privilege Escalation Vulnerability

CVE-2011-1234
6.8

Microsoft Windows Kernel Driver Use-After-Free Privilege Elevation Vulnerability

CVE-2011-1235
6.8

Microsoft Windows Kernel Device Driver Use-After-Free Privilege Escalation Vulnerability

CVE-2011-1236
6.8

Microsoft Windows Kernel Device Driver Use-After-Free Privilege Elevation Vulnerability

CVE-2011-1237
6.8

Microsoft Windows Kernel win32k.sys Driver Use-After-Free Privilege Escalation Vulnerability

CVE-2011-1238
6.8

Microsoft Windows Kernel win32k.sys Driver Use-After-Free Privilege Elevation Vulnerability

CVE-2011-1239
6.8

Microsoft Windows Kernel win32k.sys Device Driver Use-After-Free Privilege Escalation Vulnerability

CVE-2011-1240
6.8

Microsoft Windows Kernel win32k.sys Driver Privilege Escalation Vulnerability

CVE-2011-1241
Cisco IPS Signature 35387-0
Cisco Security MARS
6.8

Microsoft Windows Kernel Privilege Escalation Vulnerability

CVE-2011-1242
Cisco IPS Signature 35406-0
Cisco Security MARS
6.8

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco IOS access control lists; Cisco Intrusion Prevention System (IPS) signatures; Cisco IOS NetFlow; Cisco Security Monitoring, Analysis, and Response System Incidents; Cisco ACE Application Control Engine; and firewall inspection, normalization, and access control lists are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for April 2011

Impact on Cisco Products

Impact Assessment of April 2011 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products
Impact Assessments for Cisco Contact Center and Self Service Products evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.