Cisco Event Response: Microsoft Security Bulletin Release for December 2013

December 10, 2013

Microsoft published its monthly security bulletin release on December 10, 2013. Microsoft released eleven bulletins that addressed 24 vulnerabilities. The bulletins address vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Exchange Server, Microsoft Sharepoint Server, and Microsoft Office. The vulnerabilities could allow an attacker to execute arbitrary code, cause a denial of service condition, gain access to sensitive information, or gain elevated privileges.


Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS13-096

Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution

Multiple Microsoft Products Graphics Component Remote Code Execution Vulnerability
CVE-2013-3906
9.3

Microsoft Security Bulletin MS13-097

Cumulative Security Updates for Internet Explorer

Microsoft Internet Explorer Enhanced Protected Mode Security Protection Bypass Vulnerability
CVE-2013-5045
4.3
Microsoft Internet Explorer Enhanced Protected Mode Security Protection Bypass Vulnerability
CVE-2013-5046
4.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-5047
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-5048
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-5049
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-5051
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-5052
9.3

Microsoft Security Bulletin MS13-098

Vulnerability in Windows Could Allow Remote Code Execution

Microsoft Windows WinVerifyTrust Function Authenticode Signature Verifcation Bypass Vulnerability
CVE-2013-3900
7.6

Microsoft Security Bulletin MS13-099

Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution

Microsoft Windows Scripting Host Use-After-Free Vulnerability
CVE-2013-5056
9.3

Microsoft Security Bulletin MS13-100

Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution

Microsoft SharePoint Server Page Processing Arbitrary Code Execution Vulnerability
CVE-2013-5059
6.5

Microsoft Security Bulletin MS13-101

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

Microsoft Windows win32k.sys Kernel-Mode Driver Integer Overflow Vulnerability
CVE-2013-3899
6.8
Microsoft Windows Win32k.sys Kernel-Mode Driver Use-After-Free Vulnerability
CVE-2013-3902
6.8
Microsoft Windows Win32k.sys Kernel-Mode Driver TrueType Font Parsing Denial of Service Vulnerability
CVE-2013-3903
7.1
Microsoft Windows Audio Port portcls.sys Kernel-Mode Driver Privilege Escalation Vulnerability
CVE-2013-3907
6.8
Microsoft Windows Win32k.sys Kernel-Mode Driver Integer Overflow Vulnerability
CVE-2013-5058
4.6

Microsoft Security Bulletin MS13-102

Vulnerability in Windows Local Procedure Call Could Allow Elevation of Privilege

Microsoft Windows Local Procedure Call Server Message Processing Buffer Overflow Vulnerability
CVE-2013-3878
7.2

Microsoft Security Bulletin MS13-103

Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege

Microsoft ASP.NET SignalR Cross-Site Scripting Vulnerability
CVE-2013-5042
4.3

Microsoft Security Bulletin MS13-104

Vulnerability in Microsoft Office Could Allow Information Disclosure

Microsoft Office Access Token Disclosure Vulnerability
CVE-2013-5054
4.3

Microsoft Security Bulletin MS13-105

Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution

Microsoft SharePoint Server Machine Authentication Check Validation Arbitrary Code Execution Vulnerability
CVE-2013-1330
10.0
Oracle Outside In OS/2 Metafile Parser Stack Buffer Overflow Vulnerability
CVE-2013-5763
6.4
Microsoft Exchange Outlook Web Access Cross-Site Scripting Vulnerability
CVE-2013-5072
4.3
Oracle Outside In Microsoft Access 1.x Parse Stack Buffer Overflow Vulnerability
CVE-2013-5791
6.4

Microsoft Security Bulletin MS13-106

Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass

Microsoft Office Address Space Layout Randomization Bypass Issue
CVE-2013-5057

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco Intrusion Prevention System (IPS) signatures; Cisco ACE Application Control Engine and Module; and Cisco ASA/ASA-SM/FWSM firewalls are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for December 2013

Cisco Security Manager helps enable enterprises to manage and scale security operations efficiently and accurately. Its end-to-end tools provide consistent policy enforcement, quick troubleshooting of security events, and summarized reports from across the security deployment.

Cisco NAC Appliance (formerly Cisco Clean Access) uses your organization's network infrastructure to enforce security policy compliance on all devices that attempt to gain access.

Cisco Identity Services Engine gathers information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network. It provides network visibility for advanced discovery and troubleshooting and combines authentication, authorization, and accounting (AAA), posture, profiling, and guest management.

Impact on Cisco Products

Customers should evaluate the Microsoft security bulletins and associated software updates for any potential impacts to Cisco Contact Center products. Please refer to the Cisco Customer Contact Software Policy for Using Microsoft Security Updates on Products Deployed on a Retail Installation of Windows Operating System for additional information.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.