Cisco Event Response: Microsoft Security Bulletin Release for February 2013

February 12, 2013

Microsoft published its monthly security bulletin release on February 12, 2013. Microsoft released 12 bulletins that addressed 57 vulnerabilities. The bulletins address vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft .NET Framework, Microsoft Exchange Server, and Microsoft FAST Search Server for SharePoint. The vulnerabilities could allow an attacker to execute arbitrary code, access sensitive information, cause a denial of service condition, or gain elevated privileges.

Response Update

February 13, 2013: This document has been updated to add signatures 1939-0, 1940-0, 1941-0, and 1942-0.

Cisco Security
Intelligence Operations

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin	Cisco IntelliShield Alert	CVE ID	Cisco Mitigations	CVSS Base Score
Microsoft Security Bulletin MS13-009 Cumulative Security Update for Internet Explorer	Microsoft Internet Explorer Character Encoding Processing Information Disclosure Vulnerability	CVE-2013-0015	Cisco IPS Signature 1942-0, Cisco Security Manager	4.3
	Microsoft Internet Explorer setCapture Use-After-Free Arbitrary Code Execution Vulnerability	CVE-2013-0018	Cisco IPS Signature 1864-0, Cisco Security Manager	9.3
	Microsoft Internet Explorer ComWindowProxy Use-After-Free Arbitrary Code Execution Vulnerability	CVE-2013-0019	Cisco IPS Signature 1940-0, Cisco Security Manager	9.3
	Microsoft Internet Explorer CMarkup Use-After-Free Arbitrary Code Execution Vulnerability	CVE-2013-0020	Cisco IPS Signature 1895-0, Cisco Security Manager	9.3
	Microsoft Internet Explorer vtable Use-After-Free Arbitrary Code Execution Vulnerability	CVE-2013-0021	Cisco IPS Signature 1941-0, Cisco Security Manager	9.3
	Microsoft Internet Explorer LsGetTrailInfo Use-After-Free Arbitrary Code Execution Vulnerability	CVE-2013-0022	–	9.3
	Microsoft Internet Explorer CDispNode Use-After-Free Arbitrary Code Execution Vulnerability	CVE-2013-0023	–	9.3
	Microsoft Internet Explorer pasteHTML Use-After-Free Arbitrary Code Execution Vulnerability	CVE-2013-0024	Cisco IPS Signature 1937-0, Cisco Security Manager	9.3
	Microsoft Internet Explorer SLayoutRun Use-After-Free Arbitrary Code Execution Vulnerability	CVE-2013-0025	Cisco IPS Signature 1867-0, Cisco Security Manager	9.3
	Microsoft Internet Explorer InsertElement Use-After-Free Arbitrary Code Execution Vulnerability	CVE-2013-0026	Cisco IPS Signature 1939-0, Cisco Security Manager	9.3
	Microsoft Internet Explorer CPasteCommand Use-After-Free Arbitrary Code Execution Vulnerability	CVE-2013-0027	Cisco IPS Signature 1938-0, Cisco Security Manager	9.3
	Microsoft Internet Explorer CObjectElement Use-After-Free Arbitrary Code Execution Vulnerability	CVE-2013-0028	Cisco IPS Signature 1857-0, Cisco Security Manager	9.3
	Microsoft Internet Explorer CHTML Use-After-Free Arbitrary Code Execution Vulnerability	CVE-2013-0029	Cisco IPS Signature 1862-0, Cisco Security Manager	9.3
Microsoft Security Bulletin MS13-010 Vulnerability in Vector Markup Language Could Allow Remote Code Execution	Microsoft Internet Explorer Vector Markup Language Processing Memory Corruption Vulnerability	CVE-2013-0030	Cisco IPS Signature 1868-0, Cisco Security Manager	9.3
Microsoft Security Bulletin MS13-011 Vulnerability in Media Decompression Could Allow Remote Code Execution	Microsoft Windows DirectShow Media Decompression Handling Arbitrary Code Execution Vulnerability	CVE-2013-0070	–	9.3
Microsoft Security Bulletin MS13-012 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution	Oracle Critical Patch Update for January 2013	CVE-2013-0393 CVE-2013-0418	–	–
Microsoft Security Bulletin MS13-013 Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution	Oracle Critical Patch Update October 2012	CVE-2012-3214 CVE-2012-3217	–	–
Microsoft Security Bulletin MS13-014 Vulnerability in NFS Server Could Allow Denial of Service	Microsoft Windows NFS Server NULL Dereference Denial of Service Vulnerability	CVE-2012-1281	Cisco IOS tACL, Cisco IOS NetFlow, Cisco Security Manager	3.5
Microsoft Security Bulletin MS13-015 Vulnerability in .NET Framework Could Allow Elevation of Privilege	Microsoft .NET Framework Windows Forms Permissions Handling Arbitrary Code Execution Vulnerability	CVE-2012-0073	Cisco Application Control Engine and Module, Cisco ASA/ASASM/FWSM, Cisco Security Manager	9.3
Microsoft Security Bulletin MS13-016 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege	Microsoft Windows Multiple win32k.sys Kernel Driver Information Disclosure Vulnerabilities	CVE-2013-1248 CVE-2013-1249	–	1.7
	Microsoft Windows Multiple win32k.sys Kernel-Mode Driver Information Disclosure Vulnerabilities	CVE-2013-1250 CVE-2013-1251 CVE-2013-1252 CVE-2013-1253 CVE-2013-1254 CVE-2013-1255 CVE-2013-1256 CVE-2013-1257 CVE-2013-1258 CVE-2013-1259 CVE-2013-1260 CVE-2013-1261 CVE-2013-1262 CVE-2013-1263 CVE-2013-1264 CVE-2013-1265 CVE-2013-1266 CVE-2013-1267 CVE-2013-1268 CVE-2013-1269 CVE-2013-1270 CVE-2013-1271 CVE-2013-1272 CVE-2013-1273 CVE-2013-1274 CVE-2013-1275 CVE-2013-1276 CVE-2013-1277	–	1.7
Microsoft Security Bulletin MS13-017 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution	Microsoft Windows Kernel Memory Object Handling Privilege Escalation Vulnerability	CVE-2013-1278	–	6.8
	Microsoft Windows Kernel Memory Processing Privilege Escalation Vulnerability	CVE-2013-1279	–	6.8
	Microsoft Windows Kernel Reference Count Handling Privilege Escalation Vulnerability	CVE-2013-1280	–	6.8
Microsoft Security Bulletin MS13-018 Vulnerability in Windows TCP/IP Could Allow Denial Of Service	Microsoft Windows TCP/IP Packet Processing Denial of Service Vulnerability	CVE-2012-0075	–	5.0
Microsoft Security Bulletin MS13-019 Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege	Microsoft Windows Client/Server Runtime Subsystem Reference Count Handling Privilege Escalation Vulnerability	CVE-2012-0076	–	6.8
Microsoft Security Bulletin MS13-020 Vulnerability in OLE Automation Could Allow Remote Code Execution	Microsoft Windows Object Linking and Embedding Automation File Parsing Arbitrary Code Execution Vulnerability	CVE-2012-1313	–	9.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco Intrusion Prevention System (IPS) signatures; Cisco IOS NetFlow; Cisco ACE Application Control Engine and Module; firewall inspection, normalization, and access control lists; and Cisco Security Manager are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for February 2013

Cisco Security Manager helps enable enterprises to manage and scale security operations efficiently and accurately. Its end-to-end tools provide consistent policy enforcement, quick troubleshooting of security events, and summarized reports from across the security deployment.

Cisco NAC Appliance (formerly Cisco Clean Access) uses your organization's network infrastructure to enforce security policy compliance on all devices that attempt to gain access.

Cisco Identity Services Engine gathers information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network. It provides network visibility for advanced discovery and troubleshooting and combines authentication, authorization, and accounting (AAA), posture, profiling, and guest management.

Impact on Cisco Products

Customers should evaluate the Microsoft security bulletins and associated software updates for any potential impacts to Cisco Contact Center products. Please refer to the Cisco Customer Contact Software Policy for Using Microsoft Security Updates on Products Deployed on a Retail Installation of Windows Operating System for additional information.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.