Cisco Event Response: Microsoft Security Bulletin Release for January 2014

January 14, 2014

Microsoft published its monthly security bulletin release on January 14, 2014. Microsoft released four bulletins that addressed six vulnerabilities. The bulletins address vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Dynamics. The vulnerabilities could allow an attacker to execute arbitrary code, cause a denial of service condition, or gain elevated privileges.



Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS14-001

Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution

Microsoft Office Word Memory Corruption Vulnerability

CVE-2014-0258
Cisco Sourcefire Next-Generation IPS
9.3

Microsoft Office Word Memory Corruption Vulnerability

CVE-2014-0259
Cisco Sourcefire Next-Generation IPS
9.3
Microsoft Office Word Memory Corruption Vulnerability
CVE-2014-0260
Cisco Sourcefire Next-Generation IPS
9.3

Microsoft Security Bulletin MS14-002

Vulnerability in Windows Kernel Could Allow Elevation of Privilege

Microsoft Windows NDProxy Local Code Execution Vulnerability
CVE-2013-5065
Cisco Sourcefire Next-Generation IPS
7.2

Microsoft Security Bulletin MS14-003

Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

Microsoft Windows Win32k Kernel Driver Window Handle Thread Processing Privilege Escalation Vulnerability
CVE-2014-0262
6.8

Microsoft Security Bulletin MS14-004

Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service

Microsoft Dynamics AX Denial of Service Vulnerability
CVE-2014-0261
3.5

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco Sourcefire Next-Generation Intrusion Prevention System (IPS) signatures are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for January 2014

Impact on Cisco Products

Customers should evaluate the Microsoft security bulletins and associated software updates for any potential impacts to Cisco Contact Center products. Please refer to the Cisco Customer Contact Software Policy for Using Microsoft Security Updates on Products Deployed on a Retail Installation of Windows Operating System for additional information.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.