Cisco Event Response: Microsoft Security Bulletin Release for July 2013

July 9, 2013

Microsoft published its monthly security bulletin release on July 9, 2013. Microsoft released seven bulletins that addressed 34 vulnerabilities. The bulletins address vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Defender, Microsoft .NET, Microsoft Silverlight, and Microsoft Windows Media Player. The vulnerabilities could allow an attacker to execute arbitrary code, cause a denial of service condition, or gain elevated privileges.


Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS13-052

Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution

Microsoft Windows TrueType Font Processing Arbitrary Code Execution Vulnerability
CVE-2013-3129
Cisco IOS, Cisco ASA/ASA-SM/FWSM, Cisco ACE, Cisco Security Manager
9.3
Microsoft .NET Framework Array Processing Arbitrary Code Execution Vulnerability
CVE-2013-3131
Cisco IPS Signature 2469-0, Cisco Security Manager
9.3
Microsoft .NET Framework Object Processing Arbitrary Code Execution Vulnerability
CVE-2013-3132
9.3
Microsoft .NET Framework Object Permission Security Bypass Vulnerability
CVE-2013-3133
9.3
Microsoft .NET Framework Array Handling Arbitrary Code Execution Vulnerability
CVE-2013-3134
9.3
Microsoft .NET Framework Object Permission Processing Arbitrary Code Execution Vulnerability
CVE-2013-3171
9.3
Microsoft .NET Framework Null Pointer Handling Arbitrary Code Execution Vulnerability
CVE-2013-3178
9.3

Microsoft Security Bulletin MS13-053

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

Microsoft Windows Kernel-Mode Driver Memory Allocation Vulnerability
CVE-2013-1300
7.2
Microsoft Windows Kernel-Mode Driver Memory Object Dereference Privilege Escalation Vulnerability
CVE-2013-1340
7.2
Microsoft Windows Kernel-Mode Driver Privilege Escalation Vulnerability
CVE-2013-1345
7.2
Microsoft Windows TrueType Font Processing Arbitrary Code Execution Vulnerability
CVE-2013-3129
9.3
Microsoft Windows Kernel-Mode Driver Information Disclosure Vulnerability
CVE-2013-3167
7.2
Microsoft Windows Kernel-Mode Driver Buffer Overflow Denial of Service Vulnerability
CVE-2013-3172
4.9
Microsoft Windows Kernel-Mode Driver Memory Overwrite Information Disclosure Vulnerability
CVE-2013-3173
7.2
Microsoft Windows Kernel Driver win32k.sys EPATHOBJ::pprFlattenRec Function Privilege Escalation Vulnerability
CVE-2013-3660
7.2

Microsoft Security Bulletin MS13-054

Vulnerability in GDI+ Could Allow Remote Code Execution

Microsoft Windows TrueType Font Processing Arbitrary Code Execution Vulnerability
CVE-2013-3129
Cisco IOS, Cisco ASA/ASA-SM/FWSM, Cisco ACE, Cisco Security Manager
9.3

Microsoft Security Bulletin MS13-055

Cumulative Security Update for Internet Explorer

Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3115
Cisco IPS Signature 2477-0, Cisco Security Manager
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3143
Cisco IPS Signature 2444-0, Cisco Security Manager
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3144
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3145
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3146
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3147
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3148
Cisco IPS Signature 2470-0, Cisco Security Manager
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3149
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3150
Cisco IPS Signature 2486-0, Cisco Security Manager
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3151
Cisco IPS Signature 2480-0, Cisco Security Manager
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3152
Cisco IPS Signature 2484-0
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3153
Cisco IPS Signature 2479-0, Cisco Security Manager
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3161
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3162
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3163
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3164
9.3
Microsoft Internet Explorer Character Encoding Processing Information Disclosure Vulnerability
CVE-2013-3166
4.3

Microsoft Security Bulletin MS13-056

Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution

Microsoft DirectShow GIF Image Processing Memory Corruption Vulnerability
CVE-2013-3174
7.6

Microsoft Security Bulletin MS13-057

Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution

Microsoft Windows Media Format Runtime WMV File Parsing Arbitrary Code Execution Vulnerability
CVE-2013-3127
9.3

Microsoft Security Bulletin MS13-058

Vulnerability in Windows Defender Could Allow Elevation of Privilege

Microsoft Windows Defender Pathname Processing Privilege Escalation Vulnerability
CVE-2013-3154
7.2

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco IOS access control lists; Cisco Intrusion Prevention System (IPS) signatures; Cisco ACE Application Control Engine and Module; firewall inspection and access control lists are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for July 2013

Cisco Security Manager helps enable enterprises to manage and scale security operations efficiently and accurately. Its end-to-end tools provide consistent policy enforcement, quick troubleshooting of security events, and summarized reports from across the security deployment.

Cisco NAC Appliance (formerly Cisco Clean Access) uses your organization's network infrastructure to enforce security policy compliance on all devices that attempt to gain access.

Cisco Identity Services Engine gathers information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network. It provides network visibility for advanced discovery and troubleshooting and combines authentication, authorization, and accounting (AAA), posture, profiling, and guest management.

Impact on Cisco Products

Customers should evaluate the Microsoft security bulletins and associated software updates for any potential impacts to Cisco Contact Center products. Please refer to the Cisco Customer Contact Software Policy for Using Microsoft Security Updates on Products Deployed on a Retail Installation of Windows Operating System for additional information.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.