Cisco Event Response: Microsoft Security Bulletin Release for June 2013

June 11, 2013

Microsoft published its monthly security bulletin release on June 11, 2013. Microsoft released five bulletins that addressed 23 vulnerabilities. The bulletins address vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, and Microsoft Office. The vulnerabilities could allow an attacker to execute arbitrary code, cause a denial of service condition, or gain elevated privileges.


Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS13-047

Cumulative Security Update for Internet Explorer

Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3110
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3111
Cisco IPS Signature 2270-0, Cisco Security Manager
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3112
Cisco IPS Signature 2326-0, Cisco Security Manager
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3113
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3114
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3116
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3117
Cisco IPS Signature 2264-0, Cisco Security Manager
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3118
Cisco IPS Signature 2294-0, Cisco Security Manager
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3119
Cisco IPS Signature 2325-0
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3120
Cisco IPS Signature 2307-0, Cisco Security Manager
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3121
Cisco IPS Signature 2288-0, Cisco Security Manager
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3122
Cisco IPS Signature 2280-0, Cisco Security Manager
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3123
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3124
Cisco IPS Signature 2322-0, Cisco Security Manager
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3125
Cisco IPS Signature 2309-0, Cisco Security Manager
9.3
Microsoft Internet Explorer Script Debugging Memory Corruption Vulnerability
CVE-2013-3126
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3139
Cisco IPS Signature 2279-0, Cisco Security Manager
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3141
9.3
Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2013-3142
9.3

Microsoft Security Bulletin MS13-048

Vulnerability in Windows Kernel Could Allow Information Disclosure

Microsoft Windows Kernel Object Processing Information Disclosure Vulnerability
CVE-2013-3136
6.8

Microsoft Security Bulletin MS13-049

Vulnerability in Kernel-Mode Driver Could Allow Denial of Service

Microsoft Windows Kernel-Mode Driver TCP/IP Processing Denial of Service Vulnerability
CVE-2013-3138
Cisco IPS Signature 6009-0
5.0

Microsoft Security Bulletin MS13-050

Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege

Microsoft Windows Print Spooler Service Printer Connection Deletion Privilege Escalation Vulnerability
CVE-2013-1339
Cisco IOS tACLs
6.8

Microsoft Security Bulletin MS13-051

Vulnerability in Microsoft Office Could Allow Remote Code Execution

Microsoft Office File Parsing Buffer Overflow Vulnerability
CVE-2013-1331
Cisco ASA/ASA-SM/FWSM, Cisco ACE, Cisco IPS Signature 2284-0, Cisco Security Manager
9.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco IOS access control lists; Cisco Intrusion Prevention System (IPS) signatures; Cisco ACE Application Control Engine and Module; and firewall inspection, normalization, and access control lists are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for June 2013

Cisco Security Manager helps enable enterprises to manage and scale security operations efficiently and accurately. Its end-to-end tools provide consistent policy enforcement, quick troubleshooting of security events, and summarized reports from across the security deployment.

Cisco NAC Appliance (formerly Cisco Clean Access) uses your organization's network infrastructure to enforce security policy compliance on all devices that attempt to gain access.

Cisco Identity Services Engine gathers information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network. It provides network visibility for advanced discovery and troubleshooting and combines authentication, authorization, and accounting (AAA), posture, profiling, and guest management.

Impact on Cisco Products

Customers should evaluate the Microsoft security bulletins and associated software updates for any potential impacts to Cisco Contact Center products. Please refer to the Cisco Customer Contact Software Policy for Using Microsoft Security Updates on Products Deployed on a Retail Installation of Windows Operating System for additional information.

Cisco IP Telephony Operating System, SQL Server, Security Updates
These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.