Cisco Event Response: Microsoft Security Bulletin Release for March 2013

March 12, 2013

Microsoft published its monthly security bulletin release on March 12, 2013. Microsoft released seven bulletins that addressed 20 vulnerabilities. The bulletins address vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Office, and Microsoft Silverlight. The vulnerabilities could allow an attacker to execute arbitrary code, access sensitive information, cause a denial of service condition, or gain elevated privileges.



Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS13-021

Cumulative Security Update for Internet Explorer

Microsoft Internet Explorer OnResize Use-After-Free Vulnerability
CVE-2013-0087

Cisco IPS Signatures 1998-0, 1998-1, 1998-2; Cisco Security Manager

9.3
Microsoft Internet Explorer saveHistory Use-After-Free Vulnerability
CVE-2013-0088
Cisco IPS Signature 1973-0, Cisco Security Manager
9.3
Microsoft Internet Explorer CMarkupBehaviorContext Use-After-Free Vulnerability
CVE-2013-0089
Cisco IPS Signature 1978-0, Cisco Security Manager
9.3
Microsoft Internet Explorer CCaret Use-After-Free Vulnerability
CVE-2013-0090
Cisco IPS Signature 2030-0
9.3
Microsoft Internet Explorer CElement Use-After-Free Vulnerability
CVE-2013-0091
9.3
Microsoft Internet Explorer GetMarkupPtr Use-After-Free Vulnerability
CVE-2013-0092
9.3
Microsoft Internet Explorer onBeforeCopy Use-After-Free Vulnerability
CVE-2013-0093
Cisco IPS Signature 1993-0, Cisco Security Manager
9.3
Microsoft Internet Explorer removeChild Use-After-Free Vulnerability
CVE-2013-0094
Cisco IPS Signature 2024-0
9.3
Microsoft Internet Explorer CTreeNode Use-After-Free Vulnerability
CVE-2013-1288
Cisco IPS Signature 2047-0
9.3

Microsoft Security Bulletin MS13-022

Vulnerability in Silverlight Could Allow Remote Code Execution

Microsoft Silverlight Memory Dereference Arbitrary Code Execution Vulnerability
CVE-2013-0074
Cisco ASA/ASA-SM/FWSM, Cisco Security Manager
9.3

Microsoft Security Bulletin MS13-023

Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution

Microsoft Office Visio Memory Handling Arbitrary Code Execution Vulnerability
CVE-2013-0079
9.3

Microsoft Security Bulletin MS13-024

Vulnerabilities in SharePoint Could Allow Elevation of Privilege

Microsoft SharePoint Unauthorized Access Vulnerability
CVE-2013-0080
Cisco IPS Signature 1990-0, Cisco Security Manager
4.3
Microsoft SharePoint Cross-Site Scripting Vulnerability
CVE-2013-0083
Cisco IPS Signature 1984-0, Cisco Security Manager
4.3
Microsoft SharePoint Directory Traversal Information Disclosure Vulnerability
CVE-2013-0084
4.3
Microsoft SharePoint Buffer Overflow Denial of Service Vulnerability
CVE-2013-0085
4.3

Microsoft Security Bulletin MS13-025

Vulnerability in Microsoft OneNote Could Allow Information Disclosure

Microsoft OneNote Improper Buffer Allocation Information Disclosure Vulnerability
CVE-2013-0086
Cisco IPS Signature 2034-0, Cisco Security Manager, Cisco ASA/ASA-SM/FWSM
4.3

Microsoft Security Bulletin MS13-026

Vulnerability in Office Outlook for Mac Could Allow Information Disclosure

Microsoft Office Outlook for Mac HTML Tag Processing Information Disclosure Vulnerability
CVE-2013-0095
4.3

Microsoft Security Bulletin MS13-027

Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege

Microsoft Windows USB Kernel-Mode Driver Privilege Escalation Vulnerability
CVE-2013-1285
6.8
Microsoft Windows USB Kernel Driver Privilege Escalation Vulnerability
CVE-2013-1286
6.8
Microsoft Windows USB Kernel Driver Privilege Escalation Vulnerability
CVE-2013-1287
6.8

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco Intrusion Prevention System (IPS) signatures; Cisco ACE Application Control Engine and Module; and firewall inspection and normalization are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for March 2013

Cisco Security Manager helps enable enterprises to manage and scale security operations efficiently and accurately. Its end-to-end tools provide consistent policy enforcement, quick troubleshooting of security events, and summarized reports from across the security deployment.

Cisco NAC Appliance (formerly Cisco Clean Access) uses your organization's network infrastructure to enforce security policy compliance on all devices that attempt to gain access.

Cisco Identity Services Engine gathers information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network. It provides network visibility for advanced discovery and troubleshooting and combines authentication, authorization, and accounting (AAA), posture, profiling, and guest management.

Impact on Cisco Products

Customers should evaluate the Microsoft security bulletins and associated software updates for any potential impacts to Cisco Contact Center products. Please refer to the Cisco Customer Contact Software Policy for Using Microsoft Security Updates on Products Deployed on a Retail Installation of Windows Operating System for additional information.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.