Cisco Event Response: Microsoft Security Bulletin Release for May 2012

May 8, 2012

Microsoft published its monthly security bulletin release on May 8, 2012. Microsoft released seven bulletins that addressed 23 vulnerabilities. The bulletins address vulnerabilities in Microsoft Windows operating systems, Microsoft Silverlight, and Microsoft Office. The vulnerabilities could allow an attacker to gain escalated privileges, cause a denial of service (DoS) condition, or execute code on a targeted system.

 


Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin

Cisco IntelliShield Alert

CVE ID
Description: Search CVEs

Cisco Mitigations

CVSS
Base Score
Description: CVSS Q&A

Microsoft Security Bulletin MS12-029

Vulnerability in Microsoft Word Could Allow Remote Code Execution

Microsoft Office Word Rich Text Format Data Processing Arbitrary Code Execution Vulnerability

CVE-2012-0183

Cisco ASA/ASASM/FWSM, Cisco ACE, Cisco IPS Signature 1183-0, Cisco Security Manager

9.3

Microsoft Security Bulletin MS12-030

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

Microsoft Office Excel File Parsing Arbitrary Code Execution Vulnerability

CVE-2012-0141

Cisco IPS Signature 1196-0, Cisco Security Manager

9.3

Microsoft Office Excel OBJECTLINK Record Processing Arbitrary Code Execution Vulnerability

CVE-2012-0142

9.3

Microsoft Office Excel Document Processing Arbitrary Code Execution Vulnerability

CVE-2012-0143

Cisco IPS Signature 1186-0, Cisco Security Manager

9.3

Microsoft Office Excel SXLI Record Processing Memory Corruption Vulnerability

CVE-2012-0184

Cisco IPS Signature 1191-0, Cisco Security Manager

 

Microsoft Office Excel MergeCells Record Processing Heap Overflow Vulnerability

CVE-2012-0185

Cisco IPS Signature 1189-0, Cisco Security Manager

 

Microsoft Office Excel Record Processing Type Mismatch Remote Code Execution Vulnerability

CVE-2012-1847

Cisco IPS Signature 1192-0, Cisco Security Manager

9.3

Microsoft Security Bulletin MS12-031

Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution

Microsoft Visio Viewer VSD File Remote Code Execution Vulnerability

CVE-2012-0018

Cisco IPS Signature 1182-0, Cisco Security Manager

9.3

Microsoft Security Bulletin MS12-032

Vulnerability in TCP/IP Could Allow Elevation of Privilege

Microsoft Windows Firewall Outbound Broadcast Filter Security Bypass Vulnerability

CVE-2012-0174

2.3

Microsoft Windows TCP/IP Double Free Arbitrary Code Execution Vulnerability

CVE-2012-0179

6.6

Microsoft Security Bulletin MS12-033

Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege

Microsoft Windows Partition Manager Plug and Play Function Handling Privilege Escalation Vulnerability

CVE-2012-0178

6.8

Microsoft Security Bulletin MS12-034

Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight

Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability

CVE-2011-3402

Cisco ASA/ASASM/FWSM, Cisco ACE, Cisco Security Manager

9.3

Microsoft Windows, Office, and Silverlight TrueType Font Processing Vulnerability

CVE-2012-0159

Cisco ASA/ASASM/FWSM, Cisco ACE, Cisco IPS Signature 1195-0, Cisco Security Manager

9.3

Microsoft .NET Framework Buffer Allocation Arbitrary Code Execution Vulnerability

CVE-2012-0162

Cisco ASA/ASASM/FWSM, Cisco ACE, Cisco Security Manager, Cisco IPS Signature 1193-0

9.3

Microsoft .NET Framework WPF Index Comparison Denial of Service Vulnerability

CVE-2012-0164

Cisco ASA/ASASM/FWSM, Cisco ACE, Cisco Security Manager

4.3

Microsoft Office and Windows Enhanced Metafile Image Processing Arbitrary Code Execution Vulnerability

CVE-2012-0165

Cisco ASA/ASASM/FWSM, Cisco ACE, Cisco IPS Signature 1194-0, Cisco Security Manager

9.3

Microsoft Office Enhanced Metafile Processing Heap Overflow Vulnerability

CVE-2012-0167

Cisco ASA/ASASM/FWSM, Cisco ACE, Cisco Security Manager

9.3

Microsoft Silverlight Double-Free Arbitrary Code Execution Vulnerability

CVE-2012-0176

Cisco ASA/ASASM/FWSM, Cisco ACE, Cisco Security Manager

9.3

Microsoft Windows win32k.sys Kernel Driver Local Privilege Escalation Vulnerability

CVE-2012-0180

6.8

Microsoft Windows win32k.sys Kernel Driver Keyboard Layout Processing Privilege Escalation Vulnerability

CVE-2012-0181

6.8

Microsoft Windows win32k.sys Kernel Mode Driver Privilege Escalation Vulnerability

CVE-2012-1848

6.8

Microsoft Security Bulletin MS12-035

Vulnerabilities in .NET Framework Could Allow Remote Code Execution

Microsoft .NET Framework Untrusted Input Serialization Arbitrary Code Execution Vulnerability

CVE-2012-0160

Cisco IPS Signature 1188-0, Cisco Security Manager

9.3

Microsoft .NET Framework Trusted Assemblies Serialization Arbitrary Code Execution Vulnerability

CVE-2012-0161

Cisco ASA/ASASM/FWSM, Cisco ACE, Cisco IPS Signature 1185-0, Cisco Security Manager

9.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco Intrusion Prevention System (IPS) signatures; Cisco ACE Application Control Engine; and firewall inspection are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for May 2012

Cisco Security Manager helps enable enterprises to manage and scale security operations efficiently and accurately. Its end-to-end tools provide consistent policy enforcement, quick troubleshooting of security events, and summarized reports from across the security deployment.

Cisco NAC Appliance (formerly Cisco Clean Access) uses your organization's network infrastructure to enforce security policy compliance on all devices that attempt to gain access.

Cisco Identity Services Engine gathers information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network. It provides network visibility for advanced discovery and troubleshooting and combines authentication, authorization, and accounting (AAA), posture, profiling, and guest management.

Impact on Cisco Products

Customers should evaluate the Microsoft security bulletins and associated software updates for any potential impacts to Cisco Contact Center products. Please refer to the Cisco Customer Contact Software Policy for Using Microsoft Security Updates on Products Deployed on a Retail Installation of Windows Operating System for additional information.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.

Description: http://www.cisco.com/swa/i/spacer.gif