Cisco Event Response: Microsoft Security Bulletin Release for November 2012

November 13, 2012

Microsoft published its monthly security bulletin release on November 13, 2012. Microsoft released six bulletins that addressed nineteen vulnerabilities. The bulletins address vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Office Excel, Microsoft Internet Information Services, and Microsoft .NET Framework. The vulnerabilities could allow an attacker to execute arbitrary code, gain access to sensitive information, or gain elevated privileges.


Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release:

Microsoft Security Bulletin Cisco IntelliShield Alert
CVE ID
Search CVEs
Cisco Mitigations
CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS12-076

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution

Microsoft Office Excel Heap Overflow Arbitrary Code Execution Vulnerability
CVE-2012-1885
Cisco IPS Signature 1591-0, Cisco Security Manager
9.3
Microsoft Office Excel Memory Corruption Arbitrary Code Execution Vulnerability
CVE-2012-1886
Cisco IPS Signature 1593-0, Cisco Security Manager
9.3
Microsoft Office Excel Use-After-Free Arbitrary Code Execution Vulnerability
CVE-2012-1887
Cisco IPS Signature 1589-0, Cisco Security Manager
9.3
Microsoft Office Excel Stack-Based Buffer Overflow Arbitrary Code Execution Vulnerability
CVE-2012-2543
Cisco IPS Signature 1588-0, Cisco Security Manager
9.3

Microsoft Security Bulletin MS12-072

Vulnerabilities in Windows Shell Could Allow Remote Code Execution

Microsoft Windows Briefcase Processing Arbitrary Code Execution Vulnerability
CVE-2012-1527
Cisco IPS Signature 1584-0, Cisco Security Manager
9.3
Microsoft Windows Briefcase Handling Arbitrary Code Execution Vulnerability
CVE-2012-1528
Cisco IPS Signature 1585-0, Cisco Security Manager
9.3

Microsoft Security Bulletin MS12-073

Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure

Microsoft Internet Information Services Credentials Information Disclosure Vulnerability
CVE-2012-2531
1.7
Microsoft Internet Information Services FTP Service Command Injection Vulnerability
CVE-2012-2532
4.0

Microsoft Security Bulletin MS12-074

Vulnerabilities in .NET Framework Could Allow Remote Code Execution

Microsoft .NET Object Reflection Security Bypass Vulnerability
CVE-2012-1895
Cisco IPS Signature 1631-0, Cisco Security Manager, Cisco ASA, ACE
9.3
Microsoft .NET Code Access Security Bypass Information Disclosure Vulnerability
CVE-2012-1896
Cisco IPS Signature 1609-0, Cisco Security Manager, Cisco ASA, Cisco ACE
4.3
Microsoft .NET Framework Insecure Library Loading Arbitrary Code Execution Vulnerability
CVE-2012-2519
Cisco IPS Signature 31419-0, Cisco Security Manager
7.6
Microsoft .NET Framework Web Proxy Auto-Discovery Arbitrary Code Execution Vulnerability
CVE-2012-4776
Cisco IPS Signature 1597-0, Cisco Security Manager
9.3
Microsoft .NET Framework WPF Reflection Optimization Arbitrary Code Execution Vulnerability
CVE-2012-4777
9.3

Microsoft Security Bulletin MS12-075

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

Microsoft Windows win32k.sys Kernel Driver Use-After-Free Privilege Escalation Vulnerability
CVE-2012-2530
6.8
Microsoft Windows Kernel Driver Use-After-Free Privilege Escalation Vulnerability
CVE-2012-2553
6.8
Microsoft Windows Kernel Font Processing Privilege Escalation Vulnerability
CVE-2012-2897
Cisco IPS Signature 1642-0, Cisco Security Manager
6.8

Microsoft Security Bulletin MS12-071

Cumulative Security Update for Internet Explorer

Microsoft Internet Explorer CFormElement Processing Arbitrary Code Execution Vulnerability
CVE-2012-1538
Cisco IPS Signature 1596-0, Cisco Security Manager
9.3
Microsoft Internet Explorer CTreePos Element Processing Arbitrary Code Execution Vulnerability
CVE-2012-1539
Cisco IPS Signature 1608-0, Cisco Security Manager
9.3
Microsoft Internet Explorer CTreeNode Element Processing Arbitrary Code Execution Vulnerability
CVE-2012-4775
Cisco IPS Signature 1641-0, Cisco Security Manager
9.3

Cisco Security Intelligence Operations

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. Cisco Intrusion Prevention System (IPS) signatures, Cisco Security Manager, Cisco ASA 5500 Series Adaptive Security Appliance, and Cisco ACE Application Control Engine are discussed in this bulletin.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for November 2012

Cisco Security Manager helps enable enterprises to manage and scale security operations efficiently and accurately. Its end-to-end tools provide consistent policy enforcement, quick troubleshooting of security events, and summarized reports from across the security deployment.

Cisco NAC Appliance (formerly Cisco Clean Access) uses your organization's network infrastructure to enforce security policy compliance on all devices that attempt to gain access.

Cisco Identity Services Engine gathers information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network. It provides network visibility for advanced discovery and troubleshooting and combines authentication, authorization, and accounting (AAA), posture, profiling, and guest management.

Impact on Cisco Products

Customers should evaluate the Microsoft security bulletins and associated software updates for any potential impacts to Cisco Contact Center products. Please refer to the Cisco Customer Contact Software Policy for Using Microsoft Security Updates on Products Deployed on a Retail Installation of Windows Operating System for additional information.

Cisco IP Telephony Operating System, SQL Server, Security Updates
This document contains information on software updates for tracking Cisco-supported operating system, SQL Server, and security files that are available for web download. These updates support all versions of Cisco Unified CallManager, Cisco Conference Connection, Cisco Personal Assistant, Cisco IP Interactive Voice Response, and Cisco IP Call Center Express, Cisco Emergency Responder, Cisco Customer Voice Portal, and Cisco MeetingPlace. This document does not support Cisco Unity or servers where Cisco Unity is installed.

Recommended Microsoft Hot Fixes for Cisco Media Experience 3000
These documents evaluate the monthly Microsoft security bulletins for applicability to the Cisco Media Experience Engine (MXE) 3000 product line. The bulletins clarify which Microsoft Security Bulletins should be applied to affected hardware and software levels of Cisco MXE 3000 products.