Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Cisco Applied Mitigation Bulletin

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for April 2014

 
Threat Type:IntelliShield: Applied Mitigation Bulletin
IntelliShield ID:33520
Version:1
First Published:2014 April 08 17:17 GMT
Last Published:2014 April 08 17:17 GMT
Port: Not available
CVE:CVE-2014-0235 , CVE-2014-0315 , CVE-2014-1751 , CVE-2014-1752 , CVE-2014-1753 , CVE-2014-1755 , CVE-2014-1757 , CVE-2014-1758 , CVE-2014-1759 , CVE-2014-1760 , CVE-2014-1761
Urgency:Possible use
Credibility:Confirmed
Severity:Moderate Damage
 
Version Summary:Cisco Applied Mitigation Bulletin initial public release
 

Cisco Response

Microsoft announced four security bulletins that address 11 vulnerabilities as part of the monthly security bulletin release on April 8, 2014. A summary of these bulletins is on the Microsoft website at http://technet.microsoft.com/en-us/security/bulletin/ms14-apr. This document provides identification and mitigation techniques that administrators can deploy on Cisco network devices.

The vulnerabilities that have a client software attack vector, can be exploited locally on the vulnerable device, require user interaction, or can be exploited using web-based attacks (these include but are not limited to cross-site scripting, phishing, and web-based email threats) or email attachments, and files stored on network shares are in the following list:

The vulnerabilities that have a network mitigation are in the following list. Cisco devices provide several countermeasures for the vulnerabilities that have a network attack vector, which will be discussed in detail later in this document.

Information about affected and unaffected products is available in the respective Microsoft advisories and the Cisco IntelliShield alerts that are referenced in Cisco Event Response: Microsoft Security Bulletin Release for April 2014.

In addition, multiple Cisco products use Microsoft operating systems as their base operating system. Cisco products that may be affected by the vulnerabilities described in the referenced Microsoft advisories are detailed in the "Associated Products" table in the "Product Sets" section.

Vulnerability Characteristics

MS14-017, Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660): These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) identifiers CVE-2014-4252, CVE-2014-4253, and CVE-2014-3704. These vulnerabilities can be exploited remotely without authentication and require user interaction. Successful exploitation of these vulnerabilities may allow arbitrary code execution. The attack vector for exploitation of these vulnerabilities is through HTTP and HTTPS packets that typically use TCP port 80 and 443 but may also use TCP ports 3128, 8000, 8010, 8080, 8888, and 24326.

MS14-019, Cumulative Security Update for Internet Explorer (2950467): These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) identifiers CVE-2014-0235, CVE-2014-1751, CVE-2014-1752, CVE-2014-1753, CVE-2014-1755, and CVE-2014-1760. These vulnerabilities can be exploited remotely without authentication and require user interaction. Successful exploitation of these vulnerabilities may allow arbitrary code execution. The attack vector for exploitation of these vulnerabilities is through HTTP and HTTPS packets that typically use TCP port 80 and 443 but may also use TCP ports 3128, 8000, 8010, 8080, 8888, and 24326.

MS14-020, Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145): This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2014-1759. These vulnerabilities can be exploited remotely without authentication and require user interaction. Successful exploitation of these vulnerabilities may allow arbitrary code execution. The attack vector for exploitation of these vulnerabilities is through HTTP and HTTPS packets that typically use TCP port 80 and 443 but may also use TCP ports 3128, 8000, 8010, 8080, 8888, and 24326.

The Cisco ASA 5500 and 5500-X Series Adaptive Security Appliance, the Cisco Catalyst 6500 Series ASA Services Module (ASASM), the Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, the Cisco ACE Application Control Engine Appliance and Module, the Cisco Web and Email Security Appliances, and Cisco Cloud Web Security provide protection for potential attempts to exploit these vulnerabilities (a topic that is included in this document).

Mitigation Technique Overview

The vulnerabilities that have a client software attack vector, can be exploited locally on the vulnerable device, require user interaction, can be exploited using web-based attacks (these include but are not limited to cross-site scripting, phishing, and web-based email threats) or email attachments, and files stored on network shares are in the following list:

These vulnerabilities are mitigated most successfully at the endpoint through software updates, user education, desktop administration best practices, and endpoint protection software such as Host Intrusion Prevention Systems (HIPS) or antivirus products.

The vulnerabilities that have a network mitigation are in the following list. Cisco devices provide several countermeasures for these vulnerabilities. This section of the document provides an overview of these techniques.

Effective means of exploit prevention can also be provided by Cisco ASA 5500 and 5500-X Series Adaptive Security Appliance, Cisco Catalyst 6500 Series ASA Services Module (ASASM), and the Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers using the following methods:

  • Application layer protocol inspection
  • URL filtering
  • Next-Generation Firewall Services

These protection mechanisms filter and drop packets that are attempting to exploit the vulnerabilities that have a network attack vector.

Effective exploit prevention can also be provided by the Cisco ACE Application Control Engine Appliance and Module using application protocol inspection.

Effective use of Cisco Intrusion Prevention System (IPS) event actions provides visibility into and protection against attacks that attempt to exploit these vulnerabilities.

Effective use of Sourcefire Intrusion Prevention System (IPS) event actions provides visibility into and protection against attacks that attempt to exploit these vulnerabilities.

Effective use of Cisco Web Security Appliance can protect against the vulnerabilities that have an attack vector over the web.

Effective use of Cisco Email Security Appliance can protect against the vulnerabilities that have an email attack vector.

Effective use of Cisco Cloud Web Security can protect against the vulnerabilities that have an attack vector over the web.

Risk Management

Organizations are advised to follow their standard risk evaluation and mitigation processes to determine the potential impact of these vulnerabilities. Triage refers to sorting projects and prioritizing efforts that are most likely to be successful. Cisco has provided documents that can help organizations develop a risk-based triage capability for their information security teams. Risk Triage for Security Vulnerability Announcements and Risk Triage and Prototyping can help organizations develop repeatable security evaluation and response processes.

Device-Specific Mitigation and Identification

Caution: The effectiveness of any mitigation technique depends on specific customer situations such as product mix, network topology, traffic behavior, and organizational mission. As with any configuration change, evaluate the impact of this configuration prior to applying the change.

Specific information about mitigation and identification is available for these devices:

Cisco ASA, Cisco ASASM, and Cisco FWSM Firewalls

Mitigation: Application Layer Protocol Inspection

Application layer protocol inspection is available beginning in Cisco IOS Software Release 7.2(1) for the Cisco ASA 5500 and 5500-X Series Adaptive Security Appliance, IOS Software Release 8.5 for the Cisco Catalyst 6500 Series ASA Services Module, and in IOS Software Release 4.0(1) for the Cisco Firewall Services Module. This advanced security feature performs deep packet inspection of traffic that transits the firewall. Administrators may construct an inspection policy for applications that require special handling through the configuration of inspection class maps and inspection policy maps, which are applied via a global or interface service policy. Application inspection will inspect both IPv4 and IPv6 packets matched in the class-map of the policy.

Additional information about application layer protocol inspection and the Modular Policy Framework (MPF) is in the Getting Started with Application Layer Protocol Inspection section of Book 2: Cisco ASA Series Firewall CLI Configuration Guide, 9.1.

Caution: Application layer protocol inspection will decrease firewall performance. Administrators are advised to test performance impact in a lab environment before this feature is deployed in production environments.

HTTP Application Inspection
For MS14-017 and MS14-020, by using the HTTP inspection engine on the Cisco ASA 5500 and 5500-X Series Adaptive Security Appliances, Cisco 6500 Series ASA Services Modules, and the Cisco Firewall Services Module, administrators can configure regular expressions (regexes) for pattern matching and construct inspection class maps and inspection policy maps. These methods can help protect against specific vulnerabilities, such as the one described in this document, and other threats that may be associated with HTTP traffic. The following HTTP application inspection configuration uses the Cisco Modular Policy Framework (MPF) to create a policy for inspection of traffic on TCP ports 80, 3128, 8000, 8010, 8080, 8888, and 24326, which are the default ports for the Cisco IPS #WEBPORTS variable. The HTTP application inspection policy will drop connections where the HTTP response body contains any of the regexes that are configured to match the ActiveX control that is associated with these vulnerabilities.

Caution: The configured regexes can match text strings at any location in the body of an HTML response. Care should be taken to ensure that legitimate business applications that use matching text strings without calling the ActiveX control are not affected. Additional information about regex syntax is in Creating a Regular Expression.

Additional information about ActiveX exploits and mitigations that leverage Cisco firewall technologies is available in the Preventing ActiveX Exploits with Cisco Firewall Application Layer Protocol Inspection Cisco Security Intelligence Operations white paper.

!
!-- Configure regexes that look for either the  
!-- .rtf or the .pub file extensions that are
!-- typically used to exploit the vulnerability
!-- associated with MS14-017 and MS14-020
! 
regex MS14-017 ".+\x2e[Rr][Tt][Ff]"
regex MS14-020 ".+\x2e[Pp][Uu][Bb]"
!
!-- The "?" in the above regexes must be escaped with  
!-- [CTRL-v]. See Creating a Regular Expression for   
!-- details  
! 
!-- Configure a regex class to match on the regular  
!-- expressions that are configured above
! 
class-map type regex match-any MS14-regex_class
 match regex MS14-017
 match regex MS14-020
!
!-- Configure an object group for the default ports that 
!-- are used by the Cisco IPS #WEBPORTS variable, which 
!-- are TCP ports 80 (www), 3128, 8000, 8010, 8080, 8888, 
!-- and 24326
!
object-group service WEBPORTS tcp
 port-object eq www 
 port-object eq 3128 
 port-object eq 8000 
 port-object eq 8010 
 port-object eq 8080 
 port-object eq 8888 
 port-object eq 24326 
!
!-- Configure an access list that uses the WEBPORTS object 
!-- group, which will be used to match TCP packets that 
!-- are destined to the #WEBPORTS variable that is used 
!-- by a Cisco IPS device
!
access-list Webports_ACL extended permit tcp any any object-group WEBPORTS 
!
!-- Configure a class that uses the above-configured
!-- access list to match TCP packets that are destined
!-- to the ports that are used by the Cisco IPS #WEBPORTS
!-- variable
!
class-map Webports_Class
 match access-list Webports_ACL
!
!-- Configure an HTTP application inspection policy that  
!-- identifies, drops, and logs connections that contain   
!-- the regexes that are configured above
! 
policy-map type inspect http MS_Apr_2014_policy
 parameters
!
!-- "body-match-maximum" indicates the maximum number of 
!-- characters in the body of an HTTP message that
!-- should be searched in a body match. The default value is
!-- 200 bytes. A large number such as shown here may have an
!-- impact on system performance. Administrators are advised
!-- to test performance impact in a lab environment before 
!-- this command is deployed in production environments.
!
 body-match-maximum 1380
 match response body regex class MS14-regex_class    
  drop-connection log  
!
!-- Add the above-configured "Webports_Class" that matches 
!-- TCP packets that are destined to the default ports  
!-- that are used by the Cisco IPS #WEBPORTS variable to  
!-- the default policy "global_policy" and use it to 
!-- inspect HTTP traffic that transits the firewall
! 
policy-map global_policy
 class Webports_Class
  inspect http MS_Apr_2014_policy 
!
!-- By default, the policy "global_policy" is applied 
!-- globally, which results in the inspection of 
!-- traffic that enters the firewall from all interfaces 
!
service-policy global_policy global

For additional information about the configuration and use of object groups, reference the Adding Global Objects section of Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.1.

Additional information about HTTP application inspection and the MPF is in the HTTP Inspection section of Book 2: Cisco ASA Series Firewall CLI Configuration Guide, 9.1.

For information on using the Cisco Firewall command line interface (CLI) to gauge the effectiveness of application inspection, please refer to the Cisco Security Intelligence Operations white paper Identification of Security Exploits with Cisco ASA, Cisco ASASM, and Cisco FWSM Firewalls.

Mitigation: URL Filtering

URL filtering can be applied on the ASA by leveraging Websense Enterprise Secure Computing SmartFilter Server (formerly N2H2) Internet filtering products. When URL filtering is enabled, the ASA only enforces the filtering policy decisions which are made for HTTP, HTTPS, and FTP by the Internet filtering product configurations.

Specifically, for HTTPS content the ASA sends the URL lookup without directory and filename information. When the filtering server approves an HTTPS connection request, the ASA allows the completion of SSL connection negotiation and allows the reply from the web server to reach the originating client. If the filtering server denies the request, the ASA prevents the completion of SSL connection negotiation. The browser displays an error message such as The Page or the content cannot be displayed.

URL filtering is configured using url-server and filter global CLI commands.

URL filtering can be used to mitigate the vulnerabilities described in this document by filtering HTTP or HTTPS requests that contain .rtf or .pub in their URI field.

For more information, see the Filtering HTTPS URLs of the Cisco ASA configuration guide and How to configure URL filtering in the Cisco Support Community.

Mitigation: Next-Generation Firewall Services

Starting in Cisco ASA Software Release 8.4(5) for Cisco ASA 5585-X with ASA CX SSP-10 and -20; Cisco ASA Software Release 9.1 for Cisco ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X; and Cisco ASA Software Release 9.1(3) for Cisco ASA 5585-X with ASA CX SSP-40 and -60, the Cisco ASA Next-Generation Firewall (NGFW) services allow an administrator to monitor or enforce policies based on the identity of the user (who), the application or website that the user is trying to access (what), the origin of the access attempt (where), the time of the attempted access (when), and the properties of the device used for the access (how).

The NGFW services run in a separate hardware module (SSP for ASA5585-X) or software module (ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X). The ASA forwards traffic (using MPF policies) to the NGFW module, which monitors and/or enforces policies as configured. NGFW policies can be configured using the Cisco Prime Security Manager (PRSM) GUI in single or multiple device mode. A variety of applications can be recognized and acted on as part of the Application Visibility and Control (AVC) service on NGFW. Application recognition is continually updated using signature and engine updates. Similarly, the Web Security Essentials (WSE) service can inspect and act upon web features and requests. Also, web reputation policies can be used to filter traffic based on reputation of the destinations visited.

Cisco NGFW can be used to mitigate MS14-017, MS14-019, and MS14-020 by filtering the following:

  • low-reputation URL destinations
  • files with .rtf or .pub file types

Monitoring and filtering policies (AVC and WSE) can also be applied to encrypted TLS traffic.

For more information about supported applications, see ASA NGFW Services Applications Portal. For more information about configuring the ASA, see the Configuring the ASA CX Module section in the Cisco ASA configuration guide. For more information on configuring the ASA CX, see User Guide for ASA CX and Cisco Prime Security Manager.

Cisco ACE

Mitigation: Application Protocol Inspection

Application protocol inspection is available for the Cisco ACE Application Control Engine Appliance and Module. This advanced security feature performs deep packet inspection of traffic that transits the Cisco ACE device. Administrators can construct an inspection policy for applications that require special handling through the configuration of inspection class maps and inspection policy maps, which are applied via a global or interface service policy.

Additional information about application protocol inspection is in the Configuring Application Protocol Inspection section of Security Guide vA5(1.0), Cisco ACE Application Control Engine.

HTTP Deep Packet Inspection

To conduct HTTP deep packet inspection for MS14-017 and MS14-020, administrators can configure regular expressions (regexes) for pattern matching and construct inspection class maps and inspection policy maps. These methods can help protect against specific vulnerabilities, such as the one described in this document, and other threats that may be associated with HTTP traffic. The following HTTP application protocol inspection configuration inspects traffic on TCP ports 80, 3128, 8000, 8010, 8080, 8888, and 24326, which are the default ports for the Cisco IPS #WEBPORTS variable.

Caution: The configured regexes can match text strings at any location in the content of an HTML packet. Care should be taken to ensure that legitimate business applications that use matching text strings are not affected.


! 
!-- Configure an HTTP application inspection class that looks
!-- for HTTP packets that contain either of the .rtf or
!-- .pub file extensions that are typically used to exploit
!-- the vulnerabilities associated with MS14-017 and MS14-020
! 
class-map type http inspect match-any MS14_class
2 match content ".*.+\x2e[Rr][Tt][Ff].*" 3 match content ".*.+\x2e[Pp][Uu][Bb].*" ! !-- The "?" in the above regexes must be escaped with !-- [CTRL-v]. ! !-- Configure an HTTP application inspection policy that !-- identifies, resets, and logs connections that contain !-- the regexes that are configured above ! policy-map type inspect http all-match MS_Apr_2014 class MS14_class
reset log ! !-- Configure an access list that matches TCP packets !-- that are destined to the #WEBPORTS variable that is !-- used by a Cisco IPS device ! access-list WEBPORTS line 8 extended permit tcp any any eq www access-list WEBPORTS line 16 extended permit tcp any any eq 3128 access-list WEBPORTS line 24 extended permit tcp any any eq 8000 access-list WEBPORTS line 32 extended permit tcp any any eq 8010 access-list WEBPORTS line 40 extended permit tcp any any eq 8080 access-list WEBPORTS line 48 extended permit tcp any any eq 8888 access-list WEBPORTS line 56 extended permit tcp any any eq 24326 ! !-- Configure a Layer 4 class that uses the above-configured !-- access list to match TCP packets that are destined !-- to the ports that are used by the Cisco IPS #WEBPORTS !-- variable ! class-map match-all L4_http_class match access-list WEBPORTS ! !-- Configure a Layer 4 policy that applies the HTTP application !-- inspection policy configured above to TCP packets that !-- are destined to the ports that are used by the Cisco IPS !-- #WEBPORTS variable ! policy-map multi-match L4_MS_Apr_2014 class L4_http_class inspect http policy MS_Apr_2014 ! !-- Apply the configuration globally across all interfaces, !-- which results in the inspection of all traffic that enters !-- the ACE ! service-policy input L4_MS_Apr_2014

For information about how to use the ACE CLI to gauge the effectiveness of application inspection, refer to the Cisco Security Intelligence Operations white paper Identification of Malicious Traffic Using Cisco ACE.

Cisco Intrusion Prevention System

Mitigation: Cisco IPS Signature Event Actions

Administrators can use the Cisco IPS appliances and services modules to provide threat detection and help prevent attempts to exploit several of the vulnerabilities described in this document. The following table provides an overview of CVE identifiers and the respective Cisco IPS signatures that will trigger events on potential attempts to exploit these vulnerabilities.

CVE ID Signature Release Signature ID Signature Name Enabled Severity Fidelity*
CVE-2014-1761 S780 1709/0 Microsoft Office Word RTF Document Processing Arbitrary Code Execution Vulnerability Yes High 85
CVE-2014-1751 S784 4109/0 Microsoft Internet Explorer Remote Code Execution Yes High 85
CVE-2014-1752 S784 4108/0 Microsoft Internet Explorer Use After Free Yes High 85
CVE-2014-1753 S784 4136/0 Microsoft Internet Explorer Use After Free Yes High 85
CVE-2014-1755 S784 4137/0 Microsoft Internet Explorer Memory Corruption Vulnerability Yes High 85

* Fidelity is also referred to as Signature Fidelity Rating (SFR) and is the relative measure of the accuracy of the signature (predefined). The value ranges from 0 through 100 and is set by Cisco Systems, Inc.

Administrators can configure Cisco IPS sensors to perform an event action when an attack is detected. The configured event action performs preventive or deterrent controls to help protect against an attack that is attempting to exploit the vulnerabilities listed in the preceding table.

Cisco IPS sensors are most effective when deployed in inline protection mode combined with the use of an event action. Automatic Threat Prevention for Cisco IPS 7.x and 6.x sensors that are deployed in inline protection mode provides threat prevention against an attack that is attempting to exploit the vulnerabilities that are described in this document. Threat prevention is achieved through a default override that performs an event action for triggered signatures with a riskRatingValue greater than 90.

For additional information about the risk rating and threat rating calculation, reference Risk Rating and Threat Rating: Simplify IPS Policy Management.

For information on using Cisco Security Manager to view the activity from a Cisco IPS sensor, see Identification of Malicious Traffic Using Cisco Security Manager white paper.

Sourcefire Signature Information

The following Sourcefire Snort signatures are available for the Microsoft April 2014 Security Update.

Microsoft Bulletin ID Applicable Rules
MS14-017 1:24974
MS14-017 1:24975
MS14-018 1:30497
MS14-018 1:30498
MS14-018 1:30499
MS14-018 1:30500
MS14-018 1:30501
MS14-018 1:30502
MS14-020 1:30508
MS14-020 1:30509

Cisco Web and Email Security

Mitigation: Web Security

Cisco Web Security Appliances (WSA) can filter and protect corporate networks against web-based malware and spyware programs that can compromise corporate security and expose intellectual property. They operate as a proxy and can provide user- and group-based policies that filter certain URL categories, web content, web application visibility and control (AVC), websites based on web reputation, and malware. The WSA can also detect infected clients and stop malicious activity from going outside the corporate network using the L4 Traffic Monitor (L4TM). Policies can be configured using a web GUI. A CLI can also be used. The WSA includes protection for standard communication protocols, such as HTTP, HTTPS, FTP, and SOCKS.

To operate with network devices such as routers and firewalls, the WSA uses the Web Cache Communication Protocol (WCCP). With WCCP, content requests are transparently redirected to the WSA, which acts based on its configuration. Users do not need to configure a web-proxy in their browsers. In Cisco IOS, WCCP is enabled using the ip wccp commands and in the Cisco ASA using the wccp commands.

Cisco WSA can be used to mitigate MS14-017, MS14-019, and MS14-020 by filtering web traffic based on the following:

  • low-reputation URL  destinations
  • .rtf or .pub file types
  • .rtf or .pub malicious files

For more information, see the ASA: WCCP Step-by-Step Configuration document in the Cisco Support Community and the Cisco AsyncOS Web User Guide (PDF).

Mitigation: Email Security

Cisco Email Security Appliances (ESA) eliminate email spam and viruses, enforce corporate policy, and secure the network perimeter. They operate as an SMTP gateway, also known as a mail exchanger or MX. They can filter virus, spam, and phishing outbreaks. They also provide email encryption, message filtering, anti-spam services, antivirus services and more.

Cisco ESA can be used to mitigate MS14-017 and MS14-020 by filtering messages based on an attachment type of .rtf or .pub.

Filter actions allow messages to be dropped, bounced, archived, blind carbon copied, or altered.

Filters can also generate notifications.

For more information, see the Cisco AsyncOS Email Configuration Guide (PDF).

Cisco Cloud Web Security

Mitigation: Cloud Web Security

Cisco Cloud Web Security (CWS) analyzes every web request and response to determine whether content is malicious, inappropriate, or acceptable based on the defined security policy. This offers effective protection against threats, including zero-day threats that would otherwise be successful. Cisco CWS can provide user and group-based policies that filter certain URL categories, web content, files and file types, web applications (AVC), websites based on web reputation and malware. It can inspect both HTTP and HTTPS traffic.

Starting in Cisco IOS 15.2MT on ISR-G2 routers and Cisco ASA Software Release 9.0, Cisco CWS can integrate transparently with Cisco IOS and Cisco ASA. In addition, starting with AnyConnect 3.0, CWS can be deployed with the AnyConnect client. CWS can also be deployed on end hosts as a Cisco Cloud Connector application.

Cisco CWS can be used to mitigate MS14-017, MS14-019, and MS14-020 by filtering web traffic based on the following:

  • low-reputation URL destinations
  • .rtf and .pub file types
  • .rtf or .pub malicious files

For configuration examples, see the ASA: ScanSafe Step-by-Step Configuration and IOS: ScanSafe Step-by-Step Configuration documents in the Cisco Support Community. For more information about Cisco IOS and ASA configuration, see Cisco Cloud Web Security and the Configuration Cisco Cloud Web Security section of the Cisco ASA configuration guide. For more information about the CWS portal, see Cisco ScanCenter Administrator Guide.

Additional Information

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

Cisco Security Procedures

Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.

Related Information

 
Alert History
 
Initial Release


Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
Microsoft, Inc.Internet Explorer 6.0 Base | 7.0 Base | 8.0 Base | 9.0 Base | 11.0 Base
Microsoft, Inc.Microsoft Office Publisher 2003 SP3 | 2007 SP3
Microsoft, Inc.Office 2007 SP3 | 2010 SP1, SP2
Microsoft, Inc.Office Compatibility Pack SP3 Base
Microsoft, Inc.Office for Mac 2011 Base
Microsoft, Inc.Windows 7 for 32-bit systems SP1 | for x64-based systems SP1
Microsoft, Inc.Windows RT Original Release Base | 8.1 Base
Microsoft, Inc.Windows Server 2003 Datacenter Edition SP2 | Datacenter Edition, 64-bit (Itanium) SP2 | Datacenter Edition x64 (AMD/EM64T) SP2 | Enterprise Edition SP2 | Enterprise Edition, 64-bit (Itanium) SP2 | Enterprise Edition x64 (AMD/EM64T) SP2 | Standard Edition SP2 | Standard Edition, 64-bit (Itanium) SP2 | Standard Edition x64 (AMD/EM64T) SP2 | Web Edition SP2
Microsoft, Inc.Windows Server 2008 Datacenter Edition SP2 | Datacenter Edition, 64-bit SP2 | Itanium-Based Systems Edition SP2 | Enterprise Edition SP2 | Enterprise Edition, 64-bit SP2 | Essential Business Server Standard SP2 | Essential Business Server Premium SP2 | Essential Business Server Premium, 64-bit SP2 | Standard Edition SP2 | Standard Edition, 64-bit SP2 | Web Server SP2 | Web Server, 64-bit SP2
Microsoft, Inc.Windows Server 2008 R2 x64-Based Systems Edition SP1 | Itanium-Based Systems Edition SP1
Microsoft, Inc.Windows Server 2012 Original Release Base
Microsoft, Inc.Windows Server 2012 R2 Original Release Base
Microsoft, Inc.Windows Vista Home Basic SP2 | Home Premium SP2 | Business SP2 | Enterprise SP2 | Ultimate SP2 | Home Basic x64 Edition SP2 | Home Premium x64 Edition SP2 | Business x64 Edition SP2 | Enterprise x64 Edition SP2 | Ultimate x64 Edition SP2
Microsoft, Inc.Windows XP Home Edition SP3 | Professional Edition SP3 | Professional x64 (AMD/EM64T) SP2 | Tablet PC Edition SP3 | Media Center Edition SP3
Microsoft, Inc.Word 2003 Base, SP1, SP2, SP3 | 2007 Base, SP1, SP2, SP3 | 2010 32-bit Edition, 64-bit Edition, SP1, SP2 | 2013 Base, RT, 32-bit editions, 64-bit editions
Microsoft, Inc.Word Viewer Original Release Base
Microsoft, Inc.Office Web Apps 2010 Base, SP1, SP2 | 2013 Base
Microsoft, Inc.Windows 8 for 32-bit systems Base | for x64-based systems Base
Microsoft, Inc.Windows 8.1 for 32-bit Systems Base | for 64-bit Systems Base

Associated Products:
Microsoft, Inc.Office 2003 Base, SP1, SP2, SP3 | 2007 Base, SP1, SP2 | 2010 Base | 2013 32-bit editions, 64-bit editions | 2013 RT Base
Microsoft, Inc.Windows 7 for 32-bit systems | for x64-based systems
Microsoft, Inc.Windows RT 8.1
Microsoft, Inc.Windows Server 2003 Datacenter Edition | Datacenter Edition, 64-bit (Itanium) | Datacenter Edition x64 (AMD/EM64T) | Enterprise Edition | Enterprise Edition, 64-bit (Itanium) | Enterprise Edition x64 (AMD/EM64T) | Standard Edition | Standard Edition, 64-bit (Itanium) | Standard Edition x64 (AMD/EM64T) | Web Edition
Microsoft, Inc.Windows Server 2008 Datacenter Edition | Datacenter Edition, 64-bit | Itanium-Based Systems Edition | Enterprise Edition | Enterprise Edition, 64-bit | Essential Business Server Standard | Essential Business Server Premium | Essential Business Server Premium, 64-bit | Standard Edition | Standard Edition, 64-bit | Web Server | Web Server, 64-bit
Microsoft, Inc.Windows Server 2008 R2 x64-Based Systems Edition | Itanium-Based Systems Edition
Microsoft, Inc.Windows Server 2012 R2 Original Release
Microsoft, Inc.Windows Vista Home Basic | Home Premium | Business | Enterprise | Ultimate | Home Basic x64 Edition | Home Premium x64 Edition | Business x64 Edition | Enterprise x64 Edition | Ultimate x64 Edition
Microsoft, Inc.Windows XP Home Edition | Professional Edition | Professional x64 (AMD/EM64T) | Tablet PC Edition | Media Center Edition
Microsoft, Inc.Windows 8.1 for 32-bit Systems | for 64-bit Systems




Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service. This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment.


LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield