Tripwire’s February 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, and Oracle.

Adobe Flash APSB18-03 CVE-2018-4878, CVE-2018-4877
Microsoft Browser CVE-2018-0763, CVE-2018-0839, CVE-2018-0771
Microsoft Scripting Engine CVE-2018-0840, CVE-2018-0860, CVE-2018-0861, CVE-2018-0866, CVE-2018-0838, CVE-2018-0859, CVE-2018-0857, CVE-2018-0856, CVE-2018-0835, CVE-2018-0834, CVE-2018-0837, CVE-2018-0836
Microsoft Office CVE-2018-0853, CVE-2018-0851
Microsoft Outlook CVE-2018-0850, CVE-2018-0852
Microsoft SharePoint CVE-2018-0864, CVE-2018-0869,
Windows Kernel CVE-2018-0809, CVE-2018-0820, CVE-2018-0742, CVE-2018-0756, CVE-2018-0831, CVE-2018-0843, CVE-2018-0829, CVE-2018-0757, CVE-2018-0810, CVE-2018-0830, CVE-2018-0832
Windows CVE-2018-0833, CVE-2018-0828
Windows Miscellaneous CVE-2018-0823, CVE-2018-0825, CVE-2018-0821, CVE-2018-0844, CVE-2018-0846, CVE-2018-0755, CVE-2018-0761, CVE-2018-0760, CVE-2018-0855, CVE-2018-0822, CVE-2018-0842, CVE-2018-0847, CVE-2018-0827, CVE-2018-0826

First on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux, and Chrome OS. These Adobe Flash patches address two user-after-free vulnerabilities that can lead to remote code execution upon successful exploitation. NOTE: Adobe reports that one of these vulnerabilities (CVE-2018-4878) has been exploited in the wild and has been used to target Windows users. Administrators should install these patches as soon as possible. Please refer to Adobe Security Notification APSB18-03 for more details.

Next up on the patch priority list this month are patches for Microsoft browsers and scripting engine. These patches address 2 information disclosure and one security feature bypass vulnerabilities in Microsoft Edge and 13 memory corruption vulnerabilities in the scripting engine.

Up next are patches for Microsoft Office, Outlook, and Sharepoint. These patches address 6 vulnerabilities including information disclosure, memory corruption, and elevation of privilege.

Next administrators should focus on patches for the Windows Kernel. These patches address 5 elevation of privilege vulnerabilities and 6 information disclosure vulnerabilities.

Lastly for this month, administrators should focus on the patching the remaining Microsoft February 2018 patches that resolve 16 vulnerabilities in Windows, Named Pipe File System, StructuredQuery, AppContainer, Common Log File System, EOT Font Engine, NTFS and Storage Services.

To learn more about (Read more...)