Tripwire’s February 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, and Oracle.

Adobe Flash APSB18-03CVE-2018-4878, CVE-2018-4877
Microsoft BrowserCVE-2018-0763, CVE-2018-0839, CVE-2018-0771
Microsoft Scripting EngineCVE-2018-0840, CVE-2018-0860, CVE-2018-0861, CVE-2018-0866, CVE-2018-0838, CVE-2018-0859, CVE-2018-0857, CVE-2018-0856, CVE-2018-0835, CVE-2018-0834, CVE-2018-0837, CVE-2018-0836
Microsoft OfficeCVE-2018-0853, CVE-2018-0851
Microsoft OutlookCVE-2018-0850, CVE-2018-0852
Microsoft SharePointCVE-2018-0864, CVE-2018-0869,
Windows KernelCVE-2018-0809, CVE-2018-0820, CVE-2018-0742, CVE-2018-0756, CVE-2018-0831, CVE-2018-0843, CVE-2018-0829, CVE-2018-0757, CVE-2018-0810, CVE-2018-0830, CVE-2018-0832
WindowsCVE-2018-0833, CVE-2018-0828
Windows MiscellaneousCVE-2018-0823, CVE-2018-0825, CVE-2018-0821, CVE-2018-0844, CVE-2018-0846, CVE-2018-0755, CVE-2018-0761, CVE-2018-0760, CVE-2018-0855, CVE-2018-0822, CVE-2018-0842, CVE-2018-0847, CVE-2018-0827, CVE-2018-0826

First on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux, and Chrome OS. These Adobe Flash patches address two user-after-free vulnerabilities that can lead to remote code execution upon successful exploitation. NOTE: Adobe reports that one of these vulnerabilities (CVE-2018-4878) has been exploited in the wild and has been used to target Windows users. Administrators should install these patches as soon as possible. Please refer to Adobe Security Notification APSB18-03 for more details.

Next up on the patch priority list this month are patches for Microsoft browsers and scripting engine. These patches address 2 information disclosure and one security feature bypass vulnerabilities in Microsoft Edge and 13 memory corruption vulnerabilities in the scripting engine.

Up next are patches for Microsoft Office, Outlook, and Sharepoint. These patches address 6 vulnerabilities including information disclosure, memory corruption, and elevation of privilege.

Next administrators should focus on patches for the Windows Kernel. These patches address 5 elevation of privilege vulnerabilities and 6 information disclosure vulnerabilities.

Lastly for this month, administrators should focus on the patching the remaining Microsoft February 2018 patches that resolve 16 vulnerabilities in Windows, Named Pipe File System, StructuredQuery, AppContainer, Common Log File System, EOT Font Engine, NTFS and Storage Services.

To learn more about (Read more...)