Tripwire Patch Priority Index for March 2018
| BULLETIN | CVE |
| Browser | CVE-2018-0942, CVE-2018-0929, CVE-2018-0927, CVE-2018-0932, CVE-2018-0879 |
| Scripting Engine | CVE-2018-0872,CVE-2018-0873,CVE-2018-0874,CVE-2018-0934,CVE-2018-0933,CVE-2018-0936,CVE-2018-0937,CVE-2018-0930,CVE-2018-0931,CVE-2018-0939,CVE-2018-0891,CVE-2018-0876,CVE-2018-0889,CVE-2018-0893,CVE-2018-0935 |
| Adobe Flash Player: APSB18-05 | CVE-2018-4919, CVE-2018-4920 |
| Microsoft Office | CVE-2018-0907,CVE-2018-0919,CVE-2018-0922 |
| Microsoft Access | CVE-2018-0903 |
| Windows | CVE-2018-0902,CVE-2018-0886,CVE-2018-0881,CVE-2018-0977,CVE-2018-0882,CVE-2018-0880,CVE-2018-0877,CVE-2018-0817,CVE-2018-0816,CVE-2018-0815,CVE-2018-0868,CVE-2018-0878,CVE-2018-0884,CVE-2018-0883,CVE-2018-0983 |
| Hyper-V | CVE-2018-0888,CVE-2018-0885 |
| Windows Kernel | CVE-2018-0900,CVE-2018-0904,CVE-2018-0897,CVE-2018-0896,CVE-2018-0898,CVE-2018-0895,CVE-2018-0894,CVE-2018-0901,CVE-2018-0899,CVE-2018-0926,CVE-2018-0813,CVE-2018-0811,CVE-2018-0814 |
| Exchange Server | CVE-2018-0940,CVE-2018-0941,CVE-2018-0924 |
| SharePoint | CVE-2018-0914,CVE-2018-0911,CVE-2018-0917,CVE-2018-0912,CVE-2018-0916,CVE-2018-0909,CVE-2018-0944,CVE-2018-0923,CVE-2018-0913,CVE-2018-0921,CVE-2018-0915,CVE-2018-0910,CVE-2018-0947 |
Tripwire’s March 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.
First, on the patch priority list this month are patches for Microsoft Browsers and Scripting Engine. The patches for Internet Explorer and Microsoft Edge resolve one elevation of privilege vulnerability and four information disclosure vulnerabilities. The patches for Microsoft’s Scripting Engine address numerous memory corruption and information disclosure vulnerabilities.
Next, on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux, and Chrome OS. These Adobe Flash patches address use-after-free and type-confusion vulnerabilities, which can lead to code execution in the contexts of the current user if successfully exploited.
Up next are patches for Microsoft Office and Microsoft Access. These patches address security feature bypass, information disclosure, memory corruption, and remote code execution vulnerabilities. Next, administrators want to focus on the patches available for Windows, Hyper-V, and Windows Kernel. These patches address numerous vulnerabilities throughout the Windows systems.
Last but not least for this month, administrators should focus on patches available for Microsoft Exchange Server and SharePoint. An elevation of privilege and two information disclosure vulnerabilities are fixed by the Exchange patch. The patches for SharePoint address 13 elevation of privilege vulnerabilities.
To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Lane Thames. Read the original post at: https://www.tripwire.com/state-of-security/vert/patch-priority-index-march-2018/
