Thursday, July 19, 2018
  • Why Drupalgeddon 2.0 May Still Be A Threat To Your Website
  • Businesses Seek to Please Customers Before Regulators in Drive for GDPR Compliance
  • Exposed: Exactis’ Database of 340 Million Consumer Records
  • The Latest on PCI: Minor on PCI DSS, Major on Almost Everything Else
  • 4 Things to Know About the WPA3 Protocol

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Community
    • Security Bloggers Network
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
  • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Security Bloggers Network 

Home » Security Bloggers Network » Tripwire Patch Priority Index for May 2018

Tripwire Patch Priority Index for May 2018

by Lane Thames on May 30, 2018

Tripwire’s May 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.

First on the patch priority list this month are patches for Microsoft Browsers and Scripting Engine. The patches for Internet Explorer resolve a security feature bypass vulnerability and the patches for Edge resolve memory corruption, information disclosure, and security feature bypass vulnerabilities. The patches for Microsoft Scripting Engine address 16 memory corruption vulnerabilities.

Next on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux, and Chrome OS. These Adobe Flash patches address a type confusion vulnerability, which if exploited can lead to arbitrary code execution.

Up next are patches for Microsoft Windows. These patches address 20 vulnerabilities, including security feature bypass, information disclosure, denial of service, elevation of privilege, and remote code execution vulnerabilities.

Next, administrators should focus on the patches available for Microsoft Office, Microsoft Excel, Microsoft InfoPath, Microsoft Outlook, and Microsoft Developer Tools. These patches fix information disclosure, remote code execution, and security feature bypass, and denial of service vulnerabilities.

Last but not least for this month, administrators should focus on patches available for Microsoft SharePoint and Exchange Server. These patches resolve elevation of privilege, memory corruption, and spoofing vulnerabilities.

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.

BULLETIN
CVE
Microsoft Browser
CVE-2018-8126, CVE-2018-1025, CVE-2018-8178, CVE-2018-1021, CVE-2018-8123, CVE-2018-8179, CVE-2018-8112
Microsoft Scripting Engine
CVE-2018-8145, CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8128, CVE-2018-8122, CVE-2018-1022, CVE-2018-0951, CVE-2018-8139, CVE-2018-0945, CVE-2018-0946, CVE-2018-8137, CVE-2018-8114, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955
Adobe Flash APSB18-16
CVE-2018-4944
Windows
CVE-2018-8165, CVE-2018-0959, CVE-2018-0961, CVE-2018-0824, CVE-2018-8166, CVE-2018-8120, CVE-2018-8124, CVE-2018-8164, CVE-2018-8167, CVE-2018-8134, CVE-2018-8170, CVE-2018-8897, CVE-2018-8141, CVE-2018-8127, CVE-2018-8136, CVE-2018-8129, CVE-2018-8132, CVE-2018-0854, CVE-2018-0958, CVE-2018-8174
Microsoft Excel
CVE-2018-8163, CVE-2018-8162, CVE-2018-8147, CVE-2018-8148
Microsoft InfoPath
CVE-2018-8173
Microsoft Office
CVE-2018-8161, CVE-2018-8158, CVE-2018-8157
Microsoft Outlook
CVE-2018-8160
.NET
CVE-2018-1039, CVE-2018-0765
Microsoft SharePoint
CVE-2018-8168, CVE-2018-8149, CVE-2018-8155, CVE-2018-8156
Exchange (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Lane Thames. Read the original post at: https://www.tripwire.com/state-of-security/vert/ppi-may2018/

May 30, 2018May 30, 2018 Lane Thames VERT
  • ← Azure Active Directory Administrative Units
  • XKCD, Business Update →

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

VPNFilter Attack Hits Chlorine Plant in Ukraine
Cybersecurity Job Seekers: Go West (or South)
We Have the Silver Bullet for BS Detection – CISO/Security Vendor Relationship Podcast
It’s Time to Rethink Privileged Account Management
Cyberespionage Campaign in Ukraine Uses Free and Custom RATs
A primer: How to stay safe on Amazon’s Prime Day Sale
Google Cloud Server Authentication
Pentester Academy Command Injection ISO: SugarCRM 6.3.1 Exploitation
Recon for Social Engineering, Par Excellence
8 Insights on the Future of Ransomware

Upcoming Webinars

Tue 24

DevOps Security: Build-Time Identification of Security Issues — A case study with Jenkins, Docker, and AWS

July 24 @ 11:00 am - 12:00 pm
Thu 26

Draft and Develop: A Solution to the Cyber Security Skills Shortage

July 26 @ 11:00 am - 12:00 pm
Tue 31

Mastering Machine Learning for Security Professionals: A Discussion

July 31 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The State of Security RSA Special Report

CISO Conversations

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

It’s Time to Rethink Privileged Account Management
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

It’s Time to Rethink Privileged Account Management

July 18, 2018 Mark Klinchin | Yesterday 0
Control, Defend and Extend Container Security
Cybersecurity DevOps Industry Spotlight Security Boulevard (Original) 

Control, Defend and Extend Container Security

July 10, 2018 Kirsten Newcomer | Jul 10 0
Is Vulnerability Management Now Out of Our Control?
Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) 

Is Vulnerability Management Now Out of Our Control?

July 6, 2018 Chris Calvert | Jul 06 0

Top Stories

Cyberespionage Campaign in Ukraine Uses Free and Custom RATs
Endpoint Featured Malware News Security Boulevard (Original) Spotlight Threats & Breaches 

Cyberespionage Campaign in Ukraine Uses Free and Custom RATs

July 18, 2018 Lucian Constantin | Yesterday 0
VPNFilter Attack Hits Chlorine Plant in Ukraine
Featured IoT & ICS Security Malware News Security Boulevard (Original) Spotlight Threats & Breaches 

VPNFilter Attack Hits Chlorine Plant in Ukraine

July 16, 2018 Lucian Constantin | 2 days ago 0
Security Boulevard’s 5 Most Read Stories for the Week, July 9-13
CISO Suite Cloud Security Cybersecurity DevOps Featured Malware Most Read This Week News Security Boulevard (Original) Social Engineering Spotlight Threats & Breaches Vulnerabilities 

Security Boulevard’s 5 Most Read Stories for the Week, July 9-13

July 16, 2018 Saleem Padani | 2 days ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.