Wednesday, March 22, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • Google Suspends Chinese E-Commerce App Pinduoduo Over Malware
  • How to select the right fraud prevention platform for your business
  • SafeBreach Coverage for Microsoft Outlook for Windows Vulnerability – CVE-2023-23397
  • USENIX Security '22 - Sunil Manandhar, Kaushal Kafle, Benjamin Andow, Kapil Singh, Adwait Nadkarni - ‘Smart Home Privacy Policies Demystified: A Study Of Availability, Content, And Coverage’
  • Emotet and Other Malware Shifting Tactics to OneNote Files
Security Bloggers Network 

Home » Security Bloggers Network » Tripwire Patch Priority Index for May 2018

SBN

Tripwire Patch Priority Index for May 2018

by Lane Thames on May 30, 2018

Tripwire’s May 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.

First on the patch priority list this month are patches for Microsoft Browsers and Scripting Engine. The patches for Internet Explorer resolve a security feature bypass vulnerability and the patches for Edge resolve memory corruption, information disclosure, and security feature bypass vulnerabilities. The patches for Microsoft Scripting Engine address 16 memory corruption vulnerabilities.

Next on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux, and Chrome OS. These Adobe Flash patches address a type confusion vulnerability, which if exploited can lead to arbitrary code execution.

Up next are patches for Microsoft Windows. These patches address 20 vulnerabilities, including security feature bypass, information disclosure, denial of service, elevation of privilege, and remote code execution vulnerabilities.

Next, administrators should focus on the patches available for Microsoft Office, Microsoft Excel, Microsoft InfoPath, Microsoft Outlook, and Microsoft Developer Tools. These patches fix information disclosure, remote code execution, and security feature bypass, and denial of service vulnerabilities.

Last but not least for this month, administrators should focus on patches available for Microsoft SharePoint and Exchange Server. These patches resolve elevation of privilege, memory corruption, and spoofing vulnerabilities.

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.

BULLETIN
CVE
Microsoft Browser
CVE-2018-8126, CVE-2018-1025, CVE-2018-8178, CVE-2018-1021, CVE-2018-8123, CVE-2018-8179, CVE-2018-8112
Microsoft Scripting Engine
CVE-2018-8145, CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8128, CVE-2018-8122, CVE-2018-1022, CVE-2018-0951, CVE-2018-8139, CVE-2018-0945, CVE-2018-0946, CVE-2018-8137, CVE-2018-8114, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955
Adobe Flash APSB18-16
CVE-2018-4944
Windows
CVE-2018-8165, CVE-2018-0959, CVE-2018-0961, CVE-2018-0824, CVE-2018-8166, CVE-2018-8120, CVE-2018-8124, CVE-2018-8164, CVE-2018-8167, CVE-2018-8134, CVE-2018-8170, CVE-2018-8897, CVE-2018-8141, CVE-2018-8127, CVE-2018-8136, CVE-2018-8129, CVE-2018-8132, CVE-2018-0854, CVE-2018-0958, CVE-2018-8174
Microsoft Excel
CVE-2018-8163, CVE-2018-8162, CVE-2018-8147, CVE-2018-8148
Microsoft InfoPath
CVE-2018-8173
Microsoft Office
CVE-2018-8161, CVE-2018-8158, CVE-2018-8157
Microsoft Outlook
CVE-2018-8160
.NET
CVE-2018-1039, CVE-2018-0765
Microsoft SharePoint
CVE-2018-8168, CVE-2018-8149, CVE-2018-8155, CVE-2018-8156
Exchange (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Lane Thames. Read the original post at: https://www.tripwire.com/state-of-security/vert/ppi-may2018/

May 30, 2018May 30, 2018 Lane Thames VERT
  • ← Azure Active Directory Administrative Units
  • XKCD, Business Update →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

Six Ways to Foster a Security Mindset in Engineering Teams
DNSSEC is the Key to a Healthy Future for the Internet
Cybersecurity Risk Quantification: A New Way to Understand Risks
Cybersecurity Leaders Stressed Over Email Security
Elevate Cybersecurity Resilience With PCI-DSS 4.0
Top 21 WooCommerce Plugins You Need for Your Online Store in 2023
URGENT ACTION RECOMMENDED – Microsoft Outlook Vulnerability (CVE-2023-23397)
Profiling a Currently Active Vendor of Western Union and Banking Logs Including Stolen Credit Cards Transfer Details – An Analysis
Roseville, Calif., CIO Brings Global Background to Local Gov
Profiling a New Vendor of ATM Skimming Devices and Stolen Credit Cards Information On A Major Cybercrime-Friendly Forum Community – An Analysis

Upcoming Webinars

Apr 04

Key Strategies for a Secure and Productive Hybrid Workforce

April 4 @ 1:00 pm - 2:00 pm
Apr 05

Securing Kubernetes With SentinelOne and AWS

April 5 @ 1:00 pm - 2:00 pm
Apr 05

From Vulnerable to Invincible: The Five-Step Journey to Complete Cloud Security

April 5 @ 3:00 pm - 4:00 pm
Apr 12

The State of Cloud-Native Security 2023

April 12 @ 1:00 pm - 2:00 pm
Apr 13

Case Study: Improving Code Security With Continuous Software Modernization

April 13 @ 11:00 am - 12:00 pm
Apr 24

Securing Open Source

April 24 @ 1:00 pm - 2:00 pm
May 03

https://webinars.securityboulevard.com/ciso-panel-tips-for-optimizing-cloud-native-security-stack-in-2023?utm_campaign=2023.05.03_Aqua_Webinar_SB&utm_source=BMRegister

May 3 @ 3:00 pm - 4:00 pm
May 22

Ransomware

May 22 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

FINALLY! FCC Acts on SMS Scam-Spam — But Will It Work?
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight IoT & ICS Security Malware Mobile Security Most Read This Week Network Security News Popular Post Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

FINALLY! FCC Acts on SMS Scam-Spam — But Will It Work?

March 17, 2023 Richi Jennings | Mar 17 0
White House to Regulate Cloud Security: Good Luck With That
Analytics & Intelligence Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Malware Most Read This Week Network Security News Popular Post Ransomware Securing Open Source Security Awareness Security Boulevard (Original) Security Operations Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

White House to Regulate Cloud Security: Good Luck With That

March 13, 2023 Richi Jennings | Mar 13 0
‘Extraordinary, Egregious’ Data Breach at House and Senate
Analytics & Intelligence API Security Application Security CISO Suite Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Ransomware Securing Open Source Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Extraordinary, Egregious’ Data Breach at House and Senate

March 10, 2023 Richi Jennings | Mar 10 0

Top Stories

Cybersecurity Leaders Stressed Over Email Security
Application Security Cloud Security Cybersecurity Endpoint Featured Mobile Security Network Security News Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

Cybersecurity Leaders Stressed Over Email Security

March 21, 2023 Nathan Eddy | 1 day ago 0
Scams Lost US $10 BILLION in 2022 — Crypto Fraud Grows Fast
Analytics & Intelligence Application Security Blockchain Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Digital Currency Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Malware Mobile Security Most Read This Week Network Security News Popular Post Ransomware Securing Open Source Security Awareness Security Boulevard (Original) Social Engineering Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Scams Lost US $10 BILLION in 2022 — Crypto Fraud Grows Fast

March 16, 2023 Richi Jennings | Mar 16 0
Dell Adds CrowdStrike to Cybersecurity Services Portfolio
Cloud Security Cybersecurity Featured Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence 

Dell Adds CrowdStrike to Cybersecurity Services Portfolio

March 15, 2023 Michael Vizard | Mar 15 0

Security Humor

Randall Munroe’s XKCD ‘March Madness’

Randall Munroe’s XKCD ‘March Madness’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.