|Adobe Flash APSB18-19||CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002|
|Scripting Engine||CVE-2018-8229, CVE-2018-8227, CVE-2018-8267|
|Browser||CVE-2018-0978, CVE-2018-8249, CVE-2018-8113|
|Edge||CVE-2018-8234, CVE-2018-0871, CVE-2018-8236, CVE-2018-8110, CVE-2018-8111, CVE-2018-8235|
|Microsoft Excel||CVE-2018-8246, CVE-2018-8248|
|Microsoft Office||CVE-2018-8247, CVE-2018-8245|
|Microsoft SharePoint||CVE-2018-8252, CVE-2018-8254|
|Microsoft Windows||CVE-2018-8140, CVE-2018-8169, CVE-2018-8231, CVE-2018-8226, CVE-2018-8219, CVE-2018-8251, CVE-2018-1036, CVE-2018-8175, CVE-2018-8233, CVE-2018-1040, CVE-2018-8225, CVE-2018-8205, CVE-2018-8208, CVE-2018-8214, CVE-2018-0982, CVE-2018-8239, CVE-2018-8218, CVE-2018-8224, CVE-2018-8207, CVE-2018-8121, CVE-2018-8210, CVE-2018-8213, CVE-2018-8209|
|Device Guard||CVE-2018-8201, CVE-2018-8215, CVE-2018-8217, CVE-2018-8216, CVE-2018-8211, CVE-2018-8212, CVE-2018-8221|
Tripwire’s June 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.
First on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux, and Chrome OS. These Adobe Flash patches address type confusion, integer overflow, out-of-bounds read, and stack-based buffer overflow vulnerabilities. Note that Adobe is aware of a report that an exploit for CVE-2018-5002 exists in the wild and has been used in targeted attacks against Windows users.
Next on the patch priority list this month are patches for Microsoft Browsers, Edge, and Scripting Engine. The patches for Internet Explorer resolve a security feature bypass vulnerability and two Memory Corruption vulnerabilities. The patches for Edge resolve memory corruption, information disclosure, and security feature bypass vulnerabilities. Finally, the patches for Microsoft Scripting Engine address three memory corruption vulnerabilities, one of which is rated as a 1 on the Microsoft Exploitability Index (Exploitation More Likely).
Up next are patches for Microsoft Excel, Office, and Outlook. These patches address three elevation of privilege vulnerabilities along with an information disclosure vulnerability and a remote code execution vulnerability.
Next are patches for Microsoft SharePiont that resolve two elevation of privilege vulnerabilities.
Next are patches for Microsoft Windows. The June patch drop for Microsoft Windows contained patches for 23 vulnerabilities spread across Cortana, HIDParser, HTTP.sys, Media Foundation, NTFS, Webdav, (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Lane Thames. Read the original post at: https://www.tripwire.com/state-of-security/vert/tripwire-patch-priority-index-for-june-2018/