Sunday, June 14, 2026

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
    • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » Tripwire Patch Priority Index for November 2018

SBN

Tripwire Patch Priority Index for November 2018

by Lane Thames on November 29, 2018

Tripwire’s November 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.

First on the patch priority list this month are patches for Microsoft’s Internet Explorer, Edge, and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege (EoP), Spoofing, and Information Disclosure vulnerabilities.

Next on the list are patches for Adobe Flash, Acrobat, and Reader. These patches resolve 2 information disclosure vulnerabilities.

Up next are patches for Microsoft Office for Excel, Outlook, Project, Skype for Business, and Word. These patches resolve 10 vulnerabilities, including Remote Code Execution (RCE) and Denial of Service vulnerabilities.

Next on the list are the patches for Microsoft Windows. These patches address multiple vulnerabilities across Active Directory Federation Services, BitLocker, DirectX, MSRPC, Graphics components, PowerShell, JScript, RemoteFX, Win32k, ALCP, and other Windows components. These patches resolve 24 vulnerabilities including XSS, Security Feature Bypass, EoP, Information Disclosure, and RCE vulnerabilities.

Finally, this month administrators should focus on server-side patches for Microsoft Team Foundation Server, Exchange, SharePoint, and Dynamics 365. These patches resolve 10 vulnerabilities including XSS, EoP, Information Disclosure, and RCE vulnerabilities.

BULLETIN

CVE
Microsoft Scripting Engine CVE-2018-8541,CVE-2018-8551,CVE-2018-8542,CVE-2018-8588,CVE-2018-8555,CVE-2018-8543,CVE-2018-8556,CVE-2018-8557,CVE-2018-8552
Microsoft Browsers CVE-2018-8570,CVE-2018-8567,CVE-2018-8545,CVE-2018-8564
Adobe Flash CVE-2018-15978
Adobe Acrobat/Reader CVE-2018-15979
Microsoft Office CVE-2018-8574,CVE-2018-8577,CVE-2018-8582,CVE-2018-8576,CVE-2018-8524,CVE-2018-8522,CVE-2018-8575,CVE-2018-8546,CVE-2018-8539,CVE-2018-8573
Microsoft Windows CVE-2018-8547,CVE-2018-8566,CVE-2018-8561,CVE-2018-8485,CVE-2018-8554,CVE-2018-8563,CVE-2018-8407,CVE-2018-8553,CVE-2018-8417,CVE-2018-8256,CVE-2018-8415,CVE-2018-8471,CVE-2018-8562,CVE-2018-8565,CVE-2018-8584,CVE-2018-8454,CVE-2018-8550,CVE-2018-8476,CVE-2018-8592,CVE-2018-8408,CVE-2018-8450,CVE-2018-8549,CVE-2018-8544,CVE-2018-8589
Microsoft Team Foundation Server CVE-2018-8602
Microsoft Exchange CVE-2018-8581
Microsoft SharePoint CVE-2018-8568,CVE-2018-8572,CVE-2018-8578
Microsoft Dynamics CVE-2018-8607,CVE-2018-8605,CVE-2018-8608,CVE-2018-8606,CVE-2018-8609

 

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.

Or you can follow them on Twitter: @tripwirevert

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Lane Thames. Read the original post at: https://www.tripwire.com/state-of-security/vert/tripwire-patch-priority-index-november-2018/

November 29, 2018November 29, 2018 Lane Thames PPI, security, VERT
  • ← 5 Crucial Requirements for Enterprise Security Beyond the Firewall
  • Security breaches come with a high price tag for UK businesses →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

Upcoming Webinars

Agentic Software Delivery in 2026: How To Bridge The Gap Between AI Ambition and Delivery Confidence
The Cost of Exposure: Managing the Operational Risks of Executive Security Incidents
Untangling the EU Cyber Resilience Act
The Software Supply Chain Just Got Harder to See
Building a Resilient Security Culture in the AI Era with AWS & Datadog

Podcast

Listen to all of our podcasts

Secure by Design

2 weeks ago | Jack Poller

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

3 weeks ago | Jack Poller

NIST’s Nine: The PQC Signature Race Moves to Round Three

3 weeks ago | Jack Poller

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

4 weeks ago | Jack Poller

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

1 month ago | Jack Poller

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

Most Read on the Boulevard

Zscaler Launches Industry-First Zero Trust Security for Agentic AI
Linux Kernel Bug Caused by Single Character Opens Path to Root Access
ServiceNow Fixes Flaw That Could Lead to Unauthorized Access to Instances
HackerOne Unveils Agentic AI Platform to Discover and Validate Vulnerabilities Faster
Survey: Organizations Take Too Long to Fix Application Vulnerabilities
Atomic Arch npm Campaign Adds Malicious Dependency
ServiceNow Breach Explained: API Exposure, Risks & Security
ServiceNow Discloses Security Incident Exposing Customer Data
Top 8 AI App Dev Platforms in 2026
CISA BOD 26-04: Frequently asked questions about the new risk-based patching directive

Industry Spotlight

Anthropic Mythos AI Model Strikes Fear in Trump Administration, U.S. Banks
Cloud Security Cybersecurity Data Privacy Data Security Featured Incident Response Industry Spotlight Malware Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threats & Breaches Vulnerabilities 

Anthropic Mythos AI Model Strikes Fear in Trump Administration, U.S. Banks

April 12, 2026 Jeffrey Burt | Apr 12 Comments Off on Anthropic Mythos AI Model Strikes Fear in Trump Administration, U.S. Banks
The Day the Security Music Died
AI and Machine Learning in Security Cybersecurity Featured Industry Spotlight Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

The Day the Security Music Died

April 8, 2026 Alan Shimel | Apr 08 Comments Off on The Day the Security Music Died
The Lock, Not the Alarm: How Palo Alto’s Koi Acquisition Rewrites Endpoint Security
Featured Industry Spotlight Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Uncategorized 

The Lock, Not the Alarm: How Palo Alto’s Koi Acquisition Rewrites Endpoint Security

February 18, 2026 Jack Poller | Feb 18 Comments Off on The Lock, Not the Alarm: How Palo Alto’s Koi Acquisition Rewrites Endpoint Security

Top Stories

Google Sues Chinese Threat Group Using Gemini AI in Phishing Scams
Cloud Security Cybersecurity Data Privacy Data Security Endpoint Featured Identity & Access Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches 

Google Sues Chinese Threat Group Using Gemini AI in Phishing Scams

June 14, 2026 Jeffrey Burt | 33 minutes ago 0
ServiceNow Fixes Flaw That Could Lead to Unauthorized Access to Instances
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Incident Response Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Vulnerabilities 

ServiceNow Fixes Flaw That Could Lead to Unauthorized Access to Instances

June 11, 2026 Jeffrey Burt | 3 days ago 0
Zscaler Launches Industry-First Zero Trust Security for Agentic AI
AI and ML in Security Cybersecurity Featured News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Zero-Trust 

Zscaler Launches Industry-First Zero Trust Security for Agentic AI

June 10, 2026 Jon Swartz | 4 days ago 0

Security Humor

Randall Munroe’s XKCD 'Soniferous Aether'

Randall Munroe’s XKCD ‘Soniferous Aether’

Download Free eBook

[su_panel border="0px solid #ddd" radius="0" text_align="center" padding-top="0px" padding-bottom="0px"]
Managing the AppSec Toolstack
[/su_panel]

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2026 Techstrong Group Inc. All rights reserved.
×

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.