Tripwire Patch Priority Index for November 2018
Tripwire’s November 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.
First on the patch priority list this month are patches for Microsoft’s Internet Explorer, Edge, and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege (EoP), Spoofing, and Information Disclosure vulnerabilities.
Next on the list are patches for Adobe Flash, Acrobat, and Reader. These patches resolve 2 information disclosure vulnerabilities.
Up next are patches for Microsoft Office for Excel, Outlook, Project, Skype for Business, and Word. These patches resolve 10 vulnerabilities, including Remote Code Execution (RCE) and Denial of Service vulnerabilities.
Next on the list are the patches for Microsoft Windows. These patches address multiple vulnerabilities across Active Directory Federation Services, BitLocker, DirectX, MSRPC, Graphics components, PowerShell, JScript, RemoteFX, Win32k, ALCP, and other Windows components. These patches resolve 24 vulnerabilities including XSS, Security Feature Bypass, EoP, Information Disclosure, and RCE vulnerabilities.
Finally, this month administrators should focus on server-side patches for Microsoft Team Foundation Server, Exchange, SharePoint, and Dynamics 365. These patches resolve 10 vulnerabilities including XSS, EoP, Information Disclosure, and RCE vulnerabilities.
BULLETIN |
CVE |
Microsoft Scripting Engine | CVE-2018-8541,CVE-2018-8551,CVE-2018-8542,CVE-2018-8588,CVE-2018-8555,CVE-2018-8543,CVE-2018-8556,CVE-2018-8557,CVE-2018-8552 |
Microsoft Browsers | CVE-2018-8570,CVE-2018-8567,CVE-2018-8545,CVE-2018-8564 |
Adobe Flash | CVE-2018-15978 |
Adobe Acrobat/Reader | CVE-2018-15979 |
Microsoft Office | CVE-2018-8574,CVE-2018-8577,CVE-2018-8582,CVE-2018-8576,CVE-2018-8524,CVE-2018-8522,CVE-2018-8575,CVE-2018-8546,CVE-2018-8539,CVE-2018-8573 |
Microsoft Windows | CVE-2018-8547,CVE-2018-8566,CVE-2018-8561,CVE-2018-8485,CVE-2018-8554,CVE-2018-8563,CVE-2018-8407,CVE-2018-8553,CVE-2018-8417,CVE-2018-8256,CVE-2018-8415,CVE-2018-8471,CVE-2018-8562,CVE-2018-8565,CVE-2018-8584,CVE-2018-8454,CVE-2018-8550,CVE-2018-8476,CVE-2018-8592,CVE-2018-8408,CVE-2018-8450,CVE-2018-8549,CVE-2018-8544,CVE-2018-8589 |
Microsoft Team Foundation Server | CVE-2018-8602 |
Microsoft Exchange | CVE-2018-8581 |
Microsoft SharePoint | CVE-2018-8568,CVE-2018-8572,CVE-2018-8578 |
Microsoft Dynamics | CVE-2018-8607,CVE-2018-8605,CVE-2018-8608,CVE-2018-8606,CVE-2018-8609 |
To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.
Or you can follow them on Twitter: @tripwirevert
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Lane Thames. Read the original post at: https://www.tripwire.com/state-of-security/vert/tripwire-patch-priority-index-november-2018/