Saturday, February 4, 2023
  • USENIX Security ’22 – ‘How Machine Learning Is Solving The Binary Function Similarity Problem’
  • Gov Threatens Jail for Dangerously Diseased Americans Refusing Treatment
  • Dynamic Approaches seen in AveMaria’s Distribution Strategy
  • Tesla Asleep at the Wheel
  • Fortinet Adds Services to Help Close Cybersecurity Skills Gap

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » Tripwire Patch Priority Index for October 2018

SBN

Tripwire Patch Priority Index for October 2018

by Lane Thames on November 1, 2018

Tripwire’s October 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from libssh, Microsoft and Oracle.

TechStrong Con 2023Sponsorships Available

First on the patch priority list this month is an authentication bypass vulnerability in libssh. This vulnerability can be exploited remotely, and exploit code has recently been added to Metasploit.

Next are patches for Microsoft’s Internet Explorer, Edge and Scripting Engine. These patches resolve 11 vulnerabilities, including fixes for Memory Corruption and Security Feature Bypass vulnerabilities.

Up next are patches for Microsoft Office. Those include fixes for three remote code execution vulnerabilities, one each in Excel, PowerPoint and Word.

Next on the list are the patches for Microsoft Windows. These patches address numerous vulnerabilities across Device Guard, DirectX Graphics Kernel, Windows Kernel, MS XML, Graphics component, JET Database Engine, Windows GDI, Hyper-V, Windows Subsystem for Linux, DNS, Media Player, TCP/IP and Theme. Note that CVE-2018-8453 is a privilege escalation vulnerability in Win32k’s handling of objects in memory, and it has been exploited in the wild. According to ZDNet, the exploit has been used by a nation-state cyber-espionage group known as FruityArmor. Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) on their latest Windows release, while active exploitation has been detected on older releases.

Next, users should focus on the patches for Microsoft SharePoint and Exchange Server. These patches resolve Elevation of Privilege, Insecure Library Loading and Remote Code Execution vulnerabilities.

Last on the list this month are patches for Oracle Java and Oracle Database. These patches address vulnerabilities in Java SE versions 6u201, 7u191, 8u181 and 11 along with Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c.

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.

 

BULLETIN CVE
libssh – Authentication Bypass (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Lane Thames. Read the original post at: https://www.tripwire.com/state-of-security/vert/tripwire-patch-priority-index-for-october-2018/

November 1, 2018November 1, 2018 Lane Thames patch priority index, VERT, Vulnerabilities
  • ← Two Firms Fined £220,000 by ICO for Making 600,000 Nuisance Calls
  • This Is America: The Voice of The Consumer →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

Another Password Manager Leak Bug: But KeePass Denies CVE
‘Finish Him!’ US Kills Huawei With Final Tech Ban
Why Traditional Approaches Don’t Work for API Security
Zero-Trust Alone Won’t Save You
Case May Impact Role of Lawyers in Data Breaches and IR
Illicit Telegram Groups: A New Dark Web Frontier?
Five Questions Every CEO Should Ask About DFARS & CMMC Compliance
What is Fintech as a service & the Impact of APIs on Fintech?
Google’s open source team layoffs: Your software supply chain security is at risk
Rezillion Enhances Software Supply Chain Platform to Expand Detection, Prioritization and Remediation Capabilities, Bypassing Traditional Software Composition Analysis (SCA) Tools

Upcoming Webinars

Mon 13

AI in Machine Learning

February 13 @ 1:00 pm - 2:00 pm
Wed 15

Understanding Cyber Insurance Identity Security Requirements for 2023

February 15 @ 11:00 am - 12:00 pm
Wed 15

Where Will DevSecOps ‘Shift’ Next?

February 15 @ 1:00 pm - 2:00 pm
Tue 21

Headwinds, Crosswinds and Tailwinds: Securing the Cloud in Turbulent Times

February 21 @ 1:00 pm - 2:00 pm
Wed 22

Three Steps to Software Supply Chain Security Success in 2023

February 22 @ 1:00 pm - 2:00 pm
Tue 28

SaaS-Based Container Networking and Security on Amazon EKS

February 28 @ 11:00 am - 12:00 pm
Mar 20

Software Supply Chain Security

March 20 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Industry Spotlight

Anker’s Eufy Admits ‘Lie’ After TWO Months — Still no Apology
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cybersecurity Data Security DevOps Editorial Calendar Endpoint Featured Humor Identity & Access Incident Response Industry Spotlight IOT IoT & ICS Security Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Anker’s Eufy Admits ‘Lie’ After TWO Months — Still no Apology

February 3, 2023 Richi Jennings | 1 day ago 0
‘Finish Him!’ US Kills Huawei With Final Tech Ban
AI and Machine Learning in Security AI and ML in Security Analytics & Intelligence Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Industry Spotlight IOT IoT & ICS Security Mobile Security Most Read This Week Network Security News Popular Post Regulatory Compliance Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Finish Him!’ US Kills Huawei With Final Tech Ban

February 1, 2023 Richi Jennings | 3 days ago 0
US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew

January 23, 2023 Richi Jennings | Jan 23 0

Top Stories

Fortinet Adds Services to Help Close Cybersecurity Skills Gap
Cybersecurity Featured Incident Response News Security Awareness Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

Fortinet Adds Services to Help Close Cybersecurity Skills Gap

February 3, 2023 Michael Vizard | 1 day ago 0
Businesses Bolster Defenses as Data Breach Concerns Grow
Cybersecurity Data Security Featured Incident Response News Security Boulevard (Original) Threat Intelligence 

Businesses Bolster Defenses as Data Breach Concerns Grow

February 3, 2023 Nathan Eddy | 1 day ago 0
AI, Processor Advances Will Improve Application Security
Application Security Cybersecurity Featured Malware News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence 

AI, Processor Advances Will Improve Application Security

February 2, 2023 Michael Vizard | 2 days ago 0

Security Humor

Randall Munroe’s XKCD ‘Bursa of Fabricius’

Randall Munroe’s XKCD ‘Bursa of Fabricius’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.