Wednesday, May 31, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • Discord Admins Hacked by Malicious Bookmarks
  • SEO Poisoning: How Threat Actors Are Using Search Engines to Compromise Organizations
  • Listen to These Recordings: Deepfake Social Engineering Scams Are Scaring Victims
  • BSidesSF 2023 - Mike Kiser - New Face, Who Dis? Recent Adversarial Approaches to Facial Recognition
  • Apptega Launches GLBA Framework to Coincide with Impending Updates
SBN News Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » Tripwire Patch Priority Index for December 2018

SBN

Tripwire Patch Priority Index for December 2018

by Lane Thames on December 20, 2018

Tripwire’s December 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.

DevOps ConnectSponsorships Available

First on the patch priority list this month are patches for Microsoft’s Internet Explorer and Scripting Engine. These patches resolve nine vulnerabilities, including fixes for Memory Corruption and Remote Code Execution (RCE) vulnerabilities.

Next on the list are patches for Adobe Flash. These patches resolve a use-after-free vulnerability and a DLL hijacking vulnerability. These patches are available for Windows, macOS, Linux and Chrome OS.

(NOTE: Adobe is aware of reports that an exploit for CVE-2018-15982 exists in the wild.)

Up next are patches for Adobe Acrobat and Reader, and this month it is a whopper resolving 87 vulnerabilities. These updates address critical and important vulnerabilities, including fixes for buffer errors, untrusted pointer dereference, security bypass, use-after-free, out-of-bounds read, out-of-bounds write, heap overflow and integer overflow vulnerabilities.

Up next are patches for Microsoft Office for Excel, Outlook and PowerPoint. These patches resolve six vulnerabilities, including Remote Code Execution (RCE) and Information Disclosure vulnerabilities.

Next on the list are the patches for Microsoft Windows. These patches address multiple vulnerabilities across Win32k.sys, Azure, DNS server, Windows GDI, Windows Kernel and other Windows components. These patch various vulnerabilities, including XSS, Heap Overflow, Denial of Service, Elevation of Privilege (EoP), Information Disclosure and RCE vulnerabilities.

(NOTE: Microsoft is reporting that the CVE-2018-8611 Windows kernel privilege escalation vulnerability is seeing active exploitation on older versions of Windows.) Successful exploitation can allow an attacker to run code in kernel mode. This issue was resolved by changing how the Windows kernel handles objects in memory.

Next on the list are patches for the .NET Framework, with fixes for a Denial of Service vulnerability and a Remote Code Injection vulnerability.

(NOTE: The CVE-2018-8517 vulnerability is a publicly disclosed issue with the .NET (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Lane Thames. Read the original post at: https://www.tripwire.com/state-of-security/vert/tripwire-patch-priority-index-for-december-2018/

December 20, 2018December 20, 2018 Lane Thames Microsoft, patch priority index, VERT, Vulnerabilities
  • ← Latest Version of Tripwire IP360 Now Certified To Meet Most Current Common Criteria Certification Standards
  • Walmart Moves Closer to ‘Minority Report’ Reality →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Wed 31

Simplify, Secure, Strengthen: Implementing Zero-Trust Across Your Endpoints

May 17 @ 1:00 pm - July 12 @ 2:00 pm
Jun 05

Securing Open Source

June 5 @ 1:00 pm - 2:00 pm
Jun 08

ActiveState Workshop: Building Secure and Reproducible Open Source Runtimes

June 8 @ 1:00 pm - 2:00 pm
Jun 13

Uncovering the Hidden Cybersecurity Threat in Your Organization

June 13 @ 1:00 pm - 2:00 pm
Jun 14

Enrich Security Investigations With ServiceNow Asset Data in Snowflake

June 14 @ 3:00 pm - July 24 @ 4:00 pm
Jun 15

Securing Containers & Kubernetes With AWS And Calico

June 15 @ 3:00 pm - 4:30 pm
Jun 22

Strange Bedfellows: Software, Security and the Law

June 22 @ 11:00 am - 12:00 pm
Jun 22

Sneak Peek: Cloud Security Prioritized With Sonrai

June 22 @ 1:00 pm - 2:00 pm
Jun 22

Unleash the Potential of Your Log and Event Data, Including AI’s Growing Impact

June 22 @ 3:00 pm - 4:00 pm
Jul 24

Identity and Access Management

July 24 @ 1:00 pm - 2:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT
Revolutionize Zero-Trust Security With a Converged Identity Platform
Federal Appellate Court Approves ‘Pretext’ Border Search
Consumers Wary of Biometric Security
Understanding the Progression of a Ransomware Attack
Is Your SIEM Strategy Failing You? Here’s Why AI-Powered XDR Might Be The Answer
What are FedRAMP Requirements? (And Who Needs to Know)
Phishing Domains Tanked After Meta Sued Freenom
Utilizing SEC Cybersecurity Rule and CISA Directive | anecdotes
BSidesSF 2023 – Leif Dreizler – Tracking Meaningful Security Product Metrics

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Industry Spotlight

‘Predator’ — Nasty Android Spyware Revealed
Analytics & Intelligence API Security Cyberlaw Cybersecurity Data Security Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Predator’ — Nasty Android Spyware Revealed

May 30, 2023 Richi Jennings | Yesterday 0
Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift
Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Industry Spotlight News Security Boulevard (Original) Spotlight 

Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift

May 23, 2023 Michael Vizard | May 23 0
Facebook Fined $1.3B — Zuckerberg Furious in GDPR Fight
Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threats & Breaches 

Facebook Fined $1.3B — Zuckerberg Furious in GDPR Fight

May 22, 2023 Richi Jennings | May 22 0

Top Stories

COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT
Analytics & Intelligence API Security Cloud Security Cyberlaw Cybersecurity Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response IOT IoT & ICS Security Malware Most Read This Week Network Security News Popular Post Security Boulevard (Original) Security Operations Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT

May 26, 2023 Richi Jennings | 4 days ago 0
Federal Appellate Court Approves ‘Pretext’ Border Search
Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) 

Federal Appellate Court Approves ‘Pretext’ Border Search

May 26, 2023 Mark Rasch | 4 days ago 0
U.S.-South Korea Forge Strategic Cybersecurity Framework
Cybersecurity Featured Governance, Risk & Compliance News Security Boulevard (Original) Spotlight Threat Intelligence 

U.S.-South Korea Forge Strategic Cybersecurity Framework

May 25, 2023 Christopher Burgess | May 25 0

Security Humor

Randall Munroe’s XKCD ‘The Six Platonic Solids’

Randall Munroe’s XKCD ‘The Six Platonic Solids’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.