Wednesday, May 22, 2019
  • Yubikey, The Weaponization Thereof
  • New Generation Robots.txt: Apple App-Site-Association
  • Is Ireland too soft with GDPR enforcement, or just being prudent?
  • Cryptography is Changing Fast, and Cyber Security Pros Are Best Advised to Stay Ahead of the Curve
  • Building the Enterprise Security Team by Dr. Ed Amoroso

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
SBN News Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » SBN News » Tripwire Patch Priority Index for December 2018

Tripwire Patch Priority Index for December 2018

by Lane Thames on December 20, 2018

Tripwire’s December 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.

First on the patch priority list this month are patches for Microsoft’s Internet Explorer and Scripting Engine. These patches resolve nine vulnerabilities, including fixes for Memory Corruption and Remote Code Execution (RCE) vulnerabilities.

Next on the list are patches for Adobe Flash. These patches resolve a use-after-free vulnerability and a DLL hijacking vulnerability. These patches are available for Windows, macOS, Linux and Chrome OS.

(NOTE: Adobe is aware of reports that an exploit for CVE-2018-15982 exists in the wild.)

Up next are patches for Adobe Acrobat and Reader, and this month it is a whopper resolving 87 vulnerabilities. These updates address critical and important vulnerabilities, including fixes for buffer errors, untrusted pointer dereference, security bypass, use-after-free, out-of-bounds read, out-of-bounds write, heap overflow and integer overflow vulnerabilities.

Up next are patches for Microsoft Office for Excel, Outlook and PowerPoint. These patches resolve six vulnerabilities, including Remote Code Execution (RCE) and Information Disclosure vulnerabilities.

Next on the list are the patches for Microsoft Windows. These patches address multiple vulnerabilities across Win32k.sys, Azure, DNS server, Windows GDI, Windows Kernel and other Windows components. These patch various vulnerabilities, including XSS, Heap Overflow, Denial of Service, Elevation of Privilege (EoP), Information Disclosure and RCE vulnerabilities.

(NOTE: Microsoft is reporting that the CVE-2018-8611 Windows kernel privilege escalation vulnerability is seeing active exploitation on older versions of Windows.) Successful exploitation can allow an attacker to run code in kernel mode. This issue was resolved by changing how the Windows kernel handles objects in memory.

Next on the list are patches for the .NET Framework, with fixes for a Denial of Service vulnerability and a Remote Code Injection vulnerability.

(NOTE: The CVE-2018-8517 vulnerability is a publicly disclosed issue with the .NET (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Lane Thames. Read the original post at: https://www.tripwire.com/state-of-security/vert/tripwire-patch-priority-index-for-december-2018/

December 20, 2018December 20, 2018 Lane Thames Microsoft, patch priority index, VERT, Vulnerabilities
  • ← Latest Version of Tripwire IP360 Now Certified To Meet Most Current Common Criteria Certification Standards
  • Walmart Moves Closer to ‘Minority Report’ Reality →
Featured Blog

Tony Howlett

8 security points of vendor lifecycle management

Ellen Neveux

If You Aren’t Scared of Ransomware, You Aren’t Paying Attention

Ellen Neveux

What are the benefits of the least privileged principle?

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

6 Ways Poor Cybersecurity Hurts Businesses
49 Million Instagram Users’ Private Data Leaked via AWS
The Evolving Impact of Cybersecurity Threats
Microsoft Again Most Spoofed as Office 365 Phishing Evolves
Cybersecurity Skills Gap: Will New Executive Order Help?
THE TRADE SECRET: Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers
10 Tips for Engaging a Security Services Vendor
RealTalk: We Recreated Joe Rogan’s Voice Using Artificial Intelligence
Governments Explore Opportunities at National Summit on State Cyber Security
Account Hijacking Forum OGusers Hacked

Upcoming Webinars

Thu 23

Reduce the Burden Of Managing SAP With Enterprise Identity Management

May 23 @ 1:00 pm - 2:00 pm
Wed 29

Deploying Secure Modern Apps in Evolving Infrastructures

May 29 @ 1:00 pm - 2:00 pm
Jun 24

DevSecOps Challenges in a Cloud Native World

June 24 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Q1 2019 Report: Email Fraud & Identity Deception Trends

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

DLP Systems and the Solutions They Offer
Cybersecurity Data Security Industry Spotlight Network Security Security Boulevard (Original) 

DLP Systems and the Solutions They Offer

May 22, 2019 Richard Azu | 12 hours ago 0
Microsoft Again Most Spoofed as Office 365 Phishing Evolves
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

Microsoft Again Most Spoofed as Office 365 Phishing Evolves

May 21, 2019 Adrien Gendre | Yesterday 0
How to Break Broken SOC Cycles
Cybersecurity DevOps Industry Spotlight Security Boulevard (Original) 

How to Break Broken SOC Cycles

May 21, 2019 Troy Kent | Yesterday 0

Top Stories

49 Million Instagram Users’ Private Data Leaked via AWS
Cloud Security Cybersecurity Data Security Featured News Security Boulevard (Original) Spotlight Threats & Breaches 

49 Million Instagram Users’ Private Data Leaked via AWS

May 21, 2019 Richi Jennings | Yesterday 0
$100M ‘GozNym’ Bank Trojan Gang: 6 Arrested, 5 at Large
Cyberlaw Cybersecurity Featured Malware News Security Boulevard (Original) Social Engineering Spotlight Threats & Breaches 

$100M ‘GozNym’ Bank Trojan Gang: 6 Arrested, 5 at Large

May 17, 2019 Richi Jennings | May 17 0
Akamai Extends Security Services to the Enterprise
Cloud Security Cybersecurity Featured News Security Boulevard (Original) Spotlight 

Akamai Extends Security Services to the Enterprise

May 16, 2019 Michael Vizard | May 16 0

Security Humor

via   the Comic Noggins of  Nitrozac   and  Snaggy   at  The Joy of Tech®

The Joy of Tech®, ‘After Game Of Thrones, Now What?

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.