Tripwire’s January 2019 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, and Oracle.
First, on the patch priority list this month are patches for Microsoft’s Browser and Scripting Engine. These patches resolve 6 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege, and Remote Code Execution vulnerabilities.
Next on the list are patches for Adobe Reader and Acrobat. Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities. This update resolves use-after-free and security bypass vulnerabilities.
Up next are patches for Oracle Java. Supported versions affected by the January 2019 Oracle Critical Patch Update include Java SE 7u201, 8u192, 11.0.1 and Java SE Embedded 8u191.
Up next are patches for Microsoft Office, Outlook, Word, and Skype for Business 2015. These patches resolve 5 vulnerabilities, including Remote Code Execution, Spoofing, and Information Disclosure vulnerabilities.
Next on the list are the patches for Microsoft Windows. These patches address 27 vulnerabilities across Windows Kernel, Jet Database Engine, XmlDocument, Hyper-V, Windows Subsystem for Linux, DHCP client, COM, and Windows Data Sharing Service. These patches fix various vulnerabilities including Elevation of Privilege, Information Disclosure, and Remote Code Execution vulnerabilities.
Next on the list are patches for the .NET Framework and Visual Studio, with fixes for Information Disclosure vulnerabilities.
Finally this month, administrators should focus on server-side patches available for Microsoft Exchange, SharePoint, and Team Foundation Server. These patches resolve 8 vulnerabilities, including Cross-site Scripting, Information Disclosure, Elevation of Privilege, and Memory Corruption vulnerabilities.
|Browser||CVE-2019-0541, CVE-2019-0566, CVE-2019-0565|
|Chakra Scripting Engine||CVE-2019-0567, CVE-2019-0568, CVE-2019-0539|
|APSB19-02: Adobe Reader and Acrobat||CVE-2018-16011, CVE-2018-16018|
|Oracle Java||CVE-2018-11212, CVE-2019-2449, CVE-2019-2426, CVE-2019-2422|
|Microsoft Office||CVE-2019-0560, CVE-2019-0559, CVE-2019-0561, CVE-2019-0585, CVE-2019-0624|
|Windows||CVE-2019-0577, CVE-2019-0575, CVE-2019-0580, CVE-2019-0538, CVE-2019-0576, CVE-2019-0579, CVE-2019-0578, CVE-2019-0582, CVE-2019-0583, CVE-2019-0581, CVE-2019-0584, CVE-2019-0543, CVE-2019-0555, CVE-2019-0552, CVE-2019-0547, CVE-2019-0572, (Read more...)|
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Lane Thames. Read the original post at: https://www.tripwire.com/state-of-security/vert/tripwire-patch-priority-index-january-2019/