Tripwire’s October 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, Linux Kernel and Adobe.

Exploit Alert: Metasploit

First on the patch priority list this month are vulnerabilities that have been recently add to Metasploit. CVE-2019-13272 is a Linux kernel vulnerability; proof-of-concept code capable of exploiting the vulnerability has been added to Metasploit. Most vendors with Linux kernel support have provided patches for this vulnerability.

Exploit Alert: Exploit-DB

Up next, system administrators should focus on several vulnerabilities from Adobe and Microsoft. CVE-2019-8197, CVE-2019-1364, CVE-2019-1347, CVE-2019-1346, CVE-2019-1343 and CVE-2019-1344 have been added to Exploit-DB with information detailing technical aspects that could lead to direct exploitation of these vulnerabilities.

CVE-2019-8197 is a vulnerability that impacts Adobe Reader and Acrobat. Information regarding this vulnerability and its patch are available via the Adobe Security bulletin APSB19-49.

CVE-2019-1364, CVE-2019-1347, CVE-2019-1346, CVE-2019-1343 and CVE-2019-1344 are vulnerabilities impacting the Microsoft Windows OS with patches released during the October 2019 Patch Tuesday release. Details about these vulnerabilities can be found at the MSRC security guidance portal.

Other Patch Priorities

Up next are patches for Microsoft Browser, Scripting Engine and VBScript. These patches resolve 10 vulnerabilities including fixes for memory corruption, information disclosure, remote code execution and spoofing flaws.

Next on the list are patches for Adobe Acrobat and Adobe Reader (APSB19-49). As mentioned above, these patches address one vulnerability that has been added to Exploit-DB. Over 60 vulnerabilities are addressed by the APSB19-49 patch, which addresses sse-after-free, out-of-bounds read and write, heap overflow, buffer overrun, cross-site-scripting, race condition, type confusion and untrusted oointer dereference vulnerabilities.

Next on the list are patches for Microsoft Excel that address two remote code execution vulnerabilities.

Up next are patches for Microsoft Windows. These patches address numerous vulnerabilities across Windows Kernel, GDI, Microsoft Graphics, Remote Desktop client, Hyper-V, Jet Database (Read more...)