Tripwire’s January 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, VMware, and Linux.

Exploit Alert: Metasploit

Up first on the patch priority list this month are vulnerabilities that have been recently added to Metasploit. Two vulnerabilities identified by CVE-2019-9213 and CVE-2018-5333 affect the Linux kernel. Also, exploits for CVE-2019-19781 that affect the Citrix Application Delivery Controller (ADC) and Gateway have been added to Metasploit.

Exploit Alert: Canvas

Next on the patch priority list this month are vulnerabilities that have been recently added to Canvas. In particular, exploits for CVE-2019-5512 that affects VMware Workstation and CVE-2019-2725 that affects Oracle Weblogic Server have been added to Canvas. Administrators should ensure patches for vulnerabilities included recently in Metasploit or Canvas are patched as soon as possible.

Other Patch Priorities

Up next are patches for Microsoft Browser. January was a slow month for the Microsoft Browser with a single CVE for Internet Explorer that resolves a memory corruption vulnerability.

Next on the list are patches for Microsoft Excel and Office. These patches resolve two remote code execution and one memory corruption vulnerabilities.

Up next are patches for Oracle Java. These patches address numerous vulnerabilities within Java at or below versions 7u241, 8u231, 11.0.5, and 13.0.1

Next this month are patches that affect components of the Windows operating systems. These patches resolve numerous vulnerabilities, including denial of service, elevation of privilege, information disclosure, remote code execution, and security feature bypass. These vulnerabilities affect Hyper-V, cryptographic services, graphics components, remote desktop client, win32k, common log file system driver, GDI+, remote desktop gateway, search indexer, and windows subsystem for Linux.

Next, this month are patches for the Microsoft .NET Framework. These patches resolve 3 remote code execution vulnerabilities.

Lastly this month, administrators should focus on server-side patches available for (Read more...)