Tripwire’s July 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, F5 Networks, Cisco, and Oracle.

Up first on the patch priority list this month are patches for F5 Networks and Cisco for vulnerabilities that have been integrated into various Exploits. Metasploit has recently added exploits for F5 Networks’ BIG-IP (CVE-2020-5902) and Cisco AnyConnect Secure Mobility Client for Windows (CVE-2020-3153). Patches should be applied to these systems as soon as possible.

DevOps Connect:DevSecOps @ RSAC 2022

Up next on the priority list this month is a patch for Microsoft DNS server (CVE-2020-1350). Microsoft DNS servers are prone to a remote code execution vulnerability that is, in theory, wormable. System administrators should apply the patch for vulnerability as soon as possible. Note that Microsoft provides a workaround that involves a registry setting (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350).

Up next on the patch priority list this month are patches for Microsoft Scripting Engine, Internet Explorer, and Microsoft Edge. These patches resolve 4 vulnerabilities, including remote code execution and information disclosure vulnerabilities.

Next on the list are patches for Microsoft Office, Word, Outlook, and Project, which resolve 6 vulnerabilities including information disclosure and remote code execution vulnerabilities.

Up next are patches for Oracle Java. These patches resolve 11 vulnerabilities related to Java 2D, Libraries, JAXP, ImageIO, JavaFX, Hotspot, and JSSE.

Next this month are patches that affect components of the Windows operating systems. These patches resolve more than 80 vulnerabilities, including denial of service, elevation of privilege, information disclosure, remote code execution, and memory corruption vulnerabilities. These vulnerabilities affect Connected User Experiences and Telemetry Service, core Windows, Jet Database Engine, LNK, Sync Host Service, Storage Services, SharedStream Library, Runtime, iSCSI Target Service, Subsystem for Linus, WalletService, DirectWrite, Graphics, Imaging, ALPC, and Resource Policy.

Up next is a patch for .NET Framework that resolves a remove code execution (Read more...)