Tripwire Patch Priority Index for January 2019

Image

Tripwire's January 2019 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe and Oracle. First on the patch priority list this month are patches for Microsoft's Browser and Scripting Engine. These patches resolve six vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege and Remote Code Execution vulnerabilities. Next on the list are patches for Adobe Reader and Acrobat. Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities including use-after-free and security bypass flaws. Up next are patches for Oracle Java. Supported versions affected by the January 2019 Oracle Critical Patch Update include Java SE 7u201, 8u192, 11.0.1 and Java SE Embedded 8u191. Then there are some patches for Microsoft Office, Outlook, Word, and Skype for Business 2015. These patches resolve five flaws, including Remote Code Execution, Spoofing and Information Disclosure vulnerabilities. Next on the list are the patches for Microsoft Windows. These patches address 27 vulnerabilities across Windows Kernel, Jet Database Engine, XmlDocument, Hyper-V, Windows Subsystem for Linux, DHCP client, COM and Windows Data Sharing Service. They fix various weaknesses including Elevation of Privilege, Information Disclosure and Remote Code Execution vulnerabilities. Next on the list are patches for the .NET Framework and Visual Studio, with fixes for Information Disclosure vulnerabilities. Finally this month, administrators should focus on server-side patches available for Microsoft Exchange, SharePoint and Team Foundation Server. These patches resolve eight vulnerabilities, including Cross-site Scripting, Information Disclosure, Elevation of Privilege and Memory Corruption vulnerabilities.

  To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here. Or you can follow VERT on Twitter: @tripwirevert