Tripwire's December 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Edge, which resolve over 25 issues including use-after-free, type confusion, insufficient data validation, insufficient policy enforcement, and other vulnerabilities. Next are patches for Microsoft Office, Outlook...

Tripwire's November 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Word, and Excel that resolve 8 vulnerabilities, including remote code execution, information disclosure, and security feature bypass vulnerabilities. Up next are patches that affect components of the core Windows...

Tripwire's October 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches for Chromium and Microsoft Edge based on Chromium. These patches resolve over 10 issues such as user-after-free, insufficient policy enforcement, and out-of-bounds write vulnerabilities. Up next are patches for Microsoft...

Tripwire's September 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Chromium and Microsoft Edge based on Chromium. These patches resolve over 20 issues such as user-after-free, insufficient policy enforcement, out-of-bounds write, and heap buffer overflow vulnerabilities. Up next are patches for...

Today’s VERT Alert addresses Microsoft’s October 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1025 on Wednesday, October 12th. In-The-Wild & Disclosed CVEs CVE-2022-41033 A vulnerability in the Windows COM+ Event System service could allow malicious individuals to obtain SYSTEM level access on all supported versions of Windows. The...

Tripwire's August 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Outlook, and Excel that resolve 4 vulnerabilities, including denial of service, remote code execution, and security feature bypass. Up next are patches that affect components of the Windows operating systems. These...

Tripwire's July 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches that resolve 2 vulnerabilities in Edge. Next is a patch that resolves a security feature bypass vulnerability in Office. Up next are patches for Adobe Reader and Acrobat that resolve 22 issues including arbitrary code execution...

Tripwire's June 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month is a patch for a remote code execution vulnerability in Edge. Next are patches for Office and Excel that resolve 3 information disclosure vulnerabilities and 1 remote code execution vulnerability Up next are patches that affect components of the...

Tripwire's May 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are 2 remote code execution vulnerabilities for Excel and a security feature bypass vulnerability for Office. Up next are patches that affect components of the Windows operating systems. These patches resolve over 40 vulnerabilities, including...

Tripwire's April 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google Chrome, Oracle, and Adobe. First on the patch priority list this month is an elevation of privilege vulnerability in the Microsoft Windows User Profile Service. This vulnerability has been added to the Metasploit Exploit Framework and any vulnerable systems should be patched as soon as...

Tripwire's March 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google Chrome, and Spring Framework. First on the patch priority list this month is a remote code execution vulnerability in the Spring Framework (CVE-2022-22965). This vulnerability has been added to the Metasploit Exploit Framework and any vulnerable systems should be patched as soon as...

Tripwire's February 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month is a vulnerability for Microsoft Windows LSA (CVE-2021-36942). This vulnerability has been added to Metasploit Exploit Framework and any vulnerable systems should be patched as soon as possible. Up next are patches for Microsoft Edge that resolve...

Tripwire's January 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Apache, Open Source Policy Kit, Adobe, and Microsoft. First on the patch priority list this month are patches for Apache Log4j2 vulnerabilities, most importantly for the Log4j2 "LogShell" remote code execution vulnerability (CVE-2021-44228). This vulnerability made it on the December 2021 priority list...

Tripwire's December 2021 Patch Priority Index (PPI) brings together important vulnerabilities for Apache, Ubuntu Linux Kernel, and Microsoft. First on the patch priority list this month are patches for Apache Log4j2 vulnerabilities, most importantly for the Log4j2 "LogShell" remote code execution vulnerability. There are many attack vectors via various software applications due to Log4j2's...

Tripwire's November 2021 Patch Priority Index (PPI) brings together important vulnerabilities for open-source software components and Microsoft. First on the patch priority list this month are patches for Open Management Infrastructure (CVE-2021-38648, CVE-2021-38647), Eclipse Jetty (CVE-2021-28164), and ExifTool (CVE-2021-22204). Exploits for these vulnerabilities have been recently added to the...

Tripwire's October 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Squid, Microsoft, and Adobe. First on the patch priority list this month are patches for Squid (CVE-2021-31807, CVE-2021-31806). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible. Next are patches for...

Tripwire's September 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, Linux, and Confluence. First on the patch priority list this month are patches for the Linux kernel (CVE-2021-3490) and Confluence Server and Data Center (CVE-2021-26084). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems...

Tripwire's August 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft. First on the patch priority list this month are patches for Microsoft Exchange Server (CVE-2021-34523, CVE-2021-34473, and CVE-2021-31207). These vulnerabilities have seen active exploitation. Also, exploits for these vulnerabilities have been recently added to the Metasploit Exploit...

In this episode, Greg Wilson, CISO of Docupace, discussed the rise of ransomware during uncertain times (i.e. COVID pandemic), whether it’s here to stay, and how to prevent damage with security hygiene . https://open.spotify.com/episode/24huDJTPDj7JyOxa1CODge?si=80455f6634a94ee6 Spotify: https://open.spotify.com/show/5UDKiGLlzxhiGnd6FtvEnm Stitcher: https://www.stitcher.com/podcast/the-tripwire...

Tripwire's July 2021 Patch Priority Index (PPI) brings together important vulnerabilities from VMware, Adobe, Oracle, and Microsoft. First on the patch priority list this month are patches for Microsoft Print Spooler (CVE-2021-34527, CVE-2021-1675) and vSphere Client (CVE-2021-21985). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems...