Tripwire's June 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Cacti, Docker, Adobe, and Microsoft. First on the patch priority list this month are patches for Microsoft SharePoint (CVE-2021-31181), Cacti (CVE-2020-14295), and Docker (CVE-2019-5736). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should...

Tripwire's May 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Google Chrome, Adobe and Microsoft. First on the patch priority list this month are patches for macOS (CVE-2021-30657) and Google Chrome (CVE-2021-21220). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible...

Tripwire's April 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Google Chrome and Microsoft. First on the patch priority list this month are patches for insufficient input validation vulnerabilities in Google Chrome (Chromium). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as...

Tripwire's March 2021 Patch Priority Index (PPI) brings together important vulnerabilities from SaltStack, VWware, BIG-IP and Microsoft. First on the patch priority list this month are patches for vulnerabilities in Microsoft Exchange (CVE-2021-27065, CVE-2021-26855), SaltStack (CVE-2021-25282, CVE-2021-25281), BIG-IP (CVE-2021-22986) and VMware vCenter (CVE-2021-21972). Exploits for these...

Tripwire's February 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Apache, VMware and Microsoft. First on the patch priority list this month is a patch for Apache Tomcat. The Apache Tomcat "Ghostcat" vulnerability, identified as CVE-2020-1938, has been recently added to the Metasploit Exploit Framework. Next on the list are patches for ESXi and vCenter. These...

Security researchers at Google have claimed that a quarter of all zero- day software exploits could have been avoided if more effort had been made by vendors when creating patches for vulnerabilities in their software. In a blog post , Maddie Stone of Google's Project Zero team says that 25% of the zero-day exploits detected in 2020 are closely related to previously publicly disclosed...

Tripwire's January 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Dnsmasq and Oracle. First on the patch priority list this month are patches for Dnsmasq related to the seven so-called "DNSpooq" vulnerabilities. Dnsmasq is an open-source DNS forwarding application, and systems using this software should patch as soon as possible. Up next on the patch...

Tripwire 's December 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Pulse Secure, and Oracle. First on the patch priority list this month are two vulnerabilities that have recently been included within the Metasploit exploit framework. One is a vulnerability in Pulse Secure Desktop Client and the other is a vulnerability that impacts Oracle Solaris...

Over the last few years, the idea of patching systems to correct flaws has graduated from an annoying business disruption to a top priority. With all of the notorious vulnerabilities that can wreak total havoc, the time it takes to patch becomes a minor inconvenience when weighed against both the technical challenges and possible regulatory penalties of not patching. While patching is a critical...

Tripwire 's November 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Oracle. First on the patch priority list this month are three vulnerabilities in Oracle WebLogic Server that have recently been included within the Metasploit exploit framework. Supported versions of Oracle WebLogic Server that are affected include 10.3.6.0.0, 12.1.3.0.0, 12.2...

Tripwire 's October 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Apple, Adobe, and Oracle. First on the patch priority list this month is a very high priority vulnerability in Oracle WebLogic Server. The vulnerability is within the Console component of Oracle WebLogic Server, and it can be exploited without authentication and requires no user...

Tripwire 's September 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Apple, and various Linux distributions. Up first on the patch priority list this month is a very high priority vulnerability, which is called "Zerologon" and identified by CVE-2020-1472. It is an elevation of privilege vulnerability that exists due to a flaw in a cryptographic...

Tripwire 's August 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Apple. Up first on the patch priority list this month are patches for Microsoft and Apple for vulnerabilities that have been integrated into various exploits. Metasploit has recently added exploits for Microsoft .NET Framework, SharePoint Server, and Visual studio (CVE-2020-1147)...

Tripwire's July 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, F5 Networks, Cisco, and Oracle. Up first on the patch priority list this month are patches for F5 Networks and Cisco for vulnerabilities that have been integrated into various Exploits. Metasploit has recently added exploits for F5 Networks' BIG-IP (CVE-2020-5902) and Cisco AnyConnect Secure...

Tripwire's June 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, BIND and Oracle. Up first on the Patch Priority Index this month are patches for Microsoft, BIND and Oracle for vulnerabilities that have been integrated into various Exploits. Metasploit has recently added exploits for BIND (CVE-2020-8617), Oracle WebLogic Server (CVE-2020-2883) and Windows...

Tripwire's May 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, SaltStack, and VMware. Up first on the patch priority list this month are patches for VMware vCenter Server and SaltStack Salt. The Metasploit exploit framework has recently integrated exploits for VMware vCenter Server (CVE-2020-3952) and SaltStack Salt (CVE-2020-11652, CVE-2020-11651)...

Tripwire's April 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, and VMware. Up first on the patch priority list this month is a patch for VMware vCenter Server. This patch resolves an information disclosure vulnerability. This patch has highest priority as proof-of-concept code to exploit the vulnerability exists on the Web as well as in...

Tripwire's March 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. Up first on the patch priority list this month are patches for Microsoft Browsers and Scripting Engine. These patches resolve information disclosure, remote code execution, and memory corruption vulnerabilities. Next on the list are patches for Microsoft Word, which resolve 3 remote...

Tripwire's February 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. Up first on the patch priority list this month are patches for Microsoft Edge and Scripting Engine. These patches resolve information disclosure, elevation of privilege, and memory corruption vulnerabilities. Next on the list are patches for Adobe Flash player (APSB20-06), Adobe...

Tripwire's January 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, VMware and Linux. Exploit Alert: Metasploit Up first on the Patch Priority Index this month are vulnerabilities that have been recently added to Metasploit. Two vulnerabilities identified by CVE-2019-9213 and CVE-2018-5333 affect the Linux kernel. Also, exploits for CVE-2019-19781...