Patch Priority Index for April 2014

Bulletin CVE

Heartbleed

CVE-2014-0160

MS14-018

CVE-2014-0235, CVE-2014-1751, CVE-2014-1752

APSB14-09

CVE-2014-0506, CVE-2014-0507, CVE-2014-0508

MS14-017

CVE-2014-1757, CVE-2014-1758, CVE-2014-1761

MS14-020

CVE-2014-1759

MS14-019

CVE-2014-0315

MS14-013

CVE-2014-0301

APSB14-10

CVE-2014-0505

Oracle Java Update

CVE-2014-0410, CVE-2014-0415, CVE-2013-5907

Oracle CPU

CVE-2013-5764, CVE-2013-5853, CVE-2013-5858

Tripwire’s April Patch Priority Index (PPI) brings together the top vulnerabilities from OpenSSL, Microsoft, Adobe, and Oracle.

This month’s PPI starts off with a bang, the Heartbleed vulnerability is currently at the top of everyone’s MUST patch list and with good reason, it is a widespread critical vulnerability. If you haven’t heard of Heartbleed, you’re most likely living in a swamp in Dagobah and training Jedi. This vulnerability is an information leak involving the heartbeat message. It is recommended you review the link above to determine if your systems are vulnerable.

Following Heartbleed, we get into our first Microsoft patch, an update to Internet Explorer. This goes nicely with the third update this month, which applies to Flash (remember that IE 11 ships with Flash and requires it’s own update). Both of these could lead to drive-by attacks and should be considered critical for all end user systems.

The next three bulletins resolve the remaining Microsoft issues addressed in April. These include a Word update (including SharePoint Word Services), Publisher, and a Windows File Handling issue. While these are important to patch, they don’t exist on the same level as the first three issues this month.

Rounding out the month are four “reminder” patches from previous months. This includes a Microsoft drive-by attack, an Adobe shockwave update, and the Oracle Updates for both Java and Everything (aka Oracle CPU). If you haven’t patched your Oracle products yet, this is the last time the Patch Priority Index will remind you, these patches should still be considered a priority.

One final reminder that support is officially over for Windows XP and Office 2003. If you’re still using either of these products, you should upgrade as soon as possible.

Happy Patching!