Patch Priority Index for August 2012

Bulletin CVE
MS12-060 CVE-2012-1856  
MS12-052 CVE-2012-1526, CVE-2012-2521, CVE-2012-2522  
MS12-054 CVE-2012-1850, CVE-2012-1851, CVE-2012-1852  
MS12-058 CVE-2012-1766, CVE-2012-1767, CVE-2012-1768  
MS12-053 CVE-2012-2526  
APSB12-18 CVE-2012-1535  
APSB12-17 CVE-2012-2043, CVE-2012-2044, CVE-2012-2045  
APSB12-16 CVE-2012-1525, CVE-2012-2049, CVE-2012-2050  
Oracle Security Alert CVE-2012-3132  
MS12-055 CVE-2012-2527  

Tripwire's August Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, and Oracle.

The top half of the list this month features the Critical vulnerabilities from Microsoft's August release. This includes drive-by download attacks, potentially wormable remote attacks, and a publicly disclosed vulnerability affecting Outlook Web Access. The ordering of the patches here is critical, as MS12-060 has been used in targeted attacks and MS12-052 patches Internet Explorer, which is always a popular target. Microsoft has releasedblog posts with further details on MS12-060 and MS12-054, while the security advisory for MS12-058 can be found here.

Next on the list we have the latest round of releases from Adobe, which includes patches for Adobe Acrobat and Reader, Flash, and Shockwave. Immediately following that we have a remote authenticated OracleDatabase attack that has been discussed publicly and rounding out the list we have MS12-055, a local elevation of privilege (EoP) from this month. While EoP vulnerabilities are not generally exciting on their own, they can be used in conjunction with other attacks to increase the level of access that can be achieved. For example exploiting a vulnerability from MS12-052 may give youaccess in the context of the user but pairing that vulnerability with the one patched by MS12-055 could give you full access to the system.