Patch Priority Index for August 2012
|MS12-052||CVE-2012-1526, CVE-2012-2521, CVE-2012-2522|
|MS12-054||CVE-2012-1850, CVE-2012-1851, CVE-2012-1852|
|MS12-058||CVE-2012-1766, CVE-2012-1767, CVE-2012-1768|
|APSB12-17||CVE-2012-2043, CVE-2012-2044, CVE-2012-2045|
|APSB12-16||CVE-2012-1525, CVE-2012-2049, CVE-2012-2050|
|Oracle Security Alert||CVE-2012-3132|
Tripwire's August Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, and Oracle.
The top half of the list this month features the Critical vulnerabilities from Microsoft's August release. This includes drive-by download attacks, potentially wormable remote attacks, and a publicly disclosed vulnerability affecting Outlook Web Access. The ordering of the patches here is critical, as MS12-060 has been used in targeted attacks and MS12-052 patches Internet Explorer, which is always a popular target. Microsoft has releasedblog posts with further details on MS12-060 and MS12-054, while the security advisory for MS12-058 can be found here.
Next on the list we have the latest round of releases from Adobe, which includes patches for Adobe Acrobat and Reader, Flash, and Shockwave. Immediately following that we have a remote authenticated OracleDatabase attack that has been discussed publicly and rounding out the list we have MS12-055, a local elevation of privilege (EoP) from this month. While EoP vulnerabilities are not generally exciting on their own, they can be used in conjunction with other attacks to increase the level of access that can be achieved. For example exploiting a vulnerability from MS12-052 may give youaccess in the context of the user but pairing that vulnerability with the one patched by MS12-055 could give you full access to the system.