Patch Priority Index for August 2013
|MS13-059||CVE-2013-3184, CVE-2013-3187, CVE-2013-3188|
|MS13-061||CVE-2013-2393, CVE-2013-3776, CVE-2013-3781|
|MS13-063||CVE-2013-2556, CVE-2013-3196, CVE-2013-3197|
|APSB13-17||CVE-2013-3344, CVE-2013-3345, CVE-2013-3347|
|Oracle Java June CPU||CVE-2013-2470, CVE-2013-2471, CVE-2013-2472<|
Tripwire’s August Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe and Oracle.
The only new vulnerabilities to make this list this month are from Microsoft. Adobe and Oracle get honourable mentions at the end of the list as a reminder of the most recent Flash and Java patches. If you still haven’t installed those, they should be considered a top priority.
This month was slow from a patch standpoint as we didn’t even see the usual Adobe patches, but Microsoft decided to keep everyone on their toes. In addition to the usual IE and Kernel memory corruption vulnerabilities, we saw fixes for a couple of ASLR bypasses that were first published at CanSecWest and Pwn2Own.
Perhaps the most interesting news of the month is the post patch news that people may have missed. Microsoft pulled the patches from two advisories after their release. They removed downloads for patches for MS13-061 and MS13-066 to “address issues with the updates”. They then restored the download for some of the MS13-066 patches and later released updates for the other MS13-066 patches. Note that they also merged patches, eliminating unnecessary downloads. This is important for anyone who may have to reinstall the patch. At this time, downloads for Exchange Server 2013 for MS13-061 still haven’t been restored.