Patch Priority Index for August 2014

Bulletin CVE

MS14-051

CVE-2014-2774, CVE-2014-2784, CVE-2014-2796

APSB14-19

CVE-2014-0546

APSB14-18

CVE-2014-0540, CVE-2014-0541, CVE-2014-0542

MS14-045

CVE-2014-0318, CVE-2014-1819, CVE-2014-4064

MS14-048

CVE-2014-2815

MS14-044

CVE-2014-1820, CVE-2014-4061

Safari 7.0.6

CVE-2014-1384, CVE-2014-1385, CVE-2014-1386

OS X Mavericks 10.9.4

CVE-2014-1370, CVE-2014-0015, CVE-2014-1371

Java 8u11, 7u65 Update

CVE-2014-4227, CVE-2014-4219, CVE-2014-4216

Oracle July 2014 CPU

CVE-2013-3751, CVE-2013-3774, CVE-2014-4245

 

Tripwire’s August Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Apple, Oracle, and Adobe.

As usual, Internet Explorer tops our list this month. This month’s fix resolves 26 security issues, including vulnerabilities that have been publicly disclosed and/or exploited. The availability of an exploit is also why the Adobe Reader/Acrobat update is second on our list this month. According to Adobe, they are aware of limited attacks, so make sure you apply this patch. Rounding out the top three is this month’s Flash update, resolving a number of security issues. This is the latest Flash update and since Adobe has updated Flash, Microsoft has released an update to KB 2755801.

Up next, we have three of this month’s Patch Tuesday bulletins. This includes patches for Windows Kernel Mode Drivers, a typical privilege escalation path, Microsoft OneNote, which contains a rather trivial exploit, and an update to Microsoft SQL Server, included because it is the first patch for SQL Server 2014. Missing from this list is the other critical bulletin, affecting Windows Media Center. Given it’s limited install base, it has not made this list but if you are running it, it will likely rank much higher for you.

The final new update this month is Apple’s Safari update. While both Safari and iTunes updates were released, Safari represents the most risk and should be considered in any patch prioritization list.

We also have a few returning faces this month, starting with another update from Apple, for Mavericks 10.9.4. OS Updates are always important, so this should not be avoided. We also have the last Java update and Oracle CPU rounding out our list. These are both critical updates and if they were missed last month, they definitely need to be applied this month.