Patch Priority Index for December 2012
|APSB12-27||CVE-2012-5676, CVE-2012-5677, CVE-2012-5678|
|MS12-077||CVE-2012-4781, CVE-2012-4782, CVE-2012-4787|
|Google Chrome 23.0.1271.97||CVE-2012-5139, CVE-2012-5140, CVE-2012-5141|
|Oracle October 2012 CPU||CVE-2012-3137, CVE-2012-1751, CVE-2012-3132|
Tripwire's December Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, Google, and Oracle.
We start our last PPI of the year with an update from Adobe for Flash Player. Keep in mind that installing the Adobe patch my not be enough to secure your system as both Chrome and IE10 ship with Flash bundled, so you'll need to get updates from the proper vendor.
Following the Adobe update, we cover the slew of Microsoft updates released this month. The first three patches, resolving vulnerabilities in Internet Explorer, Word, and Windows Font handling, should be installed as soon as possible. After that we have additional fixes for browsing file shares and DirectPlay embedded files.
We interrupt the Microsoft coverage at this point to include the latest update to Google Chrome. In addition to the latest Flash updates mentioned above, this update also includes a number of high severity vulnerabilities affecting Google Chrome.
Returning to the Microsoft updates, we have the final two affecting server software. An update to Microsoft Exchange for a DoS when viewing RSS feeds as well as a couple of CVEs affecting Oracle Outside In technology and an update to IP-HTTPS tunneling in the latest Windows Server operating systems.
Finally, we close this month with a reoccurring theme, the Oracle October Critical Patch Update. Oracle software is a critical component on many networks, so it's important to reiterate the criticality of this update. By this point, if you have Oracle on your network, you should have ensured that your Oracle installation is updated and running the latest versions of the software.