Patch Priority Index for December 2012

Bulletin CVE
APSB12-27 CVE-2012-5676, CVE-2012-5677, CVE-2012-5678  
MS12-077 CVE-2012-4781, CVE-2012-4782, CVE-2012-4787  
MS12-078 CVE-2012-2556, CVE-2012-4786  
MS12-081 CVE-2012-4774  
MS12-082 CVE-2012-1537  
Google Chrome 23.0.1271.97 CVE-2012-5139, CVE-2012-5140, CVE-2012-5141  
MS12-080 CVE-2012-4791  
MS12-083 CVE-2012-2549  
Oracle October 2012 CPU CVE-2012-3137, CVE-2012-1751, CVE-2012-3132  

Tripwire's December Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, Google, and Oracle.

We start our last PPI of the year with an update from Adobe for Flash Player. Keep in mind that installing the Adobe patch my not be enough to secure your system as both Chrome and IE10 ship with Flash bundled, so you'll need to get updates from the proper vendor.

Following the Adobe update, we cover the slew of Microsoft updates released this month. The first three patches, resolving vulnerabilities in Internet Explorer, Word, and Windows Font handling, should be installed as soon as possible. After that we have additional fixes for browsing file shares and DirectPlay embedded files.

We interrupt the Microsoft coverage at this point to include the latest update to Google Chrome. In addition to the latest Flash updates mentioned above, this update also includes a number of high severity vulnerabilities affecting Google Chrome.

Returning to the Microsoft updates, we have the final two affecting server software. An update to Microsoft Exchange for a DoS when viewing RSS feeds as well as a couple of CVEs affecting Oracle Outside In technology and an update to IP-HTTPS tunneling in the latest Windows Server operating systems.

Finally, we close this month with a reoccurring theme, the Oracle October Critical Patch Update. Oracle software is a critical component on many networks, so it's important to reiterate the criticality of this update. By this point, if you have Oracle on your network, you should have ensured that your Oracle installation is updated and running the latest versions of the software.