Patch Priority Index for February 2014

Bulletin CVE

MS14-010

CVE-2014-0268, CVE-2014-0271, CVE-2014-0293

MS14-011

CVE-2014-0271
MS14-007 CVE-2014-0263
APSB14-04 CVE-2014-0497
APSB14-06 CVE-2014-0500, CVE-2014-0501
MS14-009 CVE-2014-0253, CVE-2014-0257, CVE-2014-0295
MS14-005 CVE-2014-0266
MS14-006 CVE-2014-0254
Oracle Java Update CVE-2014-0410, CVE-2014-0415, CVE-2013-5907
Oracle CPU CVE-2013-5764, CVE-2013-5853, CVE-2013-5858

Tripwire’s February Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, and Oracle.

We start this month with the latest IE Patch and a non-IE patch that only applies to IE 9 users. This is also a good time to recommend that everyone upgrade to Internet Explorer 11 if you can and, if you can’t, you should install Microsoft EMET on your systems, even if you do have IE 11, you should still use EMET.

Following IE, we have another patch protecting against drive-by attack vectors. MS14-007 resolves an issue with Direct2D that can be exploited via the browser.

After the drive-by MS patches, it’s time to take a look at the Adobe patches this month. Released earlier than expected, we have the Adobe Flash update (APSB14-04) and released alongside the Microsoft patches was a Shockwave update (APSB14-06). Keep in mind that if you have IE 11, there’s a separate Flash update that you need to install.

Following that we have three additional Microsoft patches, one for .NET which includes a couple of fixes, one for an MS XML information disclosure, and one that fixes a denial of service in IPv6. There was a final MS Patch released that is not represented in this list, MS14-008, which fixes a vulnerability in Forefront Protection for Exchange. It was excluded due to commentary from Microsoft that they felt that exploitation was unlikely.

We then wrap up the list with a couple of left over patches from last month to serve as a reminder. They are both from Oracle and include the Java Update and the generic CPU, which includes updates for Oracle DB, Solaris, and a number of other products.

Happy Patching!