Patch Priority Index for January 2013

Bulletin CVE
Rails Update CVE-2013-0155, CVE-2013-0156  
APSB13-01 CVE-2013-0630  
APSB13-02 CVE-2013-0623, CVE-2013-0624, CVE-2013-0626  
MS13-002 CVE-2013-0006, CVE-2013-0007  
MS13-001 CVE-2013-0011  
MS13-004 CVE-2013-0001, CVE-2013-0002, CVE-2013-0003  
MS13-005 CVE-2013-0008  
MS13-006 CVE-2013-0013  
MS13-007 CVE-2013-0005  
MS13-003 CVE-2013-0009, CVE-2013-0010  

Tripwire's January 2013 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, and the open source community.

Topping the inaugural 2013 PPI is the recent update for Rails. This issue can lead to code execution on hosted Rails applications and exploits are available for popular exploit frameworks.

We follow the Rails patch with two updates from Adobe, their first two patches of the year. The first update of the year addresses a single CVE affecting Flash Player, while the second advisory covers a large number of CVEs related to Adobe Reader and Adobe Acrobat.

Rounding out the group, we have the latest batch of Microsoft vulnerabilities. While some are localized to specific software packages, there are a couple, specifically MS13-002 and MS13-002 that should be applied as soon as possible. For more information regarding these bulletins, please see the January 9th VERT Alert.