Patch Priority Index for January 2013
|Rails Update||CVE-2013-0155, CVE-2013-0156|
|APSB13-02||CVE-2013-0623, CVE-2013-0624, CVE-2013-0626|
|MS13-004||CVE-2013-0001, CVE-2013-0002, CVE-2013-0003|
Tripwire's January 2013 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, and the open source community.
Topping the inaugural 2013 PPI is the recent update for Rails. This issue can lead to code execution on hosted Rails applications and exploits are available for popular exploit frameworks.
We follow the Rails patch with two updates from Adobe, their first two patches of the year. The first update of the year addresses a single CVE affecting Flash Player, while the second advisory covers a large number of CVEs related to Adobe Reader and Adobe Acrobat.
Rounding out the group, we have the latest batch of Microsoft vulnerabilities. While some are localized to specific software packages, there are a couple, specifically MS13-002 and MS13-002 that should be applied as soon as possible. For more information regarding these bulletins, please see the January 9th VERT Alert.