Patch Priority Index for January 2015

Bulletin CVE

APSB15-01

CVE-2015-0301, CVE-2015-0301, CVE-2015-0303

MS15-002

CVE-2015-0014

MS15-001

CVE-2015-0002

MS15-003

CVE-2015-0004

MS15-004

CVE-2015-0016

MS15-008

CVE-2015-0011

MS15-007

CVE-2015-0015

MS14-080

CVE-2014-6327, CVE-2014-6328, CVE-2014-6329

MS14-084

CVE-2014-6363

APSB14-28

CVE-2014-9165, CVE-2014-8445, CVE-2014-9150

Tripwire’s January Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.

We start off the first PPI of the year with the first Adobe Flash update of the year, which resolves 9 vulnerabilities. Remember to make sure that you’re installing the right Flash for the correct Flash component, as browsers with bundled Flash require their own updates.

Up next, we have the only critical Microsoft bulletin of the month, MS15-002. If you’re still running Telnet... wait, why are you still running Telnet? Anyway, if you’re running a Telnet server on Windows and simply cannot disable it (which is VERT’s recommendation), you should apply this patch ASAP. A remote buffer overflow exists in the Telnet service and proof of concept code has been released.

The next two items in the list may look familiar; they are updates that fix a pair of privilege escalation issues that Google irresponsibly disclosed before the bulletins were published. While there are no reports of public exploitation, the proof-of-concepts are available; these should be updated quickly.

The final three bulletins included from this year include two lesser privilege escalation issues and a denial of service. These updates should be applied as part of your regular patch process.

Instead of including the remaining bulletins from this month, we wanted to remind people about a couple of important updates from December. This includes the Critical IE and VBScript vulnerabilities and the Adobe Reader issue. These updates have been around for over a month, please update if you haven’t already.

Happy Patching!