Patch Priority Index for July 2013

Bulletin CVE
MS13-055 CVE-2013-3166  
MS13-052 CVE-2013-3129, CVE-2013-3131, CVE-2013-3132  
MS13-053 CVE-2013-1300, CVE-2013-1340, CVE-2013-1345  
MS13-054 CVE-2013-3129  
MS13-057 CVE-2013-3127  
MS13-056 CVE-2013-3174  
APSB13-17 CVE-2013-3344, CVE-2013-3345, CVE-2013-3347  
APSB13-18 CVE-2013-3348  
Oracle Java June CPU CVE-2013-2470, CVE-2013-2471, CVE-2013-2472  
MS13-058 CVE-2013-3154  

Tripwire’s July Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe and Oracle.

As with the last couple of months, we once again begin and end with Microsoft vulnerabilities, while Adobe and Oracle pay us a visit in between. Again, we start with Internet Explorer. While this should be a given at this point, it never hurts to reiterate… Always patch IE. Following IE, we have something interesting this month that we don’t normally see. There are three patches that fix the vulnerability CVE-2013-3129. They are MS13-052, MS13-053, and MS13-054.

Following that we have the new Flash update from Adobe (remember that you may need the IE10 update if you’re also running IE10) and then we have the new Oracle Java patches for June. This month Adobe has released a Shockwave patch as well that should be concerned.

Next up we have last month’s Oracle Java CPU. This is an important update, so we’ve included it for a second time as a reminder to install the patch.

Finally, we have the last new Microsoft patch rounding out our top 10. This patch is fairly minor compared to the rest but it is a new Microsoft patch, so it should be concerned.  This patch affects Windows Defender and requires that the user have access to the local system root, so it’s unlikely to see this weaponized but it is fairly easy to exploit. Patch it, but consider it low on your list compared to the rest of these items.