Patch Priority Index for July 2013
|MS13-052||CVE-2013-3129, CVE-2013-3131, CVE-2013-3132|
|MS13-053||CVE-2013-1300, CVE-2013-1340, CVE-2013-1345|
|APSB13-17||CVE-2013-3344, CVE-2013-3345, CVE-2013-3347|
|Oracle Java June CPU||CVE-2013-2470, CVE-2013-2471, CVE-2013-2472|
Tripwire’s July Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe and Oracle.
As with the last couple of months, we once again begin and end with Microsoft vulnerabilities, while Adobe and Oracle pay us a visit in between. Again, we start with Internet Explorer. While this should be a given at this point, it never hurts to reiterate… Always patch IE. Following IE, we have something interesting this month that we don’t normally see. There are three patches that fix the vulnerability CVE-2013-3129. They are MS13-052, MS13-053, and MS13-054.
Following that we have the new Flash update from Adobe (remember that you may need the IE10 update if you’re also running IE10) and then we have the new Oracle Java patches for June. This month Adobe has released a Shockwave patch as well that should be concerned.
Next up we have last month’s Oracle Java CPU. This is an important update, so we’ve included it for a second time as a reminder to install the patch.
Finally, we have the last new Microsoft patch rounding out our top 10. This patch is fairly minor compared to the rest but it is a new Microsoft patch, so it should be concerned. This patch affects Windows Defender and requires that the user have access to the local system root, so it’s unlikely to see this weaponized but it is fairly easy to exploit. Patch it, but consider it low on your list compared to the rest of these items.