Patch Priority Index for June 2014

Bulletin CVE

MS14-035

CVE-2014-1771, CVE-2014-1770, CVE-2014-1777

APSB14-16

CVE-2014-0531, CVE-2014-0532, CVE-2014-0544

MS14-036

CVE-2014-1817, CVE-2014-1818

MS14-034

CVE-2014-2778

OS X Mavericks 9.3

CVE-2014-1296, CVE-2014-1315, CVE-2014-5170

MS14-032

CVE-2014-1823

MS14-031

CVE-2014-1811

MS14-030

CVE-2014-0296

MS14-033

CVE-2014-1816

APSB14-15

CVE-2014-0511, CVE-2014-0513, CVE-2014-0522

Tripwire’s June Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Apple, and Adobe.

This month, we return to the cumulative Internet Explorer update and it finds itself on the top of the June PPI. A total of 59 vulnerabilities are patched with the June IE update including a few that were publicly disclosed (CVE-2014-1771 and CVE-2014-1770).

Following this month’s IE update, we shift gears to Adobe for our second recommended patch. The last Flash update resolves six issues. We’ve found that some people are confused by the update flow for Flash updates. Keep in mind that Chrome and IE ship with their own versions of Flash that must be updated independent of the Adobe provided Flash update. 

The next two items are from the Microsoft June Security Bulletins, code execution issues with GDI+ and Microsoft Word. As usual, the GDI+ issue affects a number of platforms, which means multiple updates to install. The Word update, on the other hand, reminds us that newer is generally better with software. Only Word 2007 is affected, so install the patch or update to a newer version of Office.

Apple has released a new version of OS X Mavericks (9.3), which contains all the fixes that were included in April’s Security Update 2014-002. Users should update to 9.3 or deploy the security updated based on the needs of their environment.

The final 5 slots this month go to the remaining 4 June Microsoft bulletins and a repeat from last month from Adobe. The bulletins address a cross-site scripting issue in Lync, a denial of service in the Windows TCP/IP stack, a Tripwire discovered Remote Desktop issue, and an information disclosure in MSXML. From Adobe, we include last month’s Adobe Reader/Acrobat update. Given the popularity of this software, it’s always a recommended update if you haven’t applied the patch yet.

Happy Patching!