Patch Priority Index for May 2012

Bulletin CVE CVSS
MS12-034 CVE-2011-3402, CVE-2012-0162, CVE-2012-0165 9.3
MS12-029 CVE-2012-0183 9.3
MS12-035 CVE-2012-0160, CVE-2012-0161 9.3
APSB12-09 CVE-2012-0779 9.3
OS X Security Update 2012-002 CVE-2012-0659, CVE-2012-0658 6.8
APSB12-13 CVE-2012-2033, CVE-2012-2029 10.0
Oracle February CPU for Java CVE-2012-0507, CVE-2012-0508 10.0
Java for OS X 2012-003 CVE-2012-0507 7.5
MS12-020 CVE-2012-0002, CVE-2012-0152 9.3
MS12-027 CVE-2012-0158 9.3

Tripwire's May Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, Apple, and Oracle.

This month sees the Java patches, and two Microsoft bulletins identified in the April PPI migrating to the bottom of the list, while newcomers take the top spots.

Included this month are three critical bulletins from Microsoft including vulnerabilities from the complicated MS12-034 bulletin which included patches for 10 vulnerabilities across Office, Windows, .NET Framework and Silverlight. CVE-2011-3402 shows up again with additional patches for the vulnerability exploited by the Duku worm. Word and .NET Framework get a double dose of critical patches with MS12-029 (Word) and MS12-035 (.NET).

Adobe patches feature twice on our list, with CVE-2012-0779 patching an object confusion vulnerability in Adobe Flash Player that is being exploited in the wild and APSB12-13 patching several Adobe Shockwave Player memory corruption vulnerabilities.

The final newcomer to the list, OS X Security Update 2012-002 bundles numerous fixes spanning a variety of software, core OS components and open source packages including Quicktime, Time Machine, Samba, Ruby, and PHP.