Patch Priority Index for May 2012
|MS12-034||CVE-2011-3402, CVE-2012-0162, CVE-2012-0165||9.3|
|OS X Security Update 2012-002||CVE-2012-0659, CVE-2012-0658||6.8|
|Oracle February CPU for Java||CVE-2012-0507, CVE-2012-0508||10.0|
|Java for OS X 2012-003||CVE-2012-0507||7.5|
Tripwire's May Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, Apple, and Oracle.
This month sees the Java patches, and two Microsoft bulletins identified in the April PPI migrating to the bottom of the list, while newcomers take the top spots.
Included this month are three critical bulletins from Microsoft including vulnerabilities from the complicated MS12-034 bulletin which included patches for 10 vulnerabilities across Office, Windows, .NET Framework and Silverlight. CVE-2011-3402 shows up again with additional patches for the vulnerability exploited by the Duku worm. Word and .NET Framework get a double dose of critical patches with MS12-029 (Word) and MS12-035 (.NET).
Adobe patches feature twice on our list, with CVE-2012-0779 patching an object confusion vulnerability in Adobe Flash Player that is being exploited in the wild and APSB12-13 patching several Adobe Shockwave Player memory corruption vulnerabilities.
The final newcomer to the list, OS X Security Update 2012-002 bundles numerous fixes spanning a variety of software, core OS components and open source packages including Quicktime, Time Machine, Samba, Ruby, and PHP.