Patch Priority Index for May 2013

Bulletin CVE  
MS13-038 CVE-2013-1347  
MS13-037 CVE-2013-0811, CVE-2013-1306, CVE-2013-1307  
MS13-039 CVE-2013-1305  
APSB13-14 CVE-2013-2728, CVE-2013-3324, CVE-2013-3325  
APSB13-15 CVE-2013-2549, CVE-2013-2550, CVE-2013-2718  
MS13-042 CVE-2013-1316, CVE-2013-1317, CVE-2013-1318  
MS Security Advisory 2846338 CVE-2013-1346  
Oracle Java April CPU CVE-2013-2383, CVE-2013-2384, CVE-2013-1569  
MS13-046 CVE-2013-1332, CVE-2013-1333, CVE-2013-1334  
MS13-044 CVE-2013-1301  

Tripwire’s May Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe and Oracle.

The last few months have seen non-Microsoft updates at the top of the list but this month's IE patch (with it's public vulnerability), Silverlight, and USB hardware (due to the ability to affect locked machines) top the list this month. Further down the list we see the new Visio Viewer and SharePoint patches, along with last months VML update. For details on these bulletins, please see Tripwire's Monthly VERT Alert

In between the Microsoft patches we have the Oracle Java update for the latest public Java vulnerability and the latest updates from Adobe. APSB13-09 is the latest Flash patch, which means Internet Explorer 10 users should apply the available Microsoft update as well. APSB13-07 is the latest update to Adobe Reader and Acrobat.

The final patch this month is another carry over from last month, giving us a third Adobe patch. If you didn't apply APSB13-06, Adobe's latest update for Shockwave, last month, make sure you apply it this month.