Patch Priority Index for November 2012

Bulletin CVE
APSB12-24 CVE-2012-5274, CVE-2012-5275, CVE-2012-5276  
MS12-071 CVE-2012-1538, CVE-2012-1539, CVE-2012-4775  
MS12-072 CVE-2012-1527, CVE-2012-1528  
MS12-074 CVE-2012-1895, CVE-2012-1896, CVE-2012-2519  
MS12-075 CVE-2012-2530, CVE-2012-2553, CVE-2012-2897  
MS12-076 CVE-2012-1885, CVE-2012-1886, CVE-2012-1887  
Chrome 23 CVE-2012-5127, CVE-2012-5116, CVE-2012-5121  
MS12-073 CVE-2012-2531, CVE-2012-2532  
Oracle October 2012 CPU CVE-2012-3137, CVE-2012-1751, CVE-2012-3132  
Java SE October 2012 Update CVE-2012-5083, CVE-2012-1531, CVE-2012-5086  
OS X Core OS Update CVE-2012-0643, CVE-2012-3718, CVE-2012-3719  

Tripwire's November Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, Google, and Oracle.

This month brings us from browsers and browser plugins to FTP servers and Microsoft Excel. Leading off the list this month we have the latest Flash update from Adobe. It's important to keep in mind that Flash is bundled by both Chrome and Internet Explorer 10; so installing the update issued by Adobe may not be enough to resolve this issue.

Following that, we have the bulk of Microsoft's November updates, including all of the bulletins rated Critical and Important. This includes updates to Internet Explorer 9, Microsoft Office Excel, Win32K.sys and a few others. As always, running Windows update (or enable automatic updates) is a good idea.

Next we have the latest version of Chrome, resolving a number of issues that were sold to Google's bounty program and the final Microsoft bulletin, the lowest rated bulletin we've seen in a while, which resolves a pair of IIS issues.

Finishing off the November list we have carry over from last month as a reminder to apply those patches. We've got a pair of updates from Oracle, their quarterly CPU update, as well as the latest Java update. If you're affected by either of these, patch as soon as possible.