Patch Priority Index for November 2012
|APSB12-24||CVE-2012-5274, CVE-2012-5275, CVE-2012-5276|
|MS12-071||CVE-2012-1538, CVE-2012-1539, CVE-2012-4775|
|MS12-074||CVE-2012-1895, CVE-2012-1896, CVE-2012-2519|
|MS12-075||CVE-2012-2530, CVE-2012-2553, CVE-2012-2897|
|MS12-076||CVE-2012-1885, CVE-2012-1886, CVE-2012-1887|
|Chrome 23||CVE-2012-5127, CVE-2012-5116, CVE-2012-5121|
|Oracle October 2012 CPU||CVE-2012-3137, CVE-2012-1751, CVE-2012-3132|
|Java SE October 2012 Update||CVE-2012-5083, CVE-2012-1531, CVE-2012-5086|
|OS X Core OS Update||CVE-2012-0643, CVE-2012-3718, CVE-2012-3719|
Tripwire's November Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, Google, and Oracle.
This month brings us from browsers and browser plugins to FTP servers and Microsoft Excel. Leading off the list this month we have the latest Flash update from Adobe. It's important to keep in mind that Flash is bundled by both Chrome and Internet Explorer 10; so installing the update issued by Adobe may not be enough to resolve this issue.
Following that, we have the bulk of Microsoft's November updates, including all of the bulletins rated Critical and Important. This includes updates to Internet Explorer 9, Microsoft Office Excel, Win32K.sys and a few others. As always, running Windows update (or enable automatic updates) is a good idea.
Next we have the latest version of Chrome, resolving a number of issues that were sold to Google's bounty program and the final Microsoft bulletin, the lowest rated bulletin we've seen in a while, which resolves a pair of IIS issues.
Finishing off the November list we have carry over from last month as a reminder to apply those patches. We've got a pair of updates from Oracle, their quarterly CPU update, as well as the latest Java update. If you're affected by either of these, patch as soon as possible.