Patch Priority Index for October 2013

Bulletin CVE

MS13-080

CVE-2013-3893, CVE-2013-3897, CVE-2013-3872

Oracle October CPU

CVE-2013-5782, CVE-2013-5830, CVE-2013-5809

MS13-081

CVE-2013-3879, CVE-2013-3881, CVE-2013-3128

MS13-083

CVE-2013-3195

APSB13-25

CVE-2013-5324

MS13-082

CVE-2013-2128, CVE-2013-3860, CVE-2013-3861

MS13-085

CVE-2013-3889, CVE-2013-3890

MS13-086

CVE-2013-3891, CVE-2013-3892

MS13-084

CVE-2013-3889, CVE-2013-3895

Cisco September Bundle

CVE-2013-5472, CVE-2013-5473, CVE-2013-5474

Tripwire’s October Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, Oracle, and Cisco.

 We start this month with Microsoft’s traditional Internet Explorer update. If you aren’t patching it ASAP these days, you may want to revisit your patch management process.

Following IE, we switch to the Oracle October Critical Patch Update (CPU). Oracle is now rolling Java and everything else in a single patch. So if you’re responsible for patching systems, you may have a busy month ahead of you. You’ll have to roll out updates for Oracle Database, Solaris, Java, WebLogic and more. The addition of Java makes things busy. This would make sense if Oracle was releasing monthly updates but given that they’re still quarterly, it definitely gives reason to worry.

Following Oracle, we have two more patches from Microsoft. MS13-081 introduces fixes for a number of Windows Kernel Mode Drivers and MS13-083 fixes a single vulnerability that could be exploited remotely via ASP.NET. These issues should both be remedied quickly.

Next on our list, we have an Adobe Reader update. This update is interesting because the latest version of Adobe Reader (11.0.04) is affected due to a regression that occurred during development.

Next on the list, we have the remainder of important Microsoft vulnerabilities for October affecting .NET, Excel, Word, and SharePoint. Patches for these environments should be mostly expected by this point and QA teams should already be prepared to test them before deployment.

We wrap up the month with the Cisco September Patch Bundle, which contains a number of fixes for Cisco IOS. The importance of Cisco routers to the network ensured that this patch bundle made the list this month.