Patch Priority Index for October 2013

Bulletin CVE


CVE-2013-3893, CVE-2013-3897, CVE-2013-3872

Oracle October CPU

CVE-2013-5782, CVE-2013-5830, CVE-2013-5809


CVE-2013-3879, CVE-2013-3881, CVE-2013-3128






CVE-2013-2128, CVE-2013-3860, CVE-2013-3861


CVE-2013-3889, CVE-2013-3890


CVE-2013-3891, CVE-2013-3892


CVE-2013-3889, CVE-2013-3895

Cisco September Bundle

CVE-2013-5472, CVE-2013-5473, CVE-2013-5474

Tripwire’s October Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, Oracle, and Cisco.

 We start this month with Microsoft’s traditional Internet Explorer update. If you aren’t patching it ASAP these days, you may want to revisit your patch management process.

Following IE, we switch to the Oracle October Critical Patch Update (CPU). Oracle is now rolling Java and everything else in a single patch. So if you’re responsible for patching systems, you may have a busy month ahead of you. You’ll have to roll out updates for Oracle Database, Solaris, Java, WebLogic and more. The addition of Java makes things busy. This would make sense if Oracle was releasing monthly updates but given that they’re still quarterly, it definitely gives reason to worry.

Following Oracle, we have two more patches from Microsoft. MS13-081 introduces fixes for a number of Windows Kernel Mode Drivers and MS13-083 fixes a single vulnerability that could be exploited remotely via ASP.NET. These issues should both be remedied quickly.

Next on our list, we have an Adobe Reader update. This update is interesting because the latest version of Adobe Reader (11.0.04) is affected due to a regression that occurred during development.

Next on the list, we have the remainder of important Microsoft vulnerabilities for October affecting .NET, Excel, Word, and SharePoint. Patches for these environments should be mostly expected by this point and QA teams should already be prepared to test them before deployment.

We wrap up the month with the Cisco September Patch Bundle, which contains a number of fixes for Cisco IOS. The importance of Cisco routers to the network ensured that this patch bundle made the list this month.