Patch Priority Index for September 2013

Bulletin CVE

MS13-069

CVE-2013-3201, CVE-2013-3202, CVE-2013-3203

MS13-068

CVE-2013-3870

MS13-067

CVE-2013-0081, CVE-2013-1315, CVE_2013-1330

APSB13-21

CVE-2013-3361, CVE-2013-3362, CVE-2013-3363

APSB13-22

CVE-2013-3351, CVE-2013-3352, CVE-2013-3353

OS X Mountain Lion 10.8.5

CVE-2013-1025, CVE-2013-1026, CVE-2013-1027

MS13-070

CVE-2013-3863

MS13-072

CVE-2013-3160, CVE-2013-3847, CVE-2013-3848

MS13-073

CVE-2013-1315, CVE-2013-3158, CVE-2013-3159

MS13-074

CVE-2013-3155, CVE-2013-3156, CVE-2013-3157

Tripwire’s September Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Apple and Adobe.

This month starts of like most months, with Internet Explorer at the top of the list and we follow-up with up with two more from Microsoft. The first is an issue in Outlook (which Microsoft SR&D has blogged about) and the second affects SharePoint. One of the interesting things here is the sheer list of products affected by the SharePoint bulletin; 10 years of products are affected from SharePoint 2003 to SharePoint 2013.

We follow-up our big three with a couple of patches from Adobe; they released three patches this month and two of them make are list. The first is the patch for Flash Player and the second is Adobe Reader & Acrobat. Adobe Shockwave didn’t make the list this month because of the other bulletins that we had to include.

Up next is the latest OS X Patch, which includes both Mountain Lion 10.8.5 and Security Update 2013-004 for 10.7 and 10.6. This bulletin contains 33 unique CVEs affecting many components of the operating system. The patches fix everything from CoreGraphics, ImageIO, and Installer to open source addons like Apache and Bind.

We wrap up this month with four more patches from Microsoft. MS13-070 is a vulnerability in OLE32 but according to Microsoft the most likely attack vector is via Visio. The other three are pure office patches, affecting Microsoft Word, Excel, and Access. It’s important to keep in mind that for the Microsoft Word and Excel patches (MS13-072 and MS13-073), that the Office Compatibility Pack and the Viewers are also affected.