Skip to content ↓ | Skip to navigation ↓

Tripwire’s July 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, F5 Networks, Cisco, and Oracle.

Up first on the patch priority list this month are patches for F5 Networks and Cisco for vulnerabilities that have been integrated into various Exploits. Metasploit has recently added exploits for F5 Networks’ BIG-IP (CVE-2020-5902) and Cisco AnyConnect Secure Mobility Client for Windows (CVE-2020-3153). Patches should be applied to these systems as soon as possible.

Up next on the priority list this month is a patch for Microsoft DNS server (CVE-2020-1350). Microsoft DNS servers are prone to a remote code execution vulnerability that is, in theory, wormable. System administrators should apply the patch for vulnerability as soon as possible. Note that Microsoft provides a workaround that involves a registry setting (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350).

Up next on the patch priority list this month are patches for Microsoft Scripting Engine, Internet Explorer, and Microsoft Edge. These patches resolve 4 vulnerabilities, including remote code execution and information disclosure vulnerabilities.

Next on the list are patches for Microsoft Office, Word, Outlook, and Project, which resolve 6 vulnerabilities including information disclosure and remote code execution vulnerabilities.

Up next are patches for Oracle Java. These patches resolve 11 vulnerabilities related to Java 2D, Libraries, JAXP, ImageIO, JavaFX, Hotspot, and JSSE.

Next this month are patches that affect components of the Windows operating systems. These patches resolve more than 80 vulnerabilities, including denial of service, elevation of privilege, information disclosure, remote code execution, and memory corruption vulnerabilities. These vulnerabilities affect Connected User Experiences and Telemetry Service, core Windows, Jet Database Engine, LNK, Sync Host Service, Storage Services, SharedStream Library, Runtime, iSCSI Target Service, Subsystem for Linus, WalletService, DirectWrite, Graphics, Imaging, ALPC, and Resource Policy.

Up next is a patch for .NET Framework that resolves a remove code execution vulnerability.

Finally, administrators should focus on server-side patches available for Microsoft SharePoint and Oracle Database. These resolve remote code execution, cross-site scripting, information disclosure, and spoofing vulnerabilities.

 

BULLETIN CVE
Metasploit – BIG-IP CVE-2020-5902
Metasploit – Cisco AnyConnect CVE-2020-3153
Microsoft DNS Server CVE-2020-1350
Internet Explorer CVE-2020-1432
Microsoft Scripting Engine CVE-2020-1403
Microsoft Edge CVE-2020-1433, CVE-2020-1462
Microsoft Office CVE-2020-1445, CVE-2020-1349, CVE-2020-1449, CVE-2020-1448, CVE-2020-1446, CVE-2020-1447
Oracle Java CVE-2020-14581, CVE-2020-14583, CVE-2020-14621, CVE-2020-14556, CVE-2020-14562, CVE-2020-14664, CVE-2020-14573, CVE-2020-14577, CVE-2020-14579, CVE-2020-14578, CVE-2020-14593
Microsoft Windows I CVE-2020-1386, CVE-2020-1333, CVE-2020-1421, CVE-2020-1267, CVE-2020-1374, CVE-2020-1402, CVE-2020-1410, CVE-2020-1391, CVE-2020-1431, CVE-2020-1359, CVE-2020-1384, CVE-2020-1375, CVE-2020-1385, CVE-2020-1418, CVE-2020-1393, CVE-2020-1394, CVE-2020-1395, CVE-2020-1420, CVE-2020-1429, CVE-2020-1365, CVE-2020-1371, CVE-2020-1085, CVE-2020-1398, CVE-2020-1405, CVE-2020-1372, CVE-2020-1330, CVE-2020-1390, CVE-2020-1438, CVE-2020-1373, CVE-2020-1428, CVE-2020-1427, CVE-2020-1406, CVE-2020-1437, CVE-2020-1363, CVE-2020-1366, CVE-2020-1387, CVE-2020-1413, CVE-2020-1353, CVE-2020-1422, CVE-2020-1404, CVE-2020-1399, CVE-2020-1370, CVE-2020-1249, CVE-2020-1463, CVE-2020-1347, CVE-2020-1434, CVE-2020-1354, CVE-2020-1430
Microsoft Windows II CVE-2020-1352, CVE-2020-1356, CVE-2020-1392, CVE-2020-1346, CVE-2020-1424, CVE-2020-1025, CVE-2020-1423, CVE-2020-1407, CVE-2020-1400, CVE-2020-1401, CVE-2020-1364, CVE-2020-1344, CVE-2020-1362, CVE-2020-1369, CVE-2020-1361, CVE-2020-1409, CVE-2020-1435, CVE-2020-1351, CVE-2020-1412, CVE-2020-1408, CVE-2020-1355, CVE-2020-1436, CVE-2020-1468, CVE-2020-1382, CVE-2020-1381, CVE-2020-1397, CVE-2020-1396, CVE-2020-1388, CVE-2020-1411, CVE-2020-1336, CVE-2020-1419, CVE-2020-1389, CVE-2020-1367, CVE-2020-1426, CVE-2020-1358, CVE-2020-1357, CVE-2020-1368, CVE-2020-1360, CVE-2020-1415, CVE-2020-1414
.NET Framework CVE-2020-1147
Microsoft Office SharePoint CVE-2020-1342, CVE-2020-1456, CVE-2020-1451, CVE-2020-1450, CVE-2020-1454, CVE-2020-1444, CVE-2020-1443, CVE-2020-1442, CVE-2020-1439
Oracle Database CVE-2020-2978,CVE-2019-13990,CVE-2020-8112,CVE-2016-9843, CVE-2019-17569,CVE-2020-2968,CVE-2020-2969, CVE-2020-1935, CVE-2020-1938, CVE-20169840, CVE-2016-9841, CVE-2016-9842, CVE-2016-1923, CVE-2016-1924, CVE-2016-3183, CVE-2016-4796, CVE-2016-4797, CVE-2016-8332, CVE-2016-9112,CVE-2020-6851, CVE-2018-10237,CVE-2018-8013

 

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), including its Patch Priority Index, click here.

Or for PPI and more, you can follow VERT on Twitter: @tripwirevert.