Tripwire Patch Priority Index for August 2020

Posted on August 31, 2020
Tripwire Patch Priority Index for August 2022
Tripwire's August 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Apple. Up first on the patch priority list this month are patches for Microsoft and Apple for vulnerabilities that have been integrated into various exploits. Metasploit has recently added exploits for Microsoft .NET Framework, SharePoint Server, and Visual studio (CVE-2020-1147) along with two vulnerabilities impacting various Apple products (CVE-2018-4162 and CVE-2016-4669), including macOS, iOS, iCloud, iTunes, and tvOS. Patches should be applied to these systems as soon as possible. Up next on the patch priority list this month are patches for Microsoft Scripting Engine, Internet Explorer, and Microsoft Edge. These patches resolve 6 vulnerabilities, including remote code execution and memory corruption vulnerabilities. Next on the list are patches for Microsoft Office, Word, Outlook, Excel, and Access, which resolve 13 vulnerabilities including information disclosure, memory corruption, and remote code execution vulnerabilities. Up next are patches for Adobe Reader and Acrobat. These patches resolve 26 issues including memory leak, privilege escalation, arbitrary code execution, security feature bypass, denial of service, and information disclosure vulnerabilities. Next this month are patches that affect components of the Windows operating systems. These patches resolve more than 70 vulnerabilities, including denial of service, elevation of privilege, information disclosure, remote code execution, and memory corruption vulnerabilities. These vulnerabilities affect Connected User Experiences and Telemetry Service, core Windows, Jet Database Engine, WalletService, DirectWrite, Media Foundation, Netlogon, GDI, Windows Speech Runtime, DirectX, Print Spooler, and Image Acquisition Service. Up next is are patches for .NET Framework that resolve remote code execution and elevation of privilege vulnerabilities. Finally, administrators should focus on server-side patches available for Microsoft Dynamics and SharePoint. These patches resolve 7 issues, including cross-site scripting, information disclosure, and spoofing vulnerabilities.
BULLETIN CVE
Exploit Framework - Metasploit CVE-2020-1147, CVE-2018-4162, CVE-2016-4669
Microsoft Edge CVE-2020-1569, CVE-2020-1568
Internet Explorer CVE-2020-1567
Microsoft Scripting Engine CVE-2020-1555, CVE-2020-1570, CVE-2020-1380
Microsoft Office CVE-2020-1582, CVE-2020-1497, CVE-2020-1496, CVE-2020-1495, CVE-2020-1494, CVE-2020-1498, CVE-2020-1504, CVE-2020-1563, CVE-2020-1493, CVE-2020-1483, CVE-2020-1583, CVE-2020-1503, CVE-2020-1502
APSB20-48: Adobe Reader and Acrobat CVE-2020-9697, CVE-2020-9714, CVE-2020-9693, CVE-2020-9694, CVE-2020-9696, CVE-2020-9712, CVE-2020-9702, CVE-2020-9703, CVE-2020-9723, CVE-2020-9705, CVE-2020-9706, CVE-2020-9707, CVE-2020-9710, CVE-2020-9716, CVE-2020-9717, CVE-2020-9718, CVE-2020-9719, CVE-2020-9720, CVE-2020-9721, CVE-2020-9698, CVE-2020-9699, CVE-2020-9700, CVE-2020-9701, CVE-2020-9704, CVE-2020-9715, CVE-2020-9722
Microsoft Windows I CVE-2020-1511, CVE-2020-1509, CVE-2020-1459, CVE-2020-1587, CVE-2020-1488, CVE-2020-1551, CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1545, CVE-2020-1541, CVE-2020-1540, CVE-2020-1543, CVE-2020-1542, CVE-2020-1544, CVE-2020-1547, CVE-2020-1546, CVE-2020-1534, CVE-2020-1550, CVE-2020-1549, CVE-2020-1489, CVE-2020-1513, CVE-2020-1527, CVE-2020-1518, CVE-2020-1517, CVE-2020-1520, CVE-2020-1579, CVE-2020-1480, CVE-2020-1467, CVE-2020-1485, CVE-2020-1486, CVE-2020-1566, CVE-2020-1526, CVE-2020-1383, CVE-2020-1528, CVE-2020-1537, CVE-2020-1530, CVE-2020-1553
Microsoft Windows II CVE-2020-1475, CVE-2020-1464, CVE-2020-1512, CVE-2020-1490, CVE-2020-1515, CVE-2020-1519, CVE-2020-1538, CVE-2020-1552, CVE-2020-1484, CVE-2020-1470, CVE-2020-1516, CVE-2020-1584, CVE-2020-1556, CVE-2020-1533, CVE-2020-1487, CVE-2020-1554, CVE-2020-1525, CVE-2020-1379, CVE-2020-1339, CVE-2020-1472, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564, CVE-2020-1473, CVE-2020-1577, CVE-2020-1562, CVE-2020-1561, CVE-2020-1510, CVE-2020-1529, CVE-2020-1522, CVE-2020-1521, CVE-2020-1524, CVE-2020-1479, CVE-2020-1417, CVE-2020-1578, CVE-2020-1492, CVE-2020-1531, CVE-2020-1565, CVE-2020-1377, CVE-2020-1378, CVE-2020-1466, CVE-2020-1548, CVE-2020-1337, CVE-2020-1477, CVE-2020-1478, CVE-2020-1474
.NET Framework CVE-2020-1046, CVE-2020-1476
Microsoft Dynamics CVE-2020-1591
Microsoft Office SharePoint CVE-2020-1573, CVE-2020-1580, CVE-2020-1505, CVE-2020-1499, CVE-2020-1501, CVE-2020-1500
 
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!