Tripwire’s June Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Apple, and Adobe.
This month, we return to the cumulative Internet Explorer update and it finds itself on the top of the June PPI. A total of 59 vulnerabilities are patched with the June IE update including a few that were publicly disclosed (CVE-2014-1771 and CVE-2014-1770).
Patch Priority Index for June 2014
|MS14-035||CVE-2014-1771, CVE-2014-1770, CVE-2014-1777|
|APSB14-16||CVE-2014-0531, CVE-2014-0532, CVE-2014-0544|
|OS X Mavericks 9.3||CVE-2014-1296, CVE-2014-1315, CVE-2014-5170|
|APSB14-15||CVE-2014-0511, CVE-2014-0513, CVE-2014-0522|
Following this month’s IE update, we shift gears to Adobe for our second recommended patch. The last Flash update resolves six issues. We’ve found that some people are confused by the update flow for Flash updates. Keep in mind that Chrome and IE ship with their own versions of Flash that must be updated independent of the Adobe provided Flash update.
The next two items are from the Microsoft June Security Bulletins, code execution issues with GDI+ and Microsoft Word. As usual, the GDI+ issue affects a number of platforms, which means multiple updates to install. The Word update, on the other hand, reminds us that newer is generally better with software. Only Word 2007 is affected, so install the patch or update to a newer version of Office.
Apple has released a new version of OS X Mavericks (9.3), which contains all the fixes that were included in April’s Security Update 2014-002. Users should update to 9.3 or deploy the security updated based on the needs of their environment.
The final 5 slots this month go to the remaining 4 June Microsoft bulletins and a repeat from last month from Adobe. The bulletins address a cross-site scripting issue in Lync, a denial of service in the Windows TCP/IP stack, a Tripwire discovered Remote Desktop issue, and an information disclosure in MSXML. From Adobe, we include last month’s Adobe Reader/Acrobat update. Given the popularity of this software, it’s always a recommended update if you haven’t applied the patch yet.