Tripwire Patch Priority Index for February 2020

Tripwire's February 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. Up first on the patch priority list this month are patches for Microsoft Edge and Scripting Engine. These patches resolve information disclosure, elevation of privilege, and memory corruption vulnerabilities. Next on the list are patches for Adobe Flash player (APSB20-06), Adobe Acrobat (APSB20-05), and Adobe Reader (APSB20-05). These patches resolve information disclosure, arbitrary code execution, memory leak, and arbitrary file system write vulnerabilities. Next on the list are patches for Microsoft Excel and Outlook. These patches resolve one remote code execution and one security feature bypass vulnerabilities. Next, this month are patches that affect components of the Windows operating systems. These patches resolve more than 80 vulnerabilities, including denial of service, elevation of privilege, information disclosure, remote code execution, and security feature bypass. These vulnerabilities affect Connected Devices Platform Service, Connected User Experiences and Telemetry Service, DirectX, Backup Service, Client License Service, Data Sharing Service, Error Reporting, Function Discovery Service, Key Isolation Service, Search Indexer, Graphics Component, Windows Kernel, Windows Installer, COM, NDIS, Secure Boot, Hyper-V, RDP, and RDP Client. Lastly this month, administrators should focus on server-side patches available for Microsoft Office Online Server, SharePoint, SQL Server, and Exchange.  

BULLETIN	CVE
Microsoft Edge	CVE-2020-0706, CVE-2020-0663
Microsoft Scripting Engine	CVE-2020-0767, CVE-2020-0713, CVE-2020-0712, CVE-2020-0711, CVE-2020-0710, CVE-2020-0674, CVE-2020-0673
APSB20-06: Adobe Flash Player	CVE-2020-3757
APSB20-05: Adobe Reader and Acrobat	CVE-2020-3744, CVE-2020-3747, CVE-2020-3755, CVE-2020-3742, CVE-2020-3752, CVE-2020-3754, CVE-2020-3743, CVE-2020-3745, CVE-2020-3746, CVE-2020-3748, CVE-2020-3749, CVE-2020-3750, CVE-2020-3751, CVE-2020-3753, CVE-2020-3756, CVE-2020-3762, CVE-2020-3763
Microsoft Office	CVE-2020-0759, CVE-2020-0696
Microsoft Windows I	CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0727, CVE-2020-0732, CVE-2020-0681, CVE-2020-0703, CVE-2020-0685, CVE-2020-0701, CVE-2020-0657, CVE-2020-0658, CVE-2020-0747, CVE-2020-0659, CVE-2020-0818, CVE-2020-0739, CVE-2020-0737, CVE-2020-0753, CVE-2020-0754, CVE-2020-0678, CVE-2020-0679, CVE-2020-0680, CVE-2020-0682, CVE-2020-0698, CVE-2020-0669, CVE-2020-0668, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672, CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0756, CVE-2020-0755, CVE-2020-0748, CVE-2020-0757, CVE-2020-0667, CVE-2020-0666, CVE-2020-0704, CVE-2020-0733, CVE-2020-0738, CVE-2020-0729, CVE-2020-0655, CVE-2020-0702
Microsoft Windows II	CVE-2020-0707, CVE-2020-0730, CVE-2020-0735, CVE-2020-0665, CVE-2020-0708, CVE-2020-0691, CVE-2020-0750, CVE-2020-0749, CVE-2020-0752, CVE-2020-0709, CVE-2020-0714, CVE-2020-0746, CVE-2020-0744, CVE-2020-0745, CVE-2020-0715, CVE-2020-0792, CVE-2020-0731, CVE-2020-0722, CVE-2020-0723, CVE-2020-0725, CVE-2020-0720, CVE-2020-0721, CVE-2020-0726, CVE-2020-0724, CVE-2020-0719, CVE-2020-0717, CVE-2020-0716, CVE-2020-0736, CVE-2020-0683, CVE-2020-0686, CVE-2020-0728, CVE-2020-0705, CVE-2020-0705, CVE-2020-0689, CVE-2020-0661, CVE-2020-0751, CVE-2020-0662, CVE-2020-0660, CVE-2020-0660, CVE-2020-0817, CVE-2020-0734
Microsoft Office SharePoint	CVE-2020-0693, CVE-2020-0694
Microsoft Office Online Server	CVE-2020-0695
Microsoft SQL Server	CVE-2020-0618
Microsoft Exchange Server	CVE-2020-0688, CVE-2020-0692, CVE-2020-0688

  To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), including its Patch Priority Index, click here. Or for PPI and more, you can follow VERT on Twitter: @tripwirevert.