Tripwire's February 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. Up first on the patch priority list this month are patches for Microsoft Edge and Scripting Engine. These patches resolve information disclosure, elevation of privilege, and memory corruption vulnerabilities. Next on the list are patches for Adobe Flash player (APSB20-06), Adobe Acrobat (APSB20-05), and Adobe Reader (APSB20-05). These patches resolve information disclosure, arbitrary code execution, memory leak, and arbitrary file system write vulnerabilities. Next on the list are patches for Microsoft Excel and Outlook. These patches resolve one remote code execution and one security feature bypass vulnerabilities. Next, this month are patches that affect components of the Windows operating systems. These patches resolve more than 80 vulnerabilities, including denial of service, elevation of privilege, information disclosure, remote code execution, and security feature bypass. These vulnerabilities affect Connected Devices Platform Service, Connected User Experiences and Telemetry Service, DirectX, Backup Service, Client License Service, Data Sharing Service, Error Reporting, Function Discovery Service, Key Isolation Service, Search Indexer, Graphics Component, Windows Kernel, Windows Installer, COM, NDIS, Secure Boot, Hyper-V, RDP, and RDP Client. Lastly this month, administrators should focus on server-side patches available for Microsoft Office Online Server, SharePoint, SQL Server, and Exchange.
BULLETIN |
CVE |
Microsoft Edge |
CVE-2020-0706, CVE-2020-0663 |
Microsoft Scripting Engine |
CVE-2020-0767, CVE-2020-0713, CVE-2020-0712, CVE-2020-0711, CVE-2020-0710, CVE-2020-0674, CVE-2020-0673 |
APSB20-06: Adobe Flash Player |
CVE-2020-3757 |
APSB20-05: Adobe Reader and Acrobat |
CVE-2020-3744, CVE-2020-3747, CVE-2020-3755, CVE-2020-3742, CVE-2020-3752, CVE-2020-3754, CVE-2020-3743, CVE-2020-3745, CVE-2020-3746, CVE-2020-3748, CVE-2020-3749, CVE-2020-3750, CVE-2020-3751, CVE-2020-3753, CVE-2020-3756, CVE-2020-3762, CVE-2020-3763 |
Microsoft Office |
CVE-2020-0759, CVE-2020-0696 |
Microsoft Windows I |
CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0727, CVE-2020-0732, CVE-2020-0681, CVE-2020-0703, CVE-2020-0685, CVE-2020-0701, CVE-2020-0657, CVE-2020-0658, CVE-2020-0747, CVE-2020-0659, CVE-2020-0818, CVE-2020-0739, CVE-2020-0737, CVE-2020-0753, CVE-2020-0754, CVE-2020-0678, CVE-2020-0679, CVE-2020-0680, CVE-2020-0682, CVE-2020-0698, CVE-2020-0669, CVE-2020-0668, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672, CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0756, CVE-2020-0755, CVE-2020-0748, CVE-2020-0757, CVE-2020-0667, CVE-2020-0666, CVE-2020-0704, CVE-2020-0733, CVE-2020-0738, CVE-2020-0729, CVE-2020-0655, CVE-2020-0702 |
Microsoft Windows II |
CVE-2020-0707, CVE-2020-0730, CVE-2020-0735, CVE-2020-0665, CVE-2020-0708, CVE-2020-0691, CVE-2020-0750, CVE-2020-0749, CVE-2020-0752, CVE-2020-0709, CVE-2020-0714, CVE-2020-0746, CVE-2020-0744, CVE-2020-0745, CVE-2020-0715, CVE-2020-0792, CVE-2020-0731, CVE-2020-0722, CVE-2020-0723, CVE-2020-0725, CVE-2020-0720, CVE-2020-0721, CVE-2020-0726, CVE-2020-0724, CVE-2020-0719, CVE-2020-0717, CVE-2020-0716, CVE-2020-0736, CVE-2020-0683, CVE-2020-0686, CVE-2020-0728, CVE-2020-0705, CVE-2020-0705, CVE-2020-0689, CVE-2020-0661, CVE-2020-0751, CVE-2020-0662, CVE-2020-0660, CVE-2020-0660, CVE-2020-0817, CVE-2020-0734 |
Microsoft Office SharePoint |
CVE-2020-0693, CVE-2020-0694 |
Microsoft Office Online Server |
CVE-2020-0695 |
Microsoft SQL Server |
CVE-2020-0618 |
Microsoft Exchange Server |
CVE-2020-0688, CVE-2020-0692, CVE-2020-0688 |
To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), including its Patch Priority Index, click here. Or for PPI and more, you can follow VERT on Twitter: @tripwirevert.
