Tripwire Patch Priority Index for June 2020

Tripwire's June 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, BIND and Oracle. Up first on the Patch Priority Index this month are patches for Microsoft, BIND and Oracle for vulnerabilities that have been integrated into various Exploits. Metasploit has recently added exploits for BIND (CVE-2020-8617), Oracle WebLogic Server (CVE-2020-2883) and Windows Background Intelligent Transfer Services (CVE-2020-0787). Canvas has recently added exploits for Microsoft SQL Server Reporting (CVE-2020-0618). Up next on the Patch Priority Index this month are patches for Microsoft Scripting Engine, Internet Explorer and Microsoft Edge. These patches resolve 11 vulnerabilities including remote code execution, information disclosure and memory corruption vulnerabilities. Next on the Patch Priority Index are patches for Microsoft Excel, Outlook and Project, which resolve four vulnerabilities including information disclosure, security feature bypass and remote code execution vulnerabilities. Next on this month's PPI are patches that affect components of the Windows operating systems. These patches resolve more than 90 vulnerabilities including denial of service, elevation of privilege, information disclosure, remote code execution and memory corruption vulnerabilities. These vulnerabilities affect Connected User Experiences and Telemetry Service, core Windows, Jet Database Engine, Windows Installer, Windows Store, Windows Error Reporting, Windows Network, Print Configuration, Registry, Runtime, State Repository Service, Media Foundation, SMBv3 client/server, OLE Automation, DirectX, Graphics Component, GDI, Diagnostics Hub, LNK and Windows Shell. Finally for this month's Patch Priority Index, administrators should focus on server-side patches available for Microsoft System Center and SharePoint. These patches resolve remote code execution, cross-site scripting, information disclosure, spoofing and open redirect vulnerabilities.  

BULLETIN	CVE
Exploit Frameworks	CVE-2020-8617, CVE-2020-2883, CVE-2020-0787, CVE-2020-0618
Microsoft Browsers	CVE-2020-1219
Internet Explorer	CVE-2020-1315
Microsoft Scripting Engine	CVE-2020-1073, CVE-2020-1260, CVE-2020-1213, CVE-2020-1215, CVE-2020-1214, CVE-2020-1216, CVE-2020-1230
Microsoft Edge (Chromium-based) in IE Mode	CVE-2020-1220
Microsoft Edge	CVE-2020-1242
Microsoft Office	CVE-2020-1225, CVE-2020-1226, CVE-2020-1229, CVE-2020-1322
Microsoft Windows I	CVE-2020-1211, CVE-2020-1120, CVE-2020-1244, CVE-2020-1317, CVE-2020-1222, CVE-2020-1309, CVE-2020-1292, CVE-2020-1290, CVE-2020-1255, CVE-2020-1271, CVE-2020-1283, CVE-2020-1296, CVE-2020-1162, CVE-2020-1324, CVE-2020-1234, CVE-2020-1263, CVE-2020-1197, CVE-2020-1259, CVE-2020-1312, CVE-2020-1307, CVE-2020-1316, CVE-2020-1246, CVE-2020-1241, CVE-2020-1204, CVE-2020-1291, CVE-2020-1209, CVE-2020-1201, CVE-2020-1196, CVE-2020-1194, CVE-2020-1235, CVE-2020-1233, CVE-2020-1231, CVE-2020-1334, CVE-2020-1306, CVE-2020-1217, CVE-2020-1268, CVE-2020-1305, CVE-2020-1314, CVE-2020-1313, CVE-2020-1270, CVE-2020-1300, CVE-2020-1232, CVE-2020-1239, CVE-2020-1311, CVE-2020-1294, CVE-2020-1287, CVE-2020-1301, CVE-2020-1284, CVE-2020-1206, CVE-2020-1254, CVE-2020-1212, CVE-2020-1281, CVE-2020-1293, CVE-2020-1257, CVE-2020-1310
Microsoft Windows II	CVE-2020-1247, CVE-2020-1280, CVE-2020-1264, CVE-2020-1266, CVE-2020-1262, CVE-2020-1276, CVE-2020-1269, CVE-2020-1237, CVE-2020-1273, CVE-2020-1275, CVE-2020-1274, CVE-2020-1265, CVE-2020-1282, CVE-2020-1261, CVE-2020-1279, CVE-2020-1258, CVE-2020-1160, CVE-2020-1207, CVE-2020-1251, CVE-2020-1253, CVE-2020-0915, CVE-2020-0916, CVE-2020-1348, CVE-2020-0986, CVE-2020-1208, CVE-2020-1236, CVE-2020-1202, CVE-2020-1203, CVE-2020-1278, CVE-2020-1248, CVE-2020-1299, CVE-2020-1286, CVE-2020-1238, CVE-2020-1304, CVE-2020-1302, CVE-2020-1272, CVE-2020-1277
System Center	CVE-2020-1331
Microsoft Office SharePoint	CVE-2020-1318, CVE-2020-1298, CVE-2020-1297, CVE-2020-1177, CVE-2020-1320, CVE-2020-1183, CVE-2020-1295, CVE-2020-1178, CVE-2020-1181, CVE-2020-1289, CVE-2020-1148, CVE-2020-1323

  To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), including its Patch Priority Index, click here. Or for PPI and more, you can follow VERT on Twitter: @tripwirevert.