Tripwire Patch Priority Index for March 2020

Tripwire's March 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. Up first on the patch priority list this month are patches for Microsoft Browsers and Scripting Engine. These patches resolve information disclosure, remote code execution, and memory corruption vulnerabilities. Next on the list are patches for Microsoft Word, which resolve 3 remote code execution vulnerabilities. Next on the list are patches for Adobe Acrobat and Adobe Reader (APSB20-13). These patches resolve information disclosure, arbitrary code execution, and arbitrary privilege escalation vulnerabilities. Next this month are patches that affect components of the Windows operating systems. These patches resolve more than 70 vulnerabilities, including denial of service, elevation of privilege, information disclosure, remote code execution, and memory corruption. These vulnerabilities affect Connected User Experiences and Telemetry Service, Diagnostic Hub, LNK, Media Foundation, Provisioning Runtime, Kernel, CSC Service, ActiveX Error Reporting, GDI, Network Connections Service, Installer, Network Driver Interface Specification (NDIS), Search Indexer, UpNp Service, Work Folder Service, DirectX, ALPC, Defender Security Center, Update Orchestrator, and SMBv3. Lastly this month, administrators should focus on server-side patches available for Microsoft IIS, Dynamics, Exchange, and SharePoint.

BULLETIN	CVE
Microsoft Scripting Engine	CVE-2020-0811, CVE-2020-0812, CVE-2020-0813, CVE-2020-0829, CVE-2020-0828, CVE-2020-0823, CVE-2020-0825, CVE-2020-0830, CVE-2020-0827, CVE-2020-0826, CVE-2020-0832, CVE-2020-0833, CVE-2020-0831, CVE-2020-0848, CVE-2020-0847
Microsoft Browsers	CVE-2020-0824, CVE-2020-0816, CVE-2020-0768
Microsoft Office	CVE-2020-0850, CVE-2020-0852, CVE-2020-0892
APSB20-13: Adobe Reader and Acrobat	CVE-2020-3804, CVE-2020-3806, CVE-2020-3795, CVE-2020-3799, CVE-2020-3792, CVE-2020-3793, CVE-2020-3801, CVE-2020-3802, CVE-2020-3805, CVE-2020-3800, CVE-2020-3807, CVE-2020-3797, CVE-2020-3803
Microsoft Windows I	CVE-2020-0844, CVE-2020-0863, CVE-2020-0810, CVE-2020-0793, CVE-2020-0684, CVE-2020-0820, CVE-2020-0807, CVE-2020-0801, CVE-2020-0809, CVE-2020-0869, CVE-2020-0808, CVE-2020-0876, CVE-2020-0860, CVE-2020-0787, CVE-2020-0771, CVE-2020-0769, CVE-2020-0819, CVE-2020-0858, CVE-2020-0776, CVE-2020-0772, CVE-2020-0806, CVE-2020-0775, CVE-2020-0874, CVE-2020-0879, CVE-2020-0896, CVE-2020-0841, CVE-2020-0840, CVE-2020-0849, CVE-2020-0779, CVE-2020-0843, CVE-2020-0842, CVE-2020-0778, CVE-2020-0804
Microsoft Windows II	CVE-2020-0803, CVE-2020-0802, CVE-2020-0845, CVE-2020-0871, CVE-2020-0861, CVE-2020-0861, CVE-2020-0780, CVE-2020-0857, CVE-2020-0786, CVE-2020-0781, CVE-2020-0783, CVE-2020-0785, CVE-2020-0777, CVE-2020-0800, CVE-2020-0897, CVE-2020-0865, CVE-2020-0864, CVE-2020-0866, CVE-2020-0797, CVE-2020-0854, CVE-2020-0834, CVE-2020-0799, CVE-2020-0690, CVE-2020-0883, CVE-2020-0881, CVE-2020-0788, CVE-2020-0887, CVE-2020-0877, CVE-2020-0774, CVE-2020-0882, CVE-2020-0880, CVE-2020-0898, CVE-2020-0791, CVE-2020-0885, CVE-2020-0853, CVE-2020-0762, CVE-2020-0763, CVE-2020-0770, CVE-2020-0773, CVE-2020-0814, CVE-2020-0798, CVE-2020-0822, CVE-2020-0859, CVE-2020-0867, CVE-2020-0868, CVE-2020-0796
Microsoft IIS	CVE-2020-0645
Microsoft Dynamics	CVE-2020-0905
Microsoft Exchange Server	CVE-2020-0903
Microsoft Office SharePoint	CVE-2020-0893, CVE-2020-0894, CVE-2020-0891, CVE-2020-0795

  To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), including its PPI, click here. Or, for PPI and more, you can follow VERT on Twitter: @tripwirevert.