Image

BULLETIN | CVE |
Adobe Flash APSB18-03 | CVE-2018-4878, CVE-2018-4877 |
Microsoft Browser | CVE-2018-0763, CVE-2018-0839, CVE-2018-0771 |
Microsoft Scripting Engine | CVE-2018-0840, CVE-2018-0860, CVE-2018-0861, CVE-2018-0866, CVE-2018-0838, CVE-2018-0859, CVE-2018-0857, CVE-2018-0856, CVE-2018-0835, CVE-2018-0834, CVE-2018-0837, CVE-2018-0836 |
Microsoft Office | CVE-2018-0853, CVE-2018-0851 |
Microsoft Outlook | CVE-2018-0850, CVE-2018-0852 |
Microsoft SharePoint | CVE-2018-0864, CVE-2018-0869, |
Windows Kernel | CVE-2018-0809, CVE-2018-0820, CVE-2018-0742, CVE-2018-0756, CVE-2018-0831, CVE-2018-0843, CVE-2018-0829, CVE-2018-0757, CVE-2018-0810, CVE-2018-0830, CVE-2018-0832 |
Windows | CVE-2018-0833, CVE-2018-0828 |
Windows Miscellaneous | CVE-2018-0823, CVE-2018-0825, CVE-2018-0821, CVE-2018-0844, CVE-2018-0846, CVE-2018-0755, CVE-2018-0761, CVE-2018-0760, CVE-2018-0855, CVE-2018-0822, CVE-2018-0842, CVE-2018-0847, CVE-2018-0827, CVE-2018-0826 |
NOTE: Adobe reports that one of these vulnerabilities (CVE-2018-4878) has been exploited in the wild and has been used to target Windows users. Administrators should install these patches as soon as possible. Please refer to Adobe Security Notification APSB18-03 for more details.Next up on the patch priority list this month are patches for Microsoft browsers and scripting engine. These patches address two information disclosure and one security feature bypass vulnerabilities in Microsoft Edge and 13 memory corruption vulnerabilities in the scripting engine. Up next are patches for Microsoft Office, Outlook and Sharepoint. These patches address six vulnerabilities, including information disclosure, memory corruption and elevation of privilege. Next administrators should focus on patches for the Windows Kernel. These patches address five elevation of privilege vulnerabilities and six information disclosure vulnerabilities. Lastly for this month, administrators should focus on the patching the remaining Microsoft February 2018 patches that resolve 16 vulnerabilities in Windows, Named Pipe File System, StructuredQuery, AppContainer, Common Log File System, EOT Font Engine, NTFS and Storage Services. To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.