Skip to content ↓ | Skip to navigation ↓

Tripwire’s April 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, and VMware.

Up first on the patch priority list this month is a patch for VMware vCenter Server. This patch resolves an information disclosure vulnerability. This patch has highest priority as proof-of-concept code to exploit the vulnerability exists on the Web as well as in Metasploit.

Up next on the patch priority list this month are patches for Microsoft Scripting Engine. These patches resolve 6 vulnerabilities, including remote code execution and memory corruption vulnerabilities.

Next on the list are patches for Oracle Java, which resolve vulnerabilities related to concurrency, scripting, serialization, JavaFX, JSSE, libraries, and lightweight HTTP server.

Next on the list are patches for Microsoft Office, Excel, Word, and Visual Studio. These patches resolve 6 vulnerabilities, including remote code execution and elevation of privilege.

Next this month are patches that affect components of the Windows operating systems. These patches resolve more than 60 vulnerabilities, including denial of service, elevation of privilege, information disclosure, remote code execution, and memory corruption. These vulnerabilities affect Connected User Experiences and Telemetry Service, core Windows, Codecs Library, Push Notification Service, DNS, Jet Database Engine, Adobe Font Manager Library, DirectX, GDI+, Graphics Component, Kernel, Media Foundation, and Windows Update.

Next are patches for Hyper-V that resolve 2 elevation of privilege vulnerabilities along with a remote code execution vulnerability.

Finally, administrators should focus on server-side patches available for Microsoft Dynamics and SharePoint. These patches resolve remote code execution, cross-site scripting, information disclosure, and spoofing vulnerabilities.

BULLETIN
CVE
VMSA-2020-0006
CVE-2020-3952
Microsoft Scripting Engine
CVE-2020-0969, CVE-2020-0970, CVE-2020-0968, CVE-2020-0966, CVE-2020-0967, CVE-2020-0895
Oracle Java
CVE-2020-2830, CVE-2020-2755, CVE-2020-2754, CVE-2020-2757, CVE-2020-2756, CVE-2019-18197, CVE-2020-2816, CVE-2020-2803, CVE-2020-2781, CVE-2020-2805, CVE-2020-2778, CVE-2020-2764, CVE-2020-2800, CVE-2020-2773, CVE-2020-2767
Microsoft Office
CVE-2020-0961, CVE-2020-0760, CVE-2020-0991
Microsoft Excel
CVE-2020-0906
Microsoft Word
CVE-2020-0980
Visual Studio
CVE-2020-0900
Microsoft Windows I
CVE-2020-0942, CVE-2020-0944, CVE-2020-1029, CVE-2020-0965, CVE-2020-0794, CVE-2020-1011, CVE-2020-1009, CVE-2020-0934, CVE-2020-1017, CVE-2020-1001, CVE-2020-1006, CVE-2020-0940, CVE-2020-1016, CVE-2020-0981, CVE-2020-1094, CVE-2020-0993, CVE-2020-0988, CVE-2020-1008, CVE-2020-0953, CVE-2020-0889, CVE-2020-0992, CVE-2020-0959, CVE-2020-0960, CVE-2020-0995, CVE-2020-0994, CVE-2020-0999, CVE-2020-0938, CVE-2020-1020, CVE-2020-0784, CVE-2020-0964, CVE-2020-0987, CVE-2020-0982
Microsoft Windows II
CVE-2020-1005, CVE-2020-0907, CVE-2020-0687, CVE-2020-0958, CVE-2020-0952, CVE-2020-1004, CVE-2020-0937, CVE-2020-0946, CVE-2020-0947, CVE-2020-0945, CVE-2020-0939, CVE-2020-0950, CVE-2020-0948, CVE-2020-0949, CVE-2020-0888, CVE-2020-0957, CVE-2020-0956, CVE-2020-0699, CVE-2020-0962, CVE-2020-1015, CVE-2020-1000, CVE-2020-1027, CVE-2020-0913, CVE-2020-1003, CVE-2020-0821, CVE-2020-1007, CVE-2020-0955, CVE-2020-0936, CVE-2020-1014, CVE-2020-0983, CVE-2020-0985, CVE-2020-0996
Windows Hyper-V
CVE-2020-0918, CVE-2020-0917, CVE-2020-0910
Microsoft Dynamics
CVE-2020-1022, CVE-2020-1050, CVE-2020-1049, CVE-2020-1018
Microsoft Office SharePoint
CVE-2020-0933, CVE-2020-0930, CVE-2020-0924, CVE-2020-0925, CVE-2020-0978, CVE-2020-0926, CVE-2020-0927, CVE-2020-0923, CVE-2020-0954, CVE-2020-0973, CVE-2020-0932, CVE-2020-0920, CVE-2020-0929, CVE-2020-0974, CVE-2020-0971, CVE-2020-0977, CVE-2020-0976, CVE-2020-0975, CVE-2020-0972, CVE-2020-0931

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), including its Patch Priority Index, click here.

Or for PPI and more, you can follow VERT on Twitter: @tripwirevert.

Mastering Configuration Management Across the Modern Enterprise