Tripwire Patch Priority Index for December 2018

Tripwire Patch Priority Index for August 2022

Tripwire's December 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer and Scripting Engine. These patches resolve nine vulnerabilities, including fixes for Memory Corruption and Remote Code Execution (RCE) vulnerabilities. Next on the list are patches for Adobe Flash. These patches resolve a use-after-free vulnerability and a DLL hijacking vulnerability. These patches are available for Windows, macOS, Linux and Chrome OS.

(NOTE: Adobe is aware of reports that an exploit for CVE-2018-15982 exists in the wild.)

Up next are patches for Adobe Acrobat and Reader, and this month it is a whopper resolving 87 vulnerabilities. These updates address critical and important vulnerabilities, including fixes for buffer errors, untrusted pointer dereference, security bypass, use-after-free, out-of-bounds read, out-of-bounds write, heap overflow and integer overflow vulnerabilities. Up next are patches for Microsoft Office for Excel, Outlook and PowerPoint. These patches resolve six vulnerabilities, including Remote Code Execution (RCE) and Information Disclosure vulnerabilities. Next on the list are the patches for Microsoft Windows. These patches address multiple vulnerabilities across Win32k.sys, Azure, DNS server, Windows GDI, Windows Kernel and other Windows components. These patch various vulnerabilities, including XSS, Heap Overflow, Denial of Service, Elevation of Privilege (EoP), Information Disclosure and RCE vulnerabilities.

(NOTE: Microsoft is reporting that the CVE-2018-8611 Windows kernel privilege escalation vulnerability is seeing active exploitation on older versions of Windows.) Successful exploitation can allow an attacker to run code in kernel mode. This issue was resolved by changing how the Windows kernel handles objects in memory.

Next on the list are patches for the .NET Framework, with fixes for a Denial of Service vulnerability and a Remote Code Injection vulnerability.

(NOTE: The CVE-2018-8517 vulnerability is a publicly disclosed issue with the .NET Framework that could allow an unauthenticated attacker to DoS a .NET Framework based web application by sending malformed web requests.)

Finally, this month, administrators should focus on server-side patches for Microsoft Exchange, SharePoint and Dynamics 365. These patches resolve four vulnerabilities including XSS, EoP, Information Disclosure and Server Tampering vulnerabilities.

BULLETIN	CVE
Browser	CVE-2018-8631, CVE-2018-8619
Scripting Engine and VBScript	CVE-2018-8617, CVE-2018-8618, CVE-2018-8583, CVE-2018-8629, CVE-2018-8624, CVE-2018-8643, CVE-2018-8625
APSB18-42: Adobe Flash	CVE-2018-15982, CVE-2018-15983
APSB18-41: Adobe Reader and Acrobat - 1	CVE-2018-15998, CVE-2018-15987, CVE-2018-16004, CVE-2018-19720, CVE-2018-16045, CVE-2018-16044, CVE-2018-16018, CVE-2018-19715, CVE-2018-19713, CVE-2018-19708, CVE-2018-19707, CVE-2018-19700, CVE-2018-19698, CVE-2018-16046, CVE-2018-16040, CVE-2018-16039, CVE-2018-16037, CVE-2018-16036, CVE-2018-16029, CVE-2018-16027, CVE-2018-16026, CVE-2018-16025, CVE-2018-16014, CVE-2018-16011, CVE-2018-16008, CVE-2018-16003, CVE-2018-15994, CVE-2018-15993, CVE-2018-15992, CVE-2018-15991, CVE-2018-15990, CVE-2018-19702, CVE-2018-16016, CVE-2018-16000, CVE-2018-15999, CVE-2018-15988, CVE-2018-19716, CVE-2018-16021, CVE-2018-12830, CVE-2018-19717, CVE-2018-19714, CVE-2018-19712, CVE-2018-19711
APSB18-41: Adobe Reader and Acrobat - 2	CVE-2018-19710, CVE-2018-19709, CVE-2018-19706, CVE-2018-19705, CVE-2018-19704, CVE-2018-19703, CVE-2018-19701, CVE-2018-19699, CVE-2018-16047, CVE-2018-16043, CVE-2018-16041, CVE-2018-16038, CVE-2018-16035, CVE-2018-16034, CVE-2018-16033, CVE-2018-16032, CVE-2018-16031, CVE-2018-16030, CVE-2018-16028, CVE-2018-16024, CVE-2018-16023, CVE-2018-16022, CVE-2018-16020, CVE-2018-16019, CVE-2018-16017, CVE-2018-16015, CVE-2018-16013, CVE-2018-16012, CVE-2018-16010, CVE-2018-16006, CVE-2018-16005, CVE-2018-16002, CVE-2018-16001, CVE-2018-15997, CVE-2018-15996, CVE-2018-15989, CVE-2018-15985, CVE-2018-15984, CVE-2018-19719, CVE-2018-16009, CVE-2018-16007, CVE-2018-15995, CVE-2018-15986, CVE-2018-16042
Microsoft Office	CVE-2018-8627, CVE-2018-8598, CVE-2018-8597, CVE-2018-8636, CVE-2018-8587, CVE-2018-8628
Windows	CVE-2018-8612, CVE-2018-8599, CVE-2018-8638, CVE-2018-8634, CVE-2018-8514, CVE-2018-8641, CVE-2018-8639, CVE-2018-8637, CVE-2018-8652, CVE-2018-8626, CVE-2018-8649, CVE-2018-8596, CVE-2018-8595, CVE-2018-8611, CVE-2018-8621, CVE-2018-8622, CVE-2018-8477
.NET	CVE-2018-8517, CVE-2018-8540
Microsoft SharePoint	CVE-2018-8580, CVE-2018-8635
Exchange Server	CVE-2018-8604
Microsoft Dynamics	CVE-2018-8651

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here. Or you can follow them on Twitter: @tripwirevert

Tripwire Patch Priority Index for December 2018

BULLETIN

CVE

Browser

CVE-2018-8631, CVE-2018-8619

Scripting Engine and VBScript

CVE-2018-8617, CVE-2018-8618, CVE-2018-8583, CVE-2018-8629, CVE-2018-8624, CVE-2018-8643, CVE-2018-8625

APSB18-42: Adobe Flash

CVE-2018-15982, CVE-2018-15983

APSB18-41: Adobe Reader and Acrobat - 1

APSB18-41: Adobe Reader and Acrobat - 2

Microsoft Office

CVE-2018-8627, CVE-2018-8598, CVE-2018-8597, CVE-2018-8636, CVE-2018-8587, CVE-2018-8628

Windows

CVE-2018-8612, CVE-2018-8599, CVE-2018-8638, CVE-2018-8634, CVE-2018-8514, CVE-2018-8641, CVE-2018-8639, CVE-2018-8637, CVE-2018-8652, CVE-2018-8626, CVE-2018-8649, CVE-2018-8596, CVE-2018-8595, CVE-2018-8611, CVE-2018-8621, CVE-2018-8622, CVE-2018-8477

.NET

CVE-2018-8517, CVE-2018-8540

Microsoft SharePoint

CVE-2018-8580, CVE-2018-8635

Exchange Server

CVE-2018-8604

Microsoft Dynamics

CVE-2018-8651

Lane Thames

Contact Information

Privacy Policy

Cookie Policy

Impressum