Skip to content ↓ | Skip to navigation ↓

Tripwire’s June 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.

First on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These Adobe Flash patches address type confusion, integer overflow, out-of-bounds read and stack-based buffer overflow vulnerabilities. Note that Adobe is aware of a report that an exploit for CVE-2018-5002 exists in the wild and has been used in targeted attacks against Windows users.

Next on the patch priority list this month are patches for Microsoft Browsers, Edge and Scripting Engine. The patches for Internet Explorer resolve a security feature bypass vulnerability and two Memory Corruption vulnerabilities. The patches for Edge resolve memory corruption, information disclosure and security feature bypass vulnerabilities. Finally, the patches for Microsoft Scripting Engine address three memory corruption vulnerabilities, one of which is rated as a 1 on the Microsoft Exploitability Index (Exploitation More Likely).

Up next are patches for Microsoft Excel, Office and Outlook. These patches address three elevation of privilege vulnerabilities along with an information disclosure vulnerability and a remote code execution vulnerability.

Next are patches for Microsoft SharePiont that resolve two elevation of privilege vulnerabilities, followed by patches for Microsoft Windows.

The June patch drop for Microsoft Windows contained patches for 23 vulnerabilities spread across Cortana; HIDParser; HTTP.sys; Media Foundationl; NTFS; Webdav; Win32k; Windows wireless network profile service; Hyper-V; GDI; DNSAPI; Kernel; and Desktop Bridge. These included elevation of privilege, denial of service, memory corruption, information disclosure, and remote code execution vulnerabilities.

Last for the month are patches for Microsoft Device Guard, which resolve seven security feature bypass vulnerabilities.

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.

 

BULLETIN
CVE
ADOBE FLASH APSB18-19
CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002
SCRIPTING ENGINE
CVE-2018-8229, CVE-2018-8227, CVE-2018-8267
BROWSER
CVE-2018-0978, CVE-2018-8249, CVE-2018-8113
EDGE
CVE-2018-8234, CVE-2018-0871, CVE-2018-8236, CVE-2018-8110, CVE-2018-8111, CVE-2018-8235
MICROSOFT EXCEL
CVE-2018-8246, CVE-2018-8248
MICROSOFT OFFICE
CVE-2018-8247, CVE-2018-8245
MICROSOFT OUTLOOK
CVE-2018-8244
MICROSOFT SHAREPOINT
CVE-2018-8252, CVE-2018-8254
MICROSOFT WINDOWS
CVE-2018-8140, CVE-2018-8169, CVE-2018-8231, CVE-2018-8226, CVE-2018-8219, CVE-2018-8251, CVE-2018-1036, CVE-2018-8175, CVE-2018-8233, CVE-2018-1040, CVE-2018-8225, CVE-2018-8205, CVE-2018-8208, CVE-2018-8214, CVE-2018-0982, CVE-2018-8239, CVE-2018-8218, CVE-2018-8224, CVE-2018-8207, CVE-2018-8121, CVE-2018-8210, CVE-2018-8213, CVE-2018-8209
DEVICE GUARD
CVE-2018-8201, CVE-2018-8215, CVE-2018-8217, CVE-2018-8216, CVE-2018-8211, CVE-2018-8212, CVE-2018-8221

 

The Executive's Guide to the Top 20 Critical Security Controls