Skip to content ↓ | Skip to navigation ↓

Tripwire’s January 2019 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe and Oracle.

First on the patch priority list this month are patches for Microsoft’s Browser and Scripting Engine. These patches resolve six vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege and Remote Code Execution vulnerabilities.

Next on the list are patches for Adobe Reader and Acrobat. Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities including use-after-free and security bypass flaws.

Up next are patches for Oracle Java. Supported versions affected by the January 2019 Oracle Critical Patch Update include Java SE 7u201, 8u192, 11.0.1 and Java SE Embedded 8u191.

Then there are some patches for Microsoft Office, Outlook, Word, and Skype for Business 2015. These patches resolve five flaws, including Remote Code Execution, Spoofing and Information Disclosure vulnerabilities.

Next on the list are the patches for Microsoft Windows. These patches address 27 vulnerabilities across Windows Kernel, Jet Database Engine, XmlDocument, Hyper-V, Windows Subsystem for Linux, DHCP client, COM and Windows Data Sharing Service. They fix various weaknesses including Elevation of Privilege, Information Disclosure and Remote Code Execution vulnerabilities.

Next on the list are patches for the .NET Framework and Visual Studio, with fixes for Information Disclosure vulnerabilities.

Finally this month, administrators should focus on server-side patches available for Microsoft Exchange, SharePoint and Team Foundation Server. These patches resolve eight vulnerabilities, including Cross-site Scripting, Information Disclosure, Elevation of Privilege and Memory Corruption vulnerabilities.

BULLETIN

CVE

Browser CVE-2019-0541, CVE-2019-0566, CVE-2019-0565
Chakra Scripting Engine CVE-2019-0567, CVE-2019-0568, CVE-2019-0539
APSB19-02: Adobe Reader and Acrobat CVE-2018-16011, CVE-2018-16018
Oracle Java CVE-2018-11212, CVE-2019-2449, CVE-2019-2426, CVE-2019-2422
Microsoft Office CVE-2019-0560, CVE-2019-0559, CVE-2019-0561, CVE-2019-0585, CVE-2019-0624
Windows CVE-2019-0577, CVE-2019-0575, CVE-2019-0580, CVE-2019-0538, CVE-2019-0576, CVE-2019-0579, CVE-2019-0578, CVE-2019-0582, CVE-2019-0583, CVE-2019-0581, CVE-2019-0584, CVE-2019-0543, CVE-2019-0555, CVE-2019-0552, CVE-2019-0547, CVE-2019-0572, CVE-2019-0571, CVE-2019-0574, CVE-2019-0573, CVE-2019-0551, CVE-2019-0550, CVE-2019-0549, CVE-2019-0569, CVE-2019-0536, CVE-2019-0554, CVE-2019-0570, CVE-2019-0553
Developer Tools CVE-2019-0545, CVE-2019-0537
SharePoint CVE-2019-0558, CVE-2019-0557, CVE-2019-0556, CVE-2019-0562
Team Foundation Server CVE-2019-0647, CVE-2019-0646
Exchange Server CVE-2019-0588, CVE-2019-0586

 

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.

Or you can follow VERT on Twitter: @tripwirevert

The Executive's Guide to the Top 20 Critical Security Controls