Skip to content ↓ | Skip to navigation ↓

Tripwire’s July 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.

First on the patch priority list this month are patches for Microsoft’s Internet Explorer, Edge and Scripting Engine. These patches resolve 22 vulnerabilities, including fixes for security feature bypass, information disclosure, and memory corruption vulnerabilities. This set of vulnerabilities includes CVE-2018-8278, a Microsoft Edge spoofing vulnerability, that Microsoft rated as “Exploitation More Likely.”

Next on the patch priority list this month are patches released by Adobe and described in the APSB18-24 security bulletin. This patch set includes fixes for vulnerabilities in Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. The patches address type confusion and out-of-bounds read vulnerabilities.

Up next are patches for Adobe Reader and Acrobat described in the APSB18-21 security bulletin. Get ready because these patches address over 100 critical and important vulnerabilities in Adobe Acrobat and Reader for Windows and macOS. The patches address double-free, heap overflow, use-after-free, out-of-bounds write, out-of-bounds read, security feature bypass, type confusion, and untrusted pointer dereference vulnerabilities.

Up next are patches for Microsoft Access and Microsoft Office. These patches address two remote code execution vulnerabilities and one tampering vulnerability.

Next are patches for Microsoft SharePoint that resolve two elevation of privilege vulnerabilities and one remote code execution vulnerability.

Next are patches for Microsoft Windows. The July patch drop for Microsoft Windows contains patches for nine vulnerabilities spread across Device Guard, Win32k.sys, DNSAPI, Windows FTP, WordPad, and Windows Kernel. These included elevation of privilege, denial of service, and security feature bypass vulnerabilities. Note that this includes CVE-2018-8313 and CVE-2018-8314, which Microsoft rates as “Exploitation More Likely.”

Last for the month are patches for Microsoft Lync, Skype for Business, .NET Framework, ASP.NET, and Visual Studio, which resolve elevation of privilege, remote code execution, remote code injection, and security feature bypass vulnerabilitie.

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.

BULLETIN
CVE
Internet Explorer
CVE-2018-0949
Edge
CVE-2018-8325, CVE-2018-8324, CVE-2018-8289, CVE-2018-8297, CVE-2018-8301, CVE-2018-8275, CVE-2018-8274, CVE-2018-8125, CVE-2018-8279, CVE-2018-8262, CVE-2018-8278
Scripting Engine
CVE-2018-8286, CVE-2018-8280, CVE-2018-8294, CVE-2018-8290, CVE-2018-8288, CVE-2018-8287, CVE-2018-8296, CVE-2018-8291, CVE-2018-8242, CVE-2018-8276
APSB18-24 Adobe Flash
CVE-2018-5008, CVE-2018-5007
APSB18-21 Adobe Reader and Acrobat – 1
CVE-2018-12782, CVE-2018-5015, CVE-2018-5028, CVE-2018-5032, CVE-2018-5036, CVE-2018-5038, CVE-2018-5040, CVE-2018-5041, CVE-2018-5045, CVE-2018-5052, CVE-2018-5058, CVE-2018-5067, CVE-2018-12785, CVE-2018-12788, CVE-2018-12798, CVE-2018-5009, CVE-2018-5011, CVE-2018-5065, CVE-2018-12756, CVE-2018-12770, CVE-2018-12772, CVE-2018-12773, CVE-2018-12776, CVE-2018-12783, CVE-2018-12791, CVE-2018-12792, CVE-2018-12796, CVE-2018-12797, CVE-2018-5020, CVE-2018-5021, CVE-2018-5042, CVE-2018-5059, CVE-2018-5064, CVE-2018-5069, CVE-2018-5070, CVE-2018-12754, CVE-2018-12755, CVE-2018-12758, CVE-2018-12760, CVE-2018-12771, CVE-2018-12787, CVE-2018-12802, CVE-2018-5010, CVE-2018-12803, CVE-2018-5014, CVE-2018-5016, CVE-2018-5017, CVE-2018-5018, CVE-2018-5019, CVE-2018-5022, CVE-2018-5023, CVE-2018-5024, CVE-2018-5025, CVE-2018-5026
APSB18-21 Adobe Reader and Acrobat – 2
CVE-2018-5027, CVE-2018-5029, CVE-2018-5031, CVE-2018-5033, CVE-2018-5035, CVE-2018-5039, CVE-2018-5044, CVE-2018-5046, CVE-2018-5047, CVE-2018-5048, CVE-2018-5049,CVE-2018-5050, CVE-2018-5051, CVE-2018-5053, CVE-2018-5054, CVE-2018-5055, CVE-2018-5056, CVE-2018-5060, CVE-2018-5061, CVE-2018-5062, CVE-2018-5063, CVE-2018-5066, CVE-2018-5068, CVE-2018-12757, CVE-2018-12761, CVE-2018-12762, CVE-2018-12763, CVE-2018-12764, CVE-2018-12765, CVE-2018-12766, CVE-2018-12767, CVE-2018-12768, CVE-2018-12774, CVE-2018-12777, CVE-2018-12779, CVE-2018-12780, CVE-2018-12781, CVE-2018-12786, CVE-2018-12789, CVE-2018-12790, CVE-2018-12795, CVE-2018-5057, CVE-2018-12793, CVE-2018-12794, CVE-2018-5012, CVE-2018-5030, CVE-2018-5034, CVE-2018-5037, CVE-2018-5043, CVE-2018-12784
Microsoft Office
CVE-2018-8312, CVE-2018-8281, CVE-2018-8310
SharePoint
CVE-2018-8323, CVE-2018-8299, CVE-2018-8300
Windows
CVE-2018-8222, CVE-2018-8282, CVE-2018-8304, CVE-2018-8309, CVE-2018-8313, CVE-2018-8314, CVE-2018-8206, CVE-2018-8308, CVE-2018-8307
Skype for Business and Lync
CVE-2018-8311, CVE-2018-8238
Developer Tools
CVE-2018-8202, CVE-2018-8260, CVE-2018-8284, CVE-2018-8356, CVE-2018-8171, CVE-2018-8172

 

 

The Executive's Guide to the Top 20 Critical Security Controls