Skip to content ↓ | Skip to navigation ↓

Tripwire’s November 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.

First on the patch priority list this month are patches for Microsoft’s Internet Explorer, Edge and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege (EoP), Spoofing and Information Disclosure vulnerabilities.

Next on the list are patches for Adobe Flash, Acrobat and Reader. These patches resolve two information disclosure vulnerabilities.

Up next are patches for Microsoft Office for Excel, Outlook, Project, Skype for Business and Word. These patches resolve 10 vulnerabilities, including Remote Code Execution (RCE) and Denial of Service vulnerabilities.

Next on the list are the patches for Microsoft Windows. These patches address multiple vulnerabilities across Active Directory Federation Services, BitLocker, DirectX, MSRPC, Graphics components, PowerShell, JScript, RemoteFX, Win32k, ALCP and other Windows components. These patches resolve 24 vulnerabilities including XSS, Security Feature Bypass, EoP, Information Disclosure and RCE vulnerabilities.

Finally, this month administrators should focus on server-side patches for Microsoft Team Foundation Server, Exchange, SharePoint and Dynamics 365. These patches resolve 10 vulnerabilities including XSS, EoP, Information Disclosure and RCE vulnerabilities.

BULLETIN

CVE

Microsoft Scripting Engine CVE-2018-8541, CVE-2018-8551, CVE-2018-8542, CVE-2018-8588, CVE-2018-8555, CVE-2018-8543, CVE-2018-8556, CVE-2018-8557, CVE-2018-8552
Microsoft Browsers CVE-2018-8570, CVE-2018-8567, CVE-2018-8545, CVE-2018-8564
Adobe Flash CVE-2018-15978
Adobe Acrobat/Reader CVE-2018-15979
Microsoft Office CVE-2018-8574, CVE-2018-8577, CVE-2018-8582, CVE-2018-8576, CVE-2018-8524, CVE-2018-8522, CVE-2018-8575, CVE-2018-8546, CVE-2018-8539, CVE-2018-8573
Microsoft Windows CVE-2018-8547, CVE-2018-8566, CVE-2018-8561, CVE-2018-8485, CVE-2018-8554, CVE-2018-8563, CVE-2018-8407, CVE-2018-8553, CVE-2018-8417, CVE-2018-8256, CVE-2018-8415, CVE-2018-8471, CVE-2018-8562, CVE-2018-8565, CVE-2018-8584, CVE-2018-8454, CVE-2018-8550, CVE-2018-8476, CVE-2018-8592, CVE-2018-8408, CVE-2018-8450, CVE-2018-8549, CVE-2018-8544, CVE-2018-8589
Microsoft Team Foundation Server CVE-2018-8602
Microsoft Exchange CVE-2018-8581
Microsoft SharePoint CVE-2018-8568, CVE-2018-8572, CVE-2018-8578
Microsoft Dynamics CVE-2018-8607, CVE-2018-8605, CVE-2018-8608, CVE-2018-8606, CVE-2018-8609

 

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.

Or you can follow them on Twitter: @tripwirevert

The Executive's Guide to the Top 20 Critical Security Controls