Skip to content ↓ | Skip to navigation ↓

BULLETIN

CVE

APSB17-32 CVE-2017-11292
Microsoft Browser – IE CVE-2017-11790,CVE-2017-11822,CVE-2017-11813
Microsoft Browser – Edge CVE-2017-11794,CVE-2017-8726
Microsoft Browser – Scripting engine CVE-2017-11796, CVE-2017-11808, CVE-2017-11809,      CVE-2017-11805, CVE-2017-11802, CVE-2017-11806, CVE-2017-11807, CVE-2017-11800, CVE-2017-11821, CVE-2017-11792, CVE-2017-11793, CVE-2017-11798, CVE-2017-11799, CVE-2017-11804, CVE-2017-11811, CVE-2017-11810, CVE-2017-11812
Microsoft Office CVE-2017-11826, CVE-2017-11776, CVE-2017-11774, CVE-2017-11786
Oracle Java CVE-2017-10345,CVE-2017-10346,CVE-2017-10350,CVE-2017-10357,CVE-2017-10356,CVE-2017-10355,CVE-2017-10348,CVE-2017-10349,CVE-2017-10347,CVE-2017-10274,CVE-2016-9841, CVE-2017-10309,CVE-2017-10281,CVE-2017-10388,CVE-2017-10293,CVE-2017-10285,CVE-2017-10295,CVE-2016-10165
Google Chrome CVE-2017-5124,CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5132, CVE-2017-5130, CVE-2017-5131, CVE-2017-5133, CVE-2017-15386 CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395, CVE-2017-5124, CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5132, CVE-2017-5130, CVE-2017-5131, CVE-2017-5133, CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395
Windows – Win32 and Kernel CVE-2017-8694,CVE-2017-8689, CVE-2017-11785,CVE-2017-11765,CVE-2017-11784,CVE-2017-11814
Windows – Graphics CVE-2017-8693, CVE-2017-11763,CVE-2017-11762,CVE-2017-11824,CVE-2017-11816
Windows – Miscellaneous CVE-2017-8717, CVE-2017-8718, CVE-2017-11772,CVE-2017-11823,CVE-2017-11769,CVE-2017-11779,CVE-2017-11783,CVE-2017-11817,CVE-2017-11781,CVE-2017-11782,CVE-2017-11815,CVE-2017-11780,CVE-2017-11771,CVE-2017-8715, CVE-2017-8727, CVE-2017-11819,CVE-2017-11818,CVE-2017-8703, CVE-2017-11829
Microsoft Office – Sharepoint CVE-2017-11820, CVE-2017-11777, CVE-2017-11775

 

The October 2017 Patch Priority Index (PPI) brings together a collection of high priority vulnerabilities that should be patched as soon as possible. The PPI for October includes vulnerabilities from Microsoft, Adobe, Chrome, and Oracle.

Vulnerability Highlights: Adobe has noted that CVE-2017-11292 has been exploited in the wild and is being used in limited but targeted attacks against users who are running Windows. Microsoft vulnerabilities CVE-2017-8703, CVE-2017-11777, and CVE-2017-11826 have been publicly disclosed. More importantly, CVE-2017-11826 for Microsoft Office has been actively exploited in older versions of Microsoft Office.

Based on the vulnerability highlights, we recommend placing Adobe Flash patching at the top of your priority list for October. Following Adobe, administrators should focus on ensuring patches are applied for Microsoft Internet Explorer and Edge. There are quite a few vulnerabilities being addressed in the Microsoft Scripting engine.

Up next is Microsoft Office. As noted in the vulnerability highlights, CVE-2017-11826 is being actively exploited in the wild. Administrators should ensure patches for this vulnerability are applied as soon as possible.

Up next are patches for Oracle Java and Google Chrome. The Chrome security update included fixes for 35 vulnerabilities, with 8 of these marked as high priority fixes.

Finally for October, administrators should ensure patches are applied for the remainder of this month’s Microsoft security updates, which include Windows Win32, Windows Kernel, Windows Graphics, Microsoft Office Sharepoint, and various other Windows based components.

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.

SANS White Paper: Security Basics
<!-- -->