|Microsoft Browser – IE||CVE-2017-11790,CVE-2017-11822,CVE-2017-11813|
|Microsoft Browser – Edge||CVE-2017-11794,CVE-2017-8726|
|Microsoft Browser – Scripting engine||CVE-2017-11796, CVE-2017-11808, CVE-2017-11809, CVE-2017-11805, CVE-2017-11802, CVE-2017-11806, CVE-2017-11807, CVE-2017-11800, CVE-2017-11821, CVE-2017-11792, CVE-2017-11793, CVE-2017-11798, CVE-2017-11799, CVE-2017-11804, CVE-2017-11811, CVE-2017-11810, CVE-2017-11812|
|Microsoft Office||CVE-2017-11826, CVE-2017-11776, CVE-2017-11774, CVE-2017-11786|
|Oracle Java||CVE-2017-10345,CVE-2017-10346,CVE-2017-10350,CVE-2017-10357,CVE-2017-10356,CVE-2017-10355,CVE-2017-10348,CVE-2017-10349,CVE-2017-10347,CVE-2017-10274,CVE-2016-9841, CVE-2017-10309,CVE-2017-10281,CVE-2017-10388,CVE-2017-10293,CVE-2017-10285,CVE-2017-10295,CVE-2016-10165|
|Google Chrome||CVE-2017-5124,CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5132, CVE-2017-5130, CVE-2017-5131, CVE-2017-5133, CVE-2017-15386 CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395, CVE-2017-5124, CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5132, CVE-2017-5130, CVE-2017-5131, CVE-2017-5133, CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395|
|Windows – Win32 and Kernel||CVE-2017-8694,CVE-2017-8689, CVE-2017-11785,CVE-2017-11765,CVE-2017-11784,CVE-2017-11814|
|Windows – Graphics||CVE-2017-8693, CVE-2017-11763,CVE-2017-11762,CVE-2017-11824,CVE-2017-11816|
|Windows – Miscellaneous||CVE-2017-8717, CVE-2017-8718, CVE-2017-11772,CVE-2017-11823,CVE-2017-11769,CVE-2017-11779,CVE-2017-11783,CVE-2017-11817,CVE-2017-11781,CVE-2017-11782,CVE-2017-11815,CVE-2017-11780,CVE-2017-11771,CVE-2017-8715, CVE-2017-8727, CVE-2017-11819,CVE-2017-11818,CVE-2017-8703, CVE-2017-11829|
|Microsoft Office – Sharepoint||CVE-2017-11820, CVE-2017-11777, CVE-2017-11775|
The October 2017 Patch Priority Index (PPI) brings together a collection of high priority vulnerabilities that should be patched as soon as possible. The PPI for October includes vulnerabilities from Microsoft, Adobe, Chrome, and Oracle.
Vulnerability Highlights: Adobe has noted that CVE-2017-11292 has been exploited in the wild and is being used in limited but targeted attacks against users who are running Windows. Microsoft vulnerabilities CVE-2017-8703, CVE-2017-11777, and CVE-2017-11826 have been publicly disclosed. More importantly, CVE-2017-11826 for Microsoft Office has been actively exploited in older versions of Microsoft Office.
Based on the vulnerability highlights, we recommend placing Adobe Flash patching at the top of your priority list for October. Following Adobe, administrators should focus on ensuring patches are applied for Microsoft Internet Explorer and Edge. There are quite a few vulnerabilities being addressed in the Microsoft Scripting engine.
Up next is Microsoft Office. As noted in the vulnerability highlights, CVE-2017-11826 is being actively exploited in the wild. Administrators should ensure patches for this vulnerability are applied as soon as possible.
Up next are patches for Oracle Java and Google Chrome. The Chrome security update included fixes for 35 vulnerabilities, with 8 of these marked as high priority fixes.
Finally for October, administrators should ensure patches are applied for the remainder of this month’s Microsoft security updates, which include Windows Win32, Windows Kernel, Windows Graphics, Microsoft Office Sharepoint, and various other Windows based components.
To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.