Skip to content ↓ | Skip to navigation ↓

Tripwire’s February 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe and Oracle.

BULLETIN CVE
Adobe Flash APSB18-03 CVE-2018-4878, CVE-2018-4877
Microsoft Browser CVE-2018-0763, CVE-2018-0839, CVE-2018-0771
Microsoft Scripting Engine CVE-2018-0840, CVE-2018-0860, CVE-2018-0861, CVE-2018-0866, CVE-2018-0838, CVE-2018-0859, CVE-2018-0857, CVE-2018-0856, CVE-2018-0835, CVE-2018-0834, CVE-2018-0837, CVE-2018-0836
Microsoft Office CVE-2018-0853, CVE-2018-0851
Microsoft Outlook CVE-2018-0850, CVE-2018-0852
Microsoft SharePoint CVE-2018-0864, CVE-2018-0869,
Windows Kernel CVE-2018-0809, CVE-2018-0820, CVE-2018-0742, CVE-2018-0756, CVE-2018-0831, CVE-2018-0843, CVE-2018-0829, CVE-2018-0757, CVE-2018-0810, CVE-2018-0830, CVE-2018-0832
Windows CVE-2018-0833, CVE-2018-0828
Windows Miscellaneous CVE-2018-0823, CVE-2018-0825, CVE-2018-0821, CVE-2018-0844, CVE-2018-0846, CVE-2018-0755, CVE-2018-0761, CVE-2018-0760, CVE-2018-0855, CVE-2018-0822, CVE-2018-0842, CVE-2018-0847, CVE-2018-0827, CVE-2018-0826

 

First on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux, and Chrome OS. These Adobe Flash patches address two user-after-free vulnerabilities that can lead to remote code execution upon successful exploitation.

NOTE: Adobe reports that one of these vulnerabilities (CVE-2018-4878) has been exploited in the wild and has been used to target Windows users. Administrators should install these patches as soon as possible. Please refer to Adobe Security Notification APSB18-03 for more details.

Next up on the patch priority list this month are patches for Microsoft browsers and scripting engine. These patches address two information disclosure and one security feature bypass vulnerabilities in Microsoft Edge and 13 memory corruption vulnerabilities in the scripting engine.

Up next are patches for Microsoft Office, Outlook and Sharepoint. These patches address six vulnerabilities, including information disclosure, memory corruption and elevation of privilege.

Next administrators should focus on patches for the Windows Kernel. These patches address five elevation of privilege vulnerabilities and six information disclosure vulnerabilities.

Lastly for this month, administrators should focus on the patching the remaining Microsoft February 2018 patches that resolve 16 vulnerabilities in Windows, Named Pipe File System, StructuredQuery, AppContainer, Common Log File System, EOT Font Engine, NTFS and Storage Services.

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.

The Executive's Guide to the Top 20 Critical Security Controls