Skip to content ↓ | Skip to navigation ↓

Tripwire’s November 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, Linux Kernel and Adobe.

Exploit Alert: Metasploit
First, on the patch priority list, this month are vulnerabilities that have been recently added to Metasploit. Two vulnerabilities, identified by CVE-2019-11539 and CVE-2019-11510 that affect the Pulse Connect Secure product have been added to Metasploit. Administrators can learn more about these vulnerabilities via the Pulse Connect Secure advisory SA44101.

Exploit Alert: Exploit-DB
Up next, system administrators should focus on several vulnerabilities from Adobe for Acrobat & Reader as well as Microsoft for Internet Explorer and Windows Universal Plug and Play (UPnP). Vulnerabilities impacting these products, identified by CVE-2019-8196, CVE-2019-8195, CVE-2019-1429, and CVE-2019-1405, have been added to Exploit-DB with information detailing technical aspects that could lead to direct exploitation of these vulnerabilities.

Other Patch Priorities
Up next are patches for Microsoft Browser, Scripting Engine and VBScript. These patches resolve 6 vulnerabilities including fixes for memory corruption, remote code execution, and security feature bypass flaws.

Next on the list are patches for Microsoft Excel, Office, and Visual Studio. These patches resolve 5 vulnerabilities including fixes for information disclosure, remote code execution, security feature bypass, and elevation of privilege vulnerabilities.

Up next are patches for Microsoft Windows. These patches address numerous vulnerabilities across Windows Kernel, GDI, Microsoft Graphics, Jet Database Engine, Windows Data Sharing Service, Windows AppX, Windows Error Reporting, DirectWrite, ActiveX, Windows Modules Installer Service, and Windows RPC. These patches fix over 40 vulnerabilities including elevation of privilege, information disclosure, spoofing, security feature bypass, and remote code execution vulnerabilities.

Next, this month are patches for Windows Hyper-V. These patches resolve 9 vulnerabilities including fixes for denial of service and remote code execution vulnerabilities.

Lastly this month, administrators should focus on server-side patches available for Microsoft Exchange, SharePoint, and Office Online Server. These patches resolve over 4 vulnerabilities including information disclosure, remote code execution and spoofing vulnerabilities.

BULLETIN
CVE
Exploit Alert: Metasploit
CVE-2019-11539, CVE-2019-11510
Exploit Alert: Exploit-DB
CVE-2019-8196, CVE-2019-8195, CVE-2019-1429, CVE-2019-1405
Microsoft Edge
CVE-2019-1413
Microsoft Scripting Engine and VBScript
CVE-2019-1429, CVE-2019-1426, CVE-2019-1427, CVE-2019-1428, CVE-2019-1390
Microsoft Office
CVE-2019-1446, CVE-2019-1448, CVE-2019-1402, CVE-2019-1442
Microsoft Visual Studio
CVE-2019-1425
Microsoft Excel
CVE-2019-1331, CVE-2019-1327
Microsoft Windows
CVE-2019-1411, CVE-2019-1432, CVE-2019-1406, CVE-2019-1382, CVE-2019-1381, CVE-2019-1430, CVE-2019-1384, CVE-2019-1380, CVE-2019-1424, CVE-2019-1412, CVE-2019-1456, CVE-2019-1419, CVE-2019-1408, CVE-2019-1434, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1393, CVE-2019-1441, CVE-2019-1440, CVE-2019-1436, CVE-2019-1385, CVE-2019-1388, CVE-2019-1379, CVE-2019-1383, CVE-2019-1417, CVE-2018-12207,CVE-2019-1391, CVE-2019-1422, CVE-2019-1420, CVE-2019-1423, CVE-2019-1374, CVE-2019-1439, CVE-2019-1433, CVE-2019-1407, CVE-2019-1438, CVE-2019-1437, CVE-2019-1435, CVE-2019-1415, CVE-2019-1392, CVE-2019-11135, CVE-2019-1418, CVE-2019-1409, CVE-2019-1416, CVE-2019-1324, CVE-2019-1405
Microsoft Hyper-V
CVE-2019-0712, CVE-2019-1310, CVE-2019-1309, CVE-2019-1399, CVE-2019-1389, CVE-2019-1398, CVE-2019-1397, CVE-2019-0719, CVE-2019-0721
Microsoft Exchange Server
CVE-2019-1373
Microsoft SharePoint and Office Online Server
CVE-2019-1447, CVE-2019-1445, CVE-2019-1443

 

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), including its PPI, click here.

Or, for PPI and more, you can follow VERT on Twitter: @tripwirevert.

 

The Executive's Guide to the Top 20 Critical Security Controls