Tripwire’s June 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, BIND and Oracle.
Up first on the Patch Priority Index this month are patches for Microsoft, BIND and Oracle for vulnerabilities that have been integrated into various Exploits. Metasploit has recently added exploits for BIND (CVE-2020-8617), Oracle WebLogic Server (CVE-2020-2883) and Windows Background Intelligent Transfer Services (CVE-2020-0787). Canvas has recently added exploits for Microsoft SQL Server Reporting (CVE-2020-0618).
Up next on the Patch Priority Index this month are patches for Microsoft Scripting Engine, Internet Explorer and Microsoft Edge. These patches resolve 11 vulnerabilities including remote code execution, information disclosure and memory corruption vulnerabilities.
Next on the Patch Priority Index are patches for Microsoft Excel, Outlook and Project, which resolve four vulnerabilities including information disclosure, security feature bypass and remote code execution vulnerabilities.
Next on this month’s PPI are patches that affect components of the Windows operating systems. These patches resolve more than 90 vulnerabilities including denial of service, elevation of privilege, information disclosure, remote code execution and memory corruption vulnerabilities. These vulnerabilities affect Connected User Experiences and Telemetry Service, core Windows, Jet Database Engine, Windows Installer, Windows Store, Windows Error Reporting, Windows Network, Print Configuration, Registry, Runtime, State Repository Service, Media Foundation, SMBv3 client/server, OLE Automation, DirectX, Graphics Component, GDI, Diagnostics Hub, LNK and Windows Shell.
Finally for this month’s Patch Priority Index, administrators should focus on server-side patches available for Microsoft System Center and SharePoint. These patches resolve remote code execution, cross-site scripting, information disclosure, spoofing and open redirect vulnerabilities.
|Exploit Frameworks||CVE-2020-8617, CVE-2020-2883, CVE-2020-0787, CVE-2020-0618|
|Microsoft Scripting Engine||CVE-2020-1073, CVE-2020-1260, CVE-2020-1213, CVE-2020-1215, CVE-2020-1214, CVE-2020-1216, CVE-2020-1230|
|Microsoft Edge (Chromium-based) in IE Mode||CVE-2020-1220|
|Microsoft Office||CVE-2020-1225, CVE-2020-1226, CVE-2020-1229, CVE-2020-1322|
|Microsoft Windows I||CVE-2020-1211, CVE-2020-1120, CVE-2020-1244, CVE-2020-1317, CVE-2020-1222, CVE-2020-1309, CVE-2020-1292, CVE-2020-1290, CVE-2020-1255, CVE-2020-1271, CVE-2020-1283, CVE-2020-1296, CVE-2020-1162, CVE-2020-1324, CVE-2020-1234, CVE-2020-1263, CVE-2020-1197, CVE-2020-1259, CVE-2020-1312, CVE-2020-1307, CVE-2020-1316, CVE-2020-1246, CVE-2020-1241, CVE-2020-1204, CVE-2020-1291, CVE-2020-1209, CVE-2020-1201, CVE-2020-1196, CVE-2020-1194, CVE-2020-1235, CVE-2020-1233, CVE-2020-1231, CVE-2020-1334, CVE-2020-1306, CVE-2020-1217, CVE-2020-1268, CVE-2020-1305, CVE-2020-1314, CVE-2020-1313, CVE-2020-1270, CVE-2020-1300, CVE-2020-1232, CVE-2020-1239, CVE-2020-1311, CVE-2020-1294, CVE-2020-1287, CVE-2020-1301, CVE-2020-1284, CVE-2020-1206, CVE-2020-1254, CVE-2020-1212, CVE-2020-1281, CVE-2020-1293, CVE-2020-1257, CVE-2020-1310|
|Microsoft Windows II||CVE-2020-1247, CVE-2020-1280, CVE-2020-1264, CVE-2020-1266, CVE-2020-1262, CVE-2020-1276, CVE-2020-1269, CVE-2020-1237, CVE-2020-1273, CVE-2020-1275, CVE-2020-1274, CVE-2020-1265, CVE-2020-1282, CVE-2020-1261, CVE-2020-1279, CVE-2020-1258, CVE-2020-1160, CVE-2020-1207, CVE-2020-1251, CVE-2020-1253, CVE-2020-0915, CVE-2020-0916, CVE-2020-1348, CVE-2020-0986, CVE-2020-1208, CVE-2020-1236, CVE-2020-1202, CVE-2020-1203, CVE-2020-1278, CVE-2020-1248, CVE-2020-1299, CVE-2020-1286, CVE-2020-1238, CVE-2020-1304, CVE-2020-1302, CVE-2020-1272, CVE-2020-1277|
|Microsoft Office SharePoint||CVE-2020-1318, CVE-2020-1298, CVE-2020-1297, CVE-2020-1177, CVE-2020-1320, CVE-2020-1183, CVE-2020-1295, CVE-2020-1178, CVE-2020-1181, CVE-2020-1289, CVE-2020-1148, CVE-2020-1323|
To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), including its Patch Priority Index, click here.
Or for PPI and more, you can follow VERT on Twitter: @tripwirevert.