Patch Priority Index for April 2014


Bulletin CVE




CVE-2014-0235, CVE-2014-1751, CVE-2014-1752


CVE-2014-0506, CVE-2014-0507, CVE-2014-0508


CVE-2014-1757, CVE-2014-1758, CVE-2014-1761









Oracle Java Update

CVE-2014-0410, CVE-2014-0415, CVE-2013-5907

Oracle CPU

CVE-2013-5764, CVE-2013-5853, CVE-2013-5858

Tripwire’s April Patch Priority Index (PPI) brings together the top vulnerabilities from OpenSSL, Microsoft, Adobe, and Oracle.

This month’s PPI starts off with a bang, the Heartbleed vulnerability is currently at the top of everyone’s MUST patch list and with good reason, it is a widespread critical vulnerability. If you haven’t heard of Heartbleed, you’re most likely living in a swamp in Dagobah and training Jedi. This vulnerability is an information leak involving the heartbeat message. It is recommended you review the link above to determine if your systems are vulnerable.

Following Heartbleed, we get into our first Microsoft patch, an update to Internet Explorer. This goes nicely with the third update this month, which applies to Flash (remember that IE 11 ships with Flash and requires it’s own update). Both of these could lead to drive-by attacks and should be considered critical for all end user systems.

The next three bulletins resolve the remaining Microsoft issues addressed in April. These include a Word update (including SharePoint Word Services), Publisher, and a Windows File Handling issue. While these are important to patch, they don’t exist on the same level as the first three issues this month.

Rounding out the month are four “reminder” patches from previous months. This includes a Microsoft drive-by attack, an Adobe shockwave update, and the Oracle Updates for both Java and Everything (aka Oracle CPU). If you haven’t patched your Oracle products yet, this is the last time the Patch Priority Index will remind you, these patches should still be considered a priority.

One final reminder that support is officially over for Windows XP and Office 2003. If you’re still using either of these products, you should upgrade as soon as possible.

Happy Patching!


Threat Email Updates

Receive the latest Threat Alerts directly in your inbox:

Press Contacts

Cindy Valladares
Director of Corporate Communications