Patch Priority Index for May 2014


Bulletin CVE


CVE-2014-0310, CVE-2014-1815


CVE-2014-0511, CVE-2014-0512, CVE-2014-0513


CVE-2014-0510, CVE-2014-0516, CVE-2014-0517




CVE-2014-1808, CVE-2014-1756


CVE-2014-0251, CVE-2014-1754, CVE-2014-1813








CVE-2014-0235, CVE-2014-1751, CVE-2014-1752

Tripwire’s May Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, and OpenSSL.

This month starts off with the latest IE update. This update contains fixes for it’s own bulletin (MS14-029) as well as MS14-021 but it is not a cumulative update, which is why you’ll find mention of MS14-018 at the end of this month’s list. MS14-021 contained an OOB fix and one of the vulnerabilities in MS14-029 was used in targeted attacks, so applying this patch should be top priority.

Next we shift gears to Adobe, before getting to some interesting but less severe Microsoft patches. This month two Adobe patches have made the list, one for Reader/Acrobat and one for Flash.  While it’s not a patch in the above list, has a great article on why you should abandon Shockwave.

Up next is a slew of Microsoft patches. We have fixes for an ASLR bypass, a known method of obtaining domain credentials, a privilege escalation used by malware, and a couple of others. It’s an interesting group but other than the SharePoint patch Microsoft has marked everything important. Given how many of these items have been used publicly, it’s definitely worth applying this set of updates.

We end the month with the April Cumulative IE update (as mentioned above) but before that we have mention of Heartbleed again. This bug continued to exist and needs to be swatted with the biggest fly swatter we can find. If you haven’t updated your OpenSSL implementations, it’s advisable that you look into it this month.

Happy Patching!


Threat Email Updates

Receive the latest Threat Alerts directly in your inbox:

Press Contacts

Cindy Valladares
Director of Corporate Communications