Patch Priority Index for November 2014


Bulletin CVE




CVE-2014-6323, CVE-2014-6339, CVE-2014-4143




CVE-2014-6332, CVE-2014-6352






CVE-2014-6333, CVE-2014-6334, CVE-2014-6335



Oracle Oct 2014 CPU

CVE-2014-6513, CVE-2014-6532, CVE-2014-6503

Cisco Semiannual IOS Bundle

CVE-2014-3359, CVE-2014-3357, CVE-2014-3358

Tripwire’s November Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Oracle, Cisco, and Adobe.

We start this month with the SChannel bulletin that everyone is talking about. Updating this will likely be at the top of most enterprise checklists. Given that the threat presented is the risk of a remote, unauthenticated attack against server infrastructure, attackers will be putting in over time to successfully exploit this vulnerability.

We follow-up SChannel with this month’s IE update. Internet Explorer is regularly at the top of our list but for the past few months bigger ticket items have overshadowed it. This doesn’t reduce the risk presented by Internet Explorer vulnerabilities, updating IE as quickly as possible is always important for enterprises and end users alike.

With so many Microsoft updates this month, it was hard to determine which ones would fill a Top 10 list, but in the end we used Microsoft’s own classification system. Up next we have critical issues affecting Kerberos, Windows OLE, and XML Core Services. Following those updates, we have the latest Flash update. Keep in mind that Flash was updated twice in the month of November, so your first update may not have caught the latest security issues. Finally, we have one more Microsoft update, this one resolving a number of Office vulnerabilities. Since Office is a popular attack target, it’s worth mentioning here even though it wasn’t rated critical.

The list is finished with three carryovers from last month. Poodle, which people are still talking about, should be identified on systems in your environment and an action plan should be developed. Oracle’s October patch drop was, as always, rather large, so determine which platforms were affected in your enterprise and start testing updates if you haven’t already. Finally, Cisco released their latest update back in September but with so many high priority items lately, we wanted to include this one again for organizations that may have missed the update previously.


Threat Email Updates

Receive the latest Threat Alerts directly in your inbox:

Press Contacts

Cindy Valladares
Director of Corporate Communications