Patch Priority Index for December 2014


Bulletin CVE


CVE-2014-6327, CVE-2014-6328, CVE-2014-6329




CVE-2014-0580, CVE-2014-0587, CVE-2014-8443


CVE-2014-9165, CVE-2014-8445, CVE-2014-9150


CVE-2014-6356, CVE-2014-6357




CVE-2014-6360, CVE-2014-6361


CVE-2014-6319, CVE-2014-6325, CVE-2014-6326



Oracle Oct 2014 CPU

CVE-2014-6513, CVE-2014-6532, CVE-2014-6503

Tripwire’s December Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Oracle, and Adobe.

We start off the finally Patch Priority Index of 2014 with the (hopefully) final Internet Explorer update of the year. This update resolves 14 vulnerabilities and while most of them are typical memory corruption vulnerabilities, there’s one vulnerability worth discussing. CVE-2014-6363 is fixed by both MS14-080 and MS14-084, depending on your platform. Users of Internet Explorer 6, 7, and 8 will need to install MS14-084 (and MS14-080 for other Internet Explorer vulnerabilities) while users of Internet Explorer 9, 10, and 11 only need to install MS14-080.

Up next, we have a couple of updates from Adobe resolving vulnerabilities in Flash Player and Reader / Acrobat. Most users are used to these patches due to their frequency – Adobe has almost reached a monthly patch cadence – so there’s nothing unexpected with the two of these.

Up next we have three Microsoft Office bulletins. We have updates for Word, Excel, and Microsoft Office Components this month and all three bulletins describe file-parsing vulnerabilities. Again, there’s not a lot of surprise here, since most people expect Office patches on a regular basis.

The final new bulletin this month is a bulletin we expected to see last month, resolving four bulletins in Exchange and, more specifically, OWA.

Ending the list this month, we have a few reminder items. The first is M14-066, which was reissued in December and contains a critical fix for Microsoft SChannel. The other is a reminder of the Oracle October 2014 CPU, which contained numerous patches for multiple products.

Happy Patching! We’ll see you in 2015!


Threat Email Updates

Receive the latest Threat Alerts directly in your inbox:

Press Contacts

Cindy Valladares
Director of Corporate Communications