Patch Priority Index for January 2017
|MS17-003/APSB17-02||CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938|
|cpujan2017-2881727.html||CVE-2016-2183,CVE-2016-5546,CVE-2016-5547,CVE-2016-5548,CVE-2016-5549,CVE-2016-5552,CVE-2016-8328,CVE-2017-3231,CVE-2017-32 41,CVE-2017-3252,CVE-2017-3253,CVE-2017-3259,CVE-2017-3260,CVE-2017-3261,CVE-2017-3262,CVE-2017-3272,CVE-2017-3289,CVE-2016 -8328|
|APSB17-01||CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2942, CVE-2017-2943, CVE-2017-2944, CVE-2017-2945, CVE-2017-2946, CVE-2017-2947, CVE-2017-2948, CVE-2017-2949, CVE-2017-2950, CVE-2017-2951, CVE-2017-2952, CVE-2017-2953, CVE-2017-2954, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2959, CVE-2017-2960, CVE-2017-2961, CVE-2017-2962, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2966, CVE-2017-2967, CVE-2017-2970, CVE-2017-2971, CVE-2017-2972|
Tripwire's January 2017 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, Oracle, and Cisco.
System administrators responsible for Microsoft products can rest easy this month as Microsoft only released 4 bulletins for the month of January (and one of those was the combined Adobe Flash Player bulletin).
This month we start the priority list with Cisco and their WebEx Browser Extension. A critical Remote Code Execution vulnerability was discovered by Google Project Zero. This vulnerability is identified by CVE-2017-3823 and allows unauthenticated, remote malicious actors to execute arbitrary code on targeted systems.
Next on the list is MS17-001 that addresses an elevation of privilege vulnerability in Microsoft Edge. This should be followed by MS17-002 and MS17-003. MS17-002 addresses a memory corruption vulnerability in Microsoft Word 2016 and SharePoint Enterprise Server 2016. MS17-003 is the combined Adobe Flash Player bulletin APSB17-02. These bulletins address 13 vulnerabilities in Adobe Flash Player and resolves issues such as security bypass, use-after-free, heap buffer overflows, and memory corruption.
Up next we have Oracle Java. Oracle's January critical patch update released updates to Java that resolved 19 vulnerabilities. Oracle Java should be followed APSB17-01, which addresses 32 vulnerabilities in Adobe Acrobat and Reader. Last on the list for January is MS17-004 that addresses a single Denial of Service vulnerability in the Windows Local Security Authority Subsystem Service.