Tripwire's December 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Citrix, Microsoft, Django, and Adobe. Critical Vulnerabilities: Up first on the patch priority list this month is a critical arbitrary code execution vulnerability for the Citrix ADC application. In particular, Citrix ADC and Citrix Gateway (formerly NetScaler) can be exploited by a remote attacker...

Tripwire’s November 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, Linux Kernel and Adobe. Exploit Alert: Metasploit First, on the patch priority list, this month are vulnerabilities that have been recently added to Metasploit. Two vulnerabilities, identified by CVE-2019-11539 and CVE-2019-11510 that affect the Pulse Connect Secure product have...

Tripwire's October 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, Linux Kernel and Adobe. Exploit Alert: Metasploit First on the patch priority list this month are vulnerabilities that have been recently add to Metasploit. CVE-2019-13272 is a Linux kernel vulnerability; proof-of-concept code capable of exploiting the vulnerability has been added...

Tripwire's September 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. Exploit Framework Alert A Metasploit Exploit module that targets Windows Remote Desktop Services has been recently released. This exploit module targets CVE-2019-0708 for the so-called “BlueKeep” vulnerability. This vulnerability impacts Windows Server 2008, Windows 7, and...

Tripwire's August 2019 Patch Priority Index (PPI) brings together important security vulnerabilities from Microsoft and Adobe. First on the Patch Priority Index are patches for Microsoft's Browser and Scripting Engine. These patches resolve 12 vulnerabilities including fixes for memory corruption, information disclosure and security feature bypass vulnerabilities. Next on the PPI are patches for...

Tripwire's July 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Oracle. First on the list for July are patches for Microsoft's Browser and Scripting Engine. These patches resolve 11 vulnerabilities including fixes for Memory Corruption weaknesses. Next on the list are patches for Microsoft Excel and Office. These patches resolve three vulnerabilities...

Tripwire's June 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, and Adobe. First and most importantly this month are patches available to resolve 2 deserialization vulnerabilities in Oracle WebLogic. These vulnerabilities are identified as CVE-2019-2725 and CVE-2019-2729. Both of these vulnerabilities allow remote code execution over a network and...

Tripwire's May 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. First and most importantly this month are the patches available to resolve the BlueKeep (CVE-2019-0708) Remote Desktop Services remote code execution vulnerability. As noted by Microsoft: [This] remote code execution vulnerability exists in Remote Desktop Services – formerly known as...

Tripwire's April 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Oracle. First on the patch priority list this month are patches for Microsoft's Browser and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Browser Tampering, and Information Disclosure vulnerabilities. Next on the list are patches...

Tripwire's March 2019 Patch Priority Index (PPI) brings together the top vulnerabilities for March 2019. First on the patch priority list this month are patches for Microsoft's Browser, Scripting Engine and VBScript. These patches resolve 23 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege, Security Feature Bypass and Remote Code Execution vulnerabilities. Next on the...

Tripwire's February 2019 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Browser and Scripting Engine. These patches resolve 23 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege, Spoofing, Security Feature Bypass and Information Disclosure...

Tripwire's January 2019 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe and Oracle. First on the patch priority list this month are patches for Microsoft's Browser and Scripting Engine. These patches resolve six vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege and Remote Code Execution vulnerabilities. Next on the list are...

Tripwire's December 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer and Scripting Engine. These patches resolve nine vulnerabilities, including fixes for Memory Corruption and Remote Code Execution (RCE) vulnerabilities. Next on the list are patches for Adobe...

You don’t have to look hard to find organizations utilizing a small fraction of the capabilities of a vulnerability management tool. Often, that’s because the focus is on meeting a compliance obligation. For example, PCI DSS 3.2.1 says, “11.2.1 – Perform quarterly internal vulnerability scans.” It’s difficult to learn the capabilities of a tool running quarterly. At the same time, the importance...

Tripwire's November 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege (EoP), Spoofing and Information Disclosure vulnerabilities...

Tripwire's October 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from libssh, Microsoft and Oracle. First on the patch priority list this month is an authentication bypass vulnerability in libssh. This vulnerability can be exploited remotely, and exploit code has recently been added to Metasploit. Next are patches for Microsoft's Internet Explorer, Edge and Scripting...

Tripwire's September 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge and Scripting Engine. These patches resolve 18 vulnerabilities, including fixes for Elevation of Privilege, Information Disclosure, Memory Corruption, Security Feature Bypass and...

Tripwire's August 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge, and Scripting Engine. These patches resolve 21 vulnerabilities, including fixes for Remote Code Execution, Elevation of Privilege, Information Disclosure, Memory Corruption, Security...

Tripwire's July 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge and Scripting Engine. These patches resolve 22 vulnerabilities, including fixes for security feature bypass, information disclosure, and memory corruption vulnerabilities. This set of...

Tripwire's June 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These Adobe Flash patches address type confusion, integer overflow, out-of-bounds read and stack-based buffer overflow vulnerabilities. Note that Adobe is aware...