Patch Priority Index For December 2016

MS16-144 CVE-2016-7202, CVE-2016-7284, CVE-2016-7278, CVE-2016-7279, CVE-2016-7287, CVE-2016-7281, CVE-2016-7283, CVE-2016-7282
MS16-145 CVE-2016-7206, CVE-2016-7297, CVE-2016-7288, CVE-2016-7181, CVE-2016-7296, CVE-2016-7279, CVE-2016-7287, CVE-2016-7286, CVE-2016-7281, CVE-2016-7280, CVE-2016-7282
MS16-146 CVE-2016-7272, CVE-2016-7273, CVE-2016-7257
MS16-147 CVE-2016-7274
MS16-148 CVE-2016-7263, CVE-2016-7275, CVE-2016-7298, CVE-2016-7267, CVE-2016-7266, CVE-2016-7265, CVE-2016-7264, CVE-2016-7274, CVE-2016-7262, CVE-2016-7276, CVE-2016-7277, CVE-2016-7289, CVE-2016-7291, CVE-2016-7300, CVE-2016-7257, CVE-2016-7290, CVE-2016-7268
MS16-149 CVE-2016-7292, CVE-2016-7219
MS16-150 CVE-2016-7271
MS16-151 CVE-2016-7259, CVE-2016-7260
MS16-152 CVE-2016-7258
MS16-153 CVE-2016-7295
APSB-16-39 CVE-2016-7890, CVE-2016-7892, CVE-2016-7869, CVE-2016-7868, CVE-2016-7878, CVE-2016-7879, CVE-2016-7876, CVE-2016-7877, CVE-2016-7867, CVE-2016-7875, CVE-2016-7872, CVE-2016-7873, CVE-2016-7870, CVE-2016-7871, CVE-2016-7880, CVE-2016-7881, CVE-2016-7874
MS16-155 CVE-2016-7270

Tripwire's December 2016 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.

This month we have several bulletins with vulnerabilities that have been publicly disclosed. We recommend starting off this month with Internet Explorer (MS16-144) and the Microsoft Edge browser (MS16-145). CVE2016-7281 and CVE-2016-7282 impact both IE and Edge and both have been publicly disclosed. CVE-2016-7202 for IE and CVE-2016-7206 for Edge have also been publicly disclosed.

Next on the list are a few bulletins that resolve multiple elevation of privilege vulnerabilities. MS16-149 addresses an elevation of privilege vulnerability along with an information disclosure vulnerability in Microsoft Windows. Next is MS16-150, which resolves a single elevation of privilege vulnerability in Secure Kernel Mode for Windows 10 and Server 2016 platforms. Lastly, we have MS16-151 that resolves two elevation of privilege vulnerabilities in Windows Kernel-Mode Drives.

Up next we have MS16-146. MS16-146 resolves two code execution vulnerabilities in the Windows Graphics component. The bulletin also addresses an information disclosure vulnerability in GDI.

Up next we have APSB16-39 (also detailed by MS16-154). APSB16-39 resolves 17 vulnerabilities in Adobe Flash Player, including fixes for use-after-free, buffer overflow, memory corruption, and security bypass vulnerabilities.

Finally for December 2016, we have MS16-147, MS16-148, MS16-152, MS16-153, and MS16-155. These security bulletins provide patches for vulnerabilities in Microsoft Uniscribe, Microsoft Office, Windows Kernel, Common Log File System Driver, and the .NET Framework.