Patch Priority Index For December 2016
|MS16-144||CVE-2016-7202, CVE-2016-7284, CVE-2016-7278, CVE-2016-7279, CVE-2016-7287, CVE-2016-7281, CVE-2016-7283, CVE-2016-7282|
|MS16-145||CVE-2016-7206, CVE-2016-7297, CVE-2016-7288, CVE-2016-7181, CVE-2016-7296, CVE-2016-7279, CVE-2016-7287, CVE-2016-7286, CVE-2016-7281, CVE-2016-7280, CVE-2016-7282|
|MS16-146||CVE-2016-7272, CVE-2016-7273, CVE-2016-7257|
|MS16-148||CVE-2016-7263, CVE-2016-7275, CVE-2016-7298, CVE-2016-7267, CVE-2016-7266, CVE-2016-7265, CVE-2016-7264, CVE-2016-7274, CVE-2016-7262, CVE-2016-7276, CVE-2016-7277, CVE-2016-7289, CVE-2016-7291, CVE-2016-7300, CVE-2016-7257, CVE-2016-7290, CVE-2016-7268|
|APSB-16-39||CVE-2016-7890, CVE-2016-7892, CVE-2016-7869, CVE-2016-7868, CVE-2016-7878, CVE-2016-7879, CVE-2016-7876, CVE-2016-7877, CVE-2016-7867, CVE-2016-7875, CVE-2016-7872, CVE-2016-7873, CVE-2016-7870, CVE-2016-7871, CVE-2016-7880, CVE-2016-7881, CVE-2016-7874|
Tripwire's December 2016 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.
This month we have several bulletins with vulnerabilities that have been publicly disclosed. We recommend starting off this month with Internet Explorer (MS16-144) and the Microsoft Edge browser (MS16-145). CVE2016-7281 and CVE-2016-7282 impact both IE and Edge and both have been publicly disclosed. CVE-2016-7202 for IE and CVE-2016-7206 for Edge have also been publicly disclosed.
Next on the list are a few bulletins that resolve multiple elevation of privilege vulnerabilities. MS16-149 addresses an elevation of privilege vulnerability along with an information disclosure vulnerability in Microsoft Windows. Next is MS16-150, which resolves a single elevation of privilege vulnerability in Secure Kernel Mode for Windows 10 and Server 2016 platforms. Lastly, we have MS16-151 that resolves two elevation of privilege vulnerabilities in Windows Kernel-Mode Drives.
Up next we have MS16-146. MS16-146 resolves two code execution vulnerabilities in the Windows Graphics component. The bulletin also addresses an information disclosure vulnerability in GDI.
Up next we have APSB16-39 (also detailed by MS16-154). APSB16-39 resolves 17 vulnerabilities in Adobe Flash Player, including fixes for use-after-free, buffer overflow, memory corruption, and security bypass vulnerabilities.
Finally for December 2016, we have MS16-147, MS16-148, MS16-152, MS16-153, and MS16-155. These security bulletins provide patches for vulnerabilities in Microsoft Uniscribe, Microsoft Office, Windows Kernel, Common Log File System Driver, and the .NET Framework.