Tripwire’s July 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.
First on the patch priority list this month are patches for Microsoft’s Internet Explorer, Edge, and Scripting Engine. These patches resolve 22 vulnerabilities, including fixes for security feature bypass, information disclosure, and memory corruption vulnerabilities. This set of vulnerabilities includes CVE-2018-8278, a Microsoft Edge spoofing vulnerability, that Microsoft rated as “Exploitation More Likely”.
Next on the patch priority list this month are patches released by Adobe and described in the APSB18-24 security bulletin. This patch set includes fixes for vulnerabilities in Adobe Flash Player for windows, Macintosh, linux, and Chrome OS. The patches address type confusion and out-of-bounds read vulnerabilities.
Up next are patches for Adobe Reader and Acrobat described in the APSB18-21 security bulletin. Get ready because these patches address over 100 critical and important vulnerabilities in Adobe Acrobat and Reader for Windows and macOS. The patches address double-free, heap overflow, use-after-free, out-of-bounds write, out-of-bounds read, security feature bypass, type confusion, and untrusted pointer dereference vulnerabilities.
Up next are patches for Microsoft Access and Microsoft Office. These patches address two remote code execution vulnerabilities and one tampering vulnerability.
Next are patches for Microsoft SharePoint that resolve two elevation of privilege vulnerabilities and one remote code execution vulnerability.
Next are patches for Microsoft Windows. The July patch drop for Microsoft Windows contains patches for 9 vulnerabilities spread across Device Guard, Win32k.sys, DNSAPI, Windows FTP, WordPad, and Windows Kernel. These included elevation of privilege, denial of service, and security feature bypass vulnerabilities. Note that this includes CVE-2018-8313 and CVE-2018-8314, which Microsoft rates as “Exploitation More Likely”.
Last for the month are patches for Microsoft Lync, Skype for Business, .NET Framework, ASP.NET, and Visual Studio, which resolve elevation of privilege, remote code execution, remote (Read more...)