Tripwire's May 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft Browsers and Scripting Engine. The patches for Internet Explorer resolve a security feature bypass vulnerability and the patches for Edge resolve memory corruption, information disclosure, and security feature bypass vulnerabilities. The patches for Microsoft Scripting Engine address 16 memory corruption vulnerabilities. Next on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux, and Chrome OS. These Adobe Flash patches address a type confusion vulnerability, which if exploited can lead to arbitrary code execution. Up next are patches for Microsoft Windows. These patches address 20 vulnerabilities, including security feature bypass, information disclosure, denial of service, elevation of privilege, and remote code execution vulnerabilities. Next, administrators should focus on the patches available for Microsoft Office, Microsoft Excel, Microsoft InfoPath, Microsoft Outlook, and Microsoft Developer Tools. These patches fix information disclosure, remote code execution, and security feature bypass, and denial of service vulnerabilities. Last but not least for this month, administrators should focus on patches available for Microsoft SharePoint and Exchange Server. These patches resolve elevation of privilege, memory corruption, and spoofing vulnerabilities. To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.
BULLETIN |
CVE |
Microsoft Browser |
CVE-2018-8126, CVE-2018-1025, CVE-2018-8178, CVE-2018-1021, CVE-2018-8123, CVE-2018-8179, CVE-2018-8112 |
Microsoft Scripting Engine |
CVE-2018-8145, CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8128, CVE-2018-8122, CVE-2018-1022, CVE-2018-0951, CVE-2018-8139, CVE-2018-0945, CVE-2018-0946, CVE-2018-8137, CVE-2018-8114, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955 |
Adobe Flash APSB18-16 |
CVE-2018-4944 |
Windows |
CVE-2018-8165, CVE-2018-0959, CVE-2018-0961, CVE-2018-0824, CVE-2018-8166, CVE-2018-8120, CVE-2018-8124, CVE-2018-8164, CVE-2018-8167, CVE-2018-8134, CVE-2018-8170, CVE-2018-8897, CVE-2018-8141, CVE-2018-8127, CVE-2018-8136, CVE-2018-8129, CVE-2018-8132, CVE-2018-0854, CVE-2018-0958, CVE-2018-8174 |
Microsoft Excel |
CVE-2018-8163, CVE-2018-8162, CVE-2018-8147, CVE-2018-8148 |
Microsoft InfoPath |
CVE-2018-8173 |
Microsoft Office |
CVE-2018-8161, CVE-2018-8158, CVE-2018-8157 |
Microsoft Outlook |
CVE-2018-8160 |
.NET |
CVE-2018-1039, CVE-2018-0765 |
Microsoft SharePoint |
CVE-2018-8168, CVE-2018-8149, CVE-2018-8155, CVE-2018-8156 |
Exchange Server |
CVE-2018-8159, CVE-2018-8154, CVE-2018-8151, CVE-2018-8152, CVE-2018-8153 |