Tripwire's August 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Apple. Up first on the patch priority list this month are patches for Microsoft and Apple for vulnerabilities that have been integrated into various exploits. Metasploit has recently added exploits for Microsoft .NET Framework, SharePoint Server, and Visual studio (CVE-2020-1147) along with two vulnerabilities impacting various Apple products (CVE-2018-4162 and CVE-2016-4669), including macOS, iOS, iCloud, iTunes, and tvOS. Patches should be applied to these systems as soon as possible. Up next on the patch priority list this month are patches for Microsoft Scripting Engine, Internet Explorer, and Microsoft Edge. These patches resolve 6 vulnerabilities, including remote code execution and memory corruption vulnerabilities. Next on the list are patches for Microsoft Office, Word, Outlook, Excel, and Access, which resolve 13 vulnerabilities including information disclosure, memory corruption, and remote code execution vulnerabilities. Up next are patches for Adobe Reader and Acrobat. These patches resolve 26 issues including memory leak, privilege escalation, arbitrary code execution, security feature bypass, denial of service, and information disclosure vulnerabilities. Next this month are patches that affect components of the Windows operating systems. These patches resolve more than 70 vulnerabilities, including denial of service, elevation of privilege, information disclosure, remote code execution, and memory corruption vulnerabilities. These vulnerabilities affect Connected User Experiences and Telemetry Service, core Windows, Jet Database Engine, WalletService, DirectWrite, Media Foundation, Netlogon, GDI, Windows Speech Runtime, DirectX, Print Spooler, and Image Acquisition Service. Up next is are patches for .NET Framework that resolve remote code execution and elevation of privilege vulnerabilities. Finally, administrators should focus on server-side patches available for Microsoft Dynamics and SharePoint. These patches resolve 7 issues, including cross-site scripting, information disclosure, and spoofing vulnerabilities.
BULLETIN | CVE |
Exploit Framework - Metasploit | CVE-2020-1147, CVE-2018-4162, CVE-2016-4669 |
Microsoft Edge | CVE-2020-1569, CVE-2020-1568 |
Internet Explorer | CVE-2020-1567 |
Microsoft Scripting Engine | CVE-2020-1555, CVE-2020-1570, CVE-2020-1380 |
Microsoft Office | CVE-2020-1582, CVE-2020-1497, CVE-2020-1496, CVE-2020-1495, CVE-2020-1494, CVE-2020-1498, CVE-2020-1504, CVE-2020-1563, CVE-2020-1493, CVE-2020-1483, CVE-2020-1583, CVE-2020-1503, CVE-2020-1502 |
APSB20-48: Adobe Reader and Acrobat | CVE-2020-9697, CVE-2020-9714, CVE-2020-9693, CVE-2020-9694, CVE-2020-9696, CVE-2020-9712, CVE-2020-9702, CVE-2020-9703, CVE-2020-9723, CVE-2020-9705, CVE-2020-9706, CVE-2020-9707, CVE-2020-9710, CVE-2020-9716, CVE-2020-9717, CVE-2020-9718, CVE-2020-9719, CVE-2020-9720, CVE-2020-9721, CVE-2020-9698, CVE-2020-9699, CVE-2020-9700, CVE-2020-9701, CVE-2020-9704, CVE-2020-9715, CVE-2020-9722 |
Microsoft Windows I | CVE-2020-1511, CVE-2020-1509, CVE-2020-1459, CVE-2020-1587, CVE-2020-1488, CVE-2020-1551, CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1545, CVE-2020-1541, CVE-2020-1540, CVE-2020-1543, CVE-2020-1542, CVE-2020-1544, CVE-2020-1547, CVE-2020-1546, CVE-2020-1534, CVE-2020-1550, CVE-2020-1549, CVE-2020-1489, CVE-2020-1513, CVE-2020-1527, CVE-2020-1518, CVE-2020-1517, CVE-2020-1520, CVE-2020-1579, CVE-2020-1480, CVE-2020-1467, CVE-2020-1485, CVE-2020-1486, CVE-2020-1566, CVE-2020-1526, CVE-2020-1383, CVE-2020-1528, CVE-2020-1537, CVE-2020-1530, CVE-2020-1553 |
Microsoft Windows II | CVE-2020-1475, CVE-2020-1464, CVE-2020-1512, CVE-2020-1490, CVE-2020-1515, CVE-2020-1519, CVE-2020-1538, CVE-2020-1552, CVE-2020-1484, CVE-2020-1470, CVE-2020-1516, CVE-2020-1584, CVE-2020-1556, CVE-2020-1533, CVE-2020-1487, CVE-2020-1554, CVE-2020-1525, CVE-2020-1379, CVE-2020-1339, CVE-2020-1472, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564, CVE-2020-1473, CVE-2020-1577, CVE-2020-1562, CVE-2020-1561, CVE-2020-1510, CVE-2020-1529, CVE-2020-1522, CVE-2020-1521, CVE-2020-1524, CVE-2020-1479, CVE-2020-1417, CVE-2020-1578, CVE-2020-1492, CVE-2020-1531, CVE-2020-1565, CVE-2020-1377, CVE-2020-1378, CVE-2020-1466, CVE-2020-1548, CVE-2020-1337, CVE-2020-1477, CVE-2020-1478, CVE-2020-1474 |
.NET Framework | CVE-2020-1046, CVE-2020-1476 |
Microsoft Dynamics | CVE-2020-1591 |
Microsoft Office SharePoint | CVE-2020-1573, CVE-2020-1580, CVE-2020-1505, CVE-2020-1499, CVE-2020-1501, CVE-2020-1500 |