Tripwire's August 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.
First on the patch priority list this month are patches for Microsoft Office, Excel, Visio, Teams, and Outlook. The patches resolve 10 issues including remote code execution, information disclosure, security feature bypass, and spoofing vulnerabilities.
Up next is a patch for Windows Defender that resolves an elevation of privilege vulnerability.
Next are patches that affect components of the core Windows operating system. These patches resolve over 35 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, Kernel, Message Queuing, Cryptographic services, Common Log File System, LDAP, Bluetooth A2DP Driver, and many others.
Up next are patches for Visual Studio, .NET, ASP.net, and .NET Framework that resolve elevation of privilege, remote code execution, denial of service, and spoofing vulnerabilities.
Lastly, administrators should focus on server-side patches for Dynamics, SharePoint, Azure DevOps Server, Hyper-V, SQL Server, Dynamics Business Central Control, and Exchange. These patches resolve numerous issues including remote code execution, spoofing, elevation of privilege, and information disclosure vulnerabilities.
|
BULLETIN |
CVE |
|
CVE-2023-36895, CVE-2023-36893 |
|
|
CVE-2023-35372, CVE-2023-36865, CVE-2023-36866 |
|
|
CVE-2023-29330, CVE-2023-29328 |
|
|
CVE-2023-36896, CVE-2023-35371 |
|
|
CVE-2023-36897 |
|
|
CVE-2023-38175 |
|
|
CVE-2023-35387, CVE-2023-38184, CVE-2023-36882, CVE-2023-38186, CVE-2023-36889, CVE-2023-36914, CVE-2023-35384, CVE-2023-36904, CVE-2023-35381, CVE-2023-36900, CVE-2023-36876, CVE-2023-35379, CVE-2023-36898, CVE-2023-20569, CVE-2023-36907, CVE-2023-36906, CVE-2023-35378, CVE-2023-38170, CVE-2023-36905, CVE-2023-35377, CVE-2023-35376, CVE-2023-36912, CVE-2023-38254, CVE-2023-36909, CVE-2023-38172, CVE-2023-35383, CVE-2023-36913, CVE-2023-36910, CVE-2023-36911, CVE-2023-35385, CVE-2023-36903, CVE-2023-35359, CVE-2023-38154, CVE-2023-35380, CVE-2023-35382, CVE-2023-35386 |
|
|
CVE-2023-35391, CVE-2023-38180, CVE-2023-36873, CVE-2023-38178, CVE-2023-35390, CVE-2023-36899 |
|
|
CVE-2023-36869 |
|
|
CVE-2023-35389 |
|
|
CVE-2023-36890, CVE-2023-36894, CVE-2023-36891, CVE-2023-36892 |
|
|
CVE-2023-36908 |
|
|
CVE-2023-38169 |
|
|
CVE-2023-38167 |
|
|
CVE-2023-35368, CVE-2023-21709, CVE-2023-35388, CVE-2023-38182, CVE-2023-38185, CVE-2023-38181 |
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
