Tripwire's August 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google.
First on the list are patches for Microsoft Edge and Google Chromium that resolve 12 vulnerabilities, including information disclosure, remote code execution, and memory corruption vulnerabilities.
Up next are patches for Microsoft Outlook, PowerPoint, Visio, Excel, Project, and Office that resolve remote code execution, elevation of privilege, and spoofing vulnerabilities.
Up next are patches for Adobe Reader and Acrobat. These patches resolve 12 issues, including arbitrary code execution, elevation of privilege, and information disclosure vulnerabilities.
Next are patches that affect components of the core Windows operating system. These patches resolve over 65 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, Layer-2 Bridge Network Driver, Secure Boot, LSA, Network Virtualization, Win32k, Mark of the Web, DWM core, and others.
Next up are patches for .NET and Visual Studio that resolve information disclosure and denial of service vulnerabilities.
Lastly, administrators should focus on server-side patches for Windows DNS and Dynamics. These patches resolve spoofing and cross-site scripting vulnerabilities.
| BULLETIN | CVE |
|---|---|
| Microsoft Edge (Chromium-based) and Chromium | CVE-2024-6990, CVE-2024-7255, CVE-2024-7256, CVE-2024-7550, CVE-2024-7532, CVE-2024-7533, CVE-2024-7534, CVE-2024-7535, CVE-2024-7536, CVE-2024-38222, CVE-2024-38219, CVE-2024-38218 |
| Microsoft Office Outlook | CVE-2024-38173 |
| Microsoft Office PowerPoint | CVE-2024-38171 |
| Microsoft Office Visio | CVE-2024-38169 |
| Microsoft Office Excel | CVE-2024-38172, CVE-2024-38170 |
| Microsoft Office Project | CVE-2024-38189 |
| Microsoft Office | CVE-2024-38200, CVE-2024-38084 |
| APSB24-57: Adobe Reader and Acrobat | CVE-2024-39383, CVE-2024-39422, CVE-2024-39423, CVE-2024-39424, CVE-2024-39425, CVE-2024-39426, CVE-2024-41830, CVE-2024-41831, CVE-2024-41832, CVE-2024-41833, CVE-2024-41834, CVE-2024-41835 |
| Microsoft Windows I | CVE-2024-38138, CVE-2024-38161, CVE-2024-38107, CVE-2024-38165, CVE-2024-38118, CVE-2024-38122, CVE-2024-38137, CVE-2024-38136, CVE-2024-38115, CVE-2024-38114, CVE-2024-38116, CVE-2024-38144, CVE-2024-38125, CVE-2024-38134, CVE-2022-2601, CVE-2022-3775, CVE-2023-40547, CVE-2024-38213, CVE-2024-38131, CVE-2024-38123, CVE-2024-38140, CVE-2024-38143, CVE-2024-38159, CVE-2024-38160, CVE-2024-38141, CVE-2024-38193, CVE-2024-38127, CVE-2024-38153, CVE-2024-38106, CVE-2024-38133, CVE-2024-38151, CVE-2024-38147, CVE-2024-38150 |
| Microsoft Windows II | CVE-2024-38142, CVE-2024-21302, CVE-2024-38180, CVE-2024-38146, CVE-2024-38145, CVE-2024-38206, CVE-2024-38126, CVE-2024-38132, CVE-2024-38178, CVE-2024-38152, CVE-2024-38155, CVE-2024-38148, CVE-2024-38223, CVE-2024-38214, CVE-2024-38154, CVE-2024-38120, CVE-2024-38121, CVE-2024-38128, CVE-2024-38130, CVE-2024-29995, CVE-2024-38063, CVE-2024-38163, CVE-2024-38202, CVE-2024-38191, CVE-2024-38186, CVE-2024-38187, CVE-2024-38184, CVE-2024-38185, CVE-2024-38198, CVE-2024-38135, CVE-2024-38199, CVE-2024-38215, CVE-2024-38196, CVE-2024-38117, CVE-2024-38177 |
| .NET and Visual Studio | CVE-2024-38168, CVE-2024-38167 |
| Microsoft Windows DNS | CVE-2024-37968 |
| Microsoft Dynamics | CVE-2024-38211, CVE-2024-38166 |
