Tripwire's June 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These Adobe Flash patches address type confusion, integer overflow, out-of-bounds read and stack-based buffer overflow vulnerabilities. Note that Adobe is aware of a report that an exploit for CVE-2018-5002 exists in the wild and has been used in targeted attacks against Windows users. Next on the patch priority list this month are patches for Microsoft Browsers, Edge and Scripting Engine. The patches for Internet Explorer resolve a security feature bypass vulnerability and two Memory Corruption vulnerabilities. The patches for Edge resolve memory corruption, information disclosure and security feature bypass vulnerabilities. Finally, the patches for Microsoft Scripting Engine address three memory corruption vulnerabilities, one of which is rated as a 1 on the Microsoft Exploitability Index (Exploitation More Likely). Up next are patches for Microsoft Excel, Office and Outlook. These patches address three elevation of privilege vulnerabilities along with an information disclosure vulnerability and a remote code execution vulnerability. Next are patches for Microsoft SharePiont that resolve two elevation of privilege vulnerabilities, followed by patches for Microsoft Windows. The June patch drop for Microsoft Windows contained patches for 23 vulnerabilities spread across Cortana; HIDParser; HTTP.sys; Media Foundationl; NTFS; Webdav; Win32k; Windows wireless network profile service; Hyper-V; GDI; DNSAPI; Kernel; and Desktop Bridge. These included elevation of privilege, denial of service, memory corruption, information disclosure, and remote code execution vulnerabilities. Last for the month are patches for Microsoft Device Guard, which resolve seven security feature bypass vulnerabilities. To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.
BULLETIN |
CVE |
ADOBE FLASH APSB18-19 |
CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002 |
SCRIPTING ENGINE |
CVE-2018-8229, CVE-2018-8227, CVE-2018-8267 |
BROWSER |
CVE-2018-0978, CVE-2018-8249, CVE-2018-8113 |
EDGE |
CVE-2018-8234, CVE-2018-0871, CVE-2018-8236, CVE-2018-8110, CVE-2018-8111, CVE-2018-8235 |
MICROSOFT EXCEL |
CVE-2018-8246, CVE-2018-8248 |
MICROSOFT OFFICE |
CVE-2018-8247, CVE-2018-8245 |
MICROSOFT OUTLOOK |
CVE-2018-8244 |
MICROSOFT SHAREPOINT |
CVE-2018-8252, CVE-2018-8254 |
MICROSOFT WINDOWS |
CVE-2018-8140, CVE-2018-8169, CVE-2018-8231, CVE-2018-8226, CVE-2018-8219, CVE-2018-8251, CVE-2018-1036, CVE-2018-8175, CVE-2018-8233, CVE-2018-1040, CVE-2018-8225, CVE-2018-8205, CVE-2018-8208, CVE-2018-8214, CVE-2018-0982, CVE-2018-8239, CVE-2018-8218, CVE-2018-8224, CVE-2018-8207, CVE-2018-8121, CVE-2018-8210, CVE-2018-8213, CVE-2018-8209 |
DEVICE GUARD |
CVE-2018-8201, CVE-2018-8215, CVE-2018-8217, CVE-2018-8216, CVE-2018-8211, CVE-2018-8212, CVE-2018-8221 |