Tripwire Patch Priority Index for October 2018

Image

Tripwire's October 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from libssh, Microsoft and Oracle. First on the patch priority list this month is an authentication bypass vulnerability in libssh. This vulnerability can be exploited remotely, and exploit code has recently been added to Metasploit. Next are patches for Microsoft's Internet Explorer, Edge and Scripting Engine. These patches resolve 11 vulnerabilities, including fixes for Memory Corruption and Security Feature Bypass vulnerabilities. Up next are patches for Microsoft Office. Those include fixes for three remote code execution vulnerabilities, one each in Excel, PowerPoint and Word. Next on the list are the patches for Microsoft Windows. These patches address numerous vulnerabilities across Device Guard, DirectX Graphics Kernel, Windows Kernel, MS XML, Graphics component, JET Database Engine, Windows GDI, Hyper-V, Windows Subsystem for Linux, DNS, Media Player, TCP/IP and Theme. Note that CVE-2018-8453 is a privilege escalation vulnerability in Win32k’s handling of objects in memory, and it has been exploited in the wild. According to ZDNet, the exploit has been used by a nation-state cyber-espionage group known as FruityArmor. Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) on their latest Windows release, while active exploitation has been detected on older releases. Next, users should focus on the patches for Microsoft SharePoint and Exchange Server. These patches resolve Elevation of Privilege, Insecure Library Loading and Remote Code Execution vulnerabilities. Last on the list this month are patches for Oracle Java and Oracle Database. These patches address vulnerabilities in Java SE versions 6u201, 7u191, 8u181 and 11 along with Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.