Tripwire's June 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Progress MOVEit.
First on the patch priority list this month are patches for the Progress MOVEit Transfer application. An exploit targeting the MOVEit vulnerability CVE-2023-34362 has been recently added to the Metasploit Exploit Framework.
Next on the patch priority list this month are patches for Microsoft Edge. These patches resolve elevation of privilege, information disclosure, and security feature bypass vulnerabilities.
Up next are patches for Microsoft Office, Outlook, Excel, and OneNote that resolve remote code execution and spoofing vulnerabilities.
Next are patches that affect components of the core Windows operating system. These patches resolve over 35 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, Kernel, iSCSI, Installer, Remote Desktop Client, SMB, CryptoAPI, Pragmatic General Multicast (PGM), and others.
Up next are patches for Visual Studio and .NET that resolve over 20 issues including denial of service, elevation of privilege, remote code execution, and information disclosure vulnerabilities.
Lastly, administrators should focus on server-side patches for Exchange, Dynamics, SharePoint, DNS Server, DHCP Server, Azure DevOps and Hyper-V. These patches resolve numerous issues including remote code execution, spoofing, denial of service, elevation of privilege, and information disclosure vulnerabilities.
|
BULLETIN |
CVE |
|
CVE-2023-34362 |
|
|
CVE-2023-33143, CVE-2023-33145, CVE-2023-29345 |
|
|
CVE-2023-33146 |
|
|
CVE-2023-33131 |
|
|
CVE-2023-33140 |
|
|
CVE-2023-32029, CVE-2023-33133, CVE-2023-33137 |
|
|
CVE-2023-32016, CVE-2023-24937, CVE-2023-24938, CVE-2023-29351, CVE-2023-29362, CVE-2023-29352, CVE-2023-29364, CVE-2023-32009, CVE-2023-29363, CVE-2023-32015, CVE-2023-32014, CVE-2023-29365, CVE-2023-29370, CVE-2023-29361, CVE-2023-29358, CVE-2023-32019, CVE-2023-32022, CVE-2023-29369, CVE-2023-29337, CVE-2023-29368, CVE-2023-32011, CVE-2023-29372, CVE-2023-29367, CVE-2023-29359, CVE-2023-29371, CVE-2023-29360, CVE-2023-32010, CVE-2023-32008, CVE-2023-32017, CVE-2023-32012, CVE-2023-29353, CVE-2023-29346, CVE-2023-29366, CVE-2023-32021, CVE-2023-32018, CVE-2023-29373 |
|
|
CVE-2023-32030, CVE-2023-32032, CVE-2023-33135, CVE-2023-33128, CVE-2023-33126, CVE-2023-24936, CVE-2023-24897, CVE-2023-24895, CVE-2023-27909, CVE-2023-27910, CVE-2023-27911, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007, CVE-2023-29011, CVE-2023-29012, CVE-2023-33139, CVE-2023-29331, CVE-2023-33141, CVE-2023-29326 |
|
|
CVE-2023-32031, CVE-2023-28310 |
|
|
CVE-2023-24896 |
|
|
CVE-2023-33129, CVE-2023-29357, CVE-2023-33142, CVE-2023-33130, CVE-2023-33132 |
|
|
CVE-2023-32020 |
|
|
CVE-2023-29355 |
|
|
CVE-2023-21565, CVE-2023-21569 |
|
|
CVE-2023-32013 |
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
