Tripwire's May 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe.
First on the list this month is a patch for Microsoft Windows Error Reporting (CVE-2024-26169). This CVE is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
Next on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use after free, heap buffer overflow, and spoofing vulnerabilities.
Next on the patch priority list this month is a patch for Microsoft Excel that resolves a remote code execution vulnerability.
Up next are patches for Adobe Reader and Acrobat that resolve arbitrary code execution and memory leak vulnerabilities.
Next are patches that affect components of the core Windows operating system. These patches resolve over 45 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, CLFS, Mobile Broadband, Mark of the Web, DWM Core, MSHTML, RRAS, Bing, NTFS, Cryptographic Services, and others.
Next up are patches for .NET and Visual Studio Code that resolve remote code execution and denial of service vulnerabilities.
Lastly, administrators should focus on server-side patches for SharePoint, Hyper-V, and DHCP. These patches resolve numerous issues, including remote code execution, information disclosure, and denial of service vulnerabilities.
| BULLETIN | CVE |
|---|---|
| Microsoft Error Reporting - KEV | CVE-2024-26169 |
| Microsoft Edge (Chromium-based) | CVE-2024-4331, CVE-2024-4368, CVE-2024-4558, CVE-2024-4559, CVE-2024-4671, CVE-2024-30055 |
| Microsoft Office Excel | CVE-2024-30042 |
| APSB24-29: Adobe Reader and Acrobat | CVE-2024-30284, CVE-2024-30310, CVE-2024-34094, CVE-2024-34095, CVE-2024-34096, CVE-2024-34097, CVE-2024-34098, CVE-2024-34099, CVE-2024-34100, CVE-2024-30311, CVE-2024-30312, CVE-2024-34101 |
| Microsoft Windows | CVE-2024-30007, CVE-2024-30016, CVE-2024-30020, CVE-2024-29996, CVE-2024-30025, CVE-2024-30037, CVE-2024-29999, CVE-2024-29998, CVE-2024-30012, CVE-2024-29997, CVE-2024-30001, CVE-2024-30005, CVE-2024-30004, CVE-2024-30003, CVE-2024-30002, CVE-2024-30000, CVE-2024-30021, CVE-2024-30050, CVE-2024-30034, CVE-2024-30030, CVE-2024-30018, CVE-2024-30051, CVE-2024-30035, CVE-2024-30032, CVE-2024-30008, CVE-2024-30033, CVE-2024-30039, CVE-2024-29994, CVE-2024-30038, CVE-2024-30028, CVE-2024-30049, CVE-2024-30040, CVE-2024-30054, CVE-2024-30006, CVE-2024-30031, CVE-2024-30014, CVE-2024-30015, CVE-2024-30023, CVE-2024-30022, CVE-2024-30029, CVE-2024-30024, CVE-2024-30009, CVE-2024-30041, CVE-2024-30036, CVE-2024-26238, CVE-2024-30027 |
| .NET and Visual Studio | CVE-2024-30045, CVE-2024-32002, CVE-2024-32004, CVE-2024-30046 |
| Windows DHCP Server | CVE-2024-30019 |
| Microsoft Office SharePoint | CVE-2024-30043, CVE-2024-30044 |
| Windows Hyper-V | CVE-2024-30011, CVE-2024-30010, CVE-2024-30017 |
