Tripwire's November 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege (EoP), Spoofing and Information Disclosure vulnerabilities. Next on the list are patches for Adobe Flash, Acrobat and Reader. These patches resolve two information disclosure vulnerabilities. Up next are patches for Microsoft Office for Excel, Outlook, Project, Skype for Business and Word. These patches resolve 10 vulnerabilities, including Remote Code Execution (RCE) and Denial of Service vulnerabilities. Next on the list are the patches for Microsoft Windows. These patches address multiple vulnerabilities across Active Directory Federation Services, BitLocker, DirectX, MSRPC, Graphics components, PowerShell, JScript, RemoteFX, Win32k, ALCP and other Windows components. These patches resolve 24 vulnerabilities including XSS, Security Feature Bypass, EoP, Information Disclosure and RCE vulnerabilities. Finally, this month administrators should focus on server-side patches for Microsoft Team Foundation Server, Exchange, SharePoint and Dynamics 365. These patches resolve 10 vulnerabilities including XSS, EoP, Information Disclosure and RCE vulnerabilities.
BULLETIN |
CVE |
| Microsoft Scripting Engine | CVE-2018-8541, CVE-2018-8551, CVE-2018-8542, CVE-2018-8588, CVE-2018-8555, CVE-2018-8543, CVE-2018-8556, CVE-2018-8557, CVE-2018-8552 |
| Microsoft Browsers | CVE-2018-8570, CVE-2018-8567, CVE-2018-8545, CVE-2018-8564 |
| Adobe Flash | CVE-2018-15978 |
| Adobe Acrobat/Reader | CVE-2018-15979 |
| Microsoft Office | CVE-2018-8574, CVE-2018-8577, CVE-2018-8582, CVE-2018-8576, CVE-2018-8524, CVE-2018-8522, CVE-2018-8575, CVE-2018-8546, CVE-2018-8539, CVE-2018-8573 |
| Microsoft Windows | CVE-2018-8547, CVE-2018-8566, CVE-2018-8561, CVE-2018-8485, CVE-2018-8554, CVE-2018-8563, CVE-2018-8407, CVE-2018-8553, CVE-2018-8417, CVE-2018-8256, CVE-2018-8415, CVE-2018-8471, CVE-2018-8562, CVE-2018-8565, CVE-2018-8584, CVE-2018-8454, CVE-2018-8550, CVE-2018-8476, CVE-2018-8592, CVE-2018-8408, CVE-2018-8450, CVE-2018-8549, CVE-2018-8544, CVE-2018-8589 |
| Microsoft Team Foundation Server | CVE-2018-8602 |
| Microsoft Exchange | CVE-2018-8581 |
| Microsoft SharePoint | CVE-2018-8568, CVE-2018-8572, CVE-2018-8578 |
| Microsoft Dynamics | CVE-2018-8607, CVE-2018-8605, CVE-2018-8608, CVE-2018-8606, CVE-2018-8609 |
To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here. Or you can follow them on Twitter: @tripwirevert
